| Age | Commit message (Collapse) | Author |
|---|
|
Enables relay operators to backup/archive specific GRASP servers by domain.
Includes configuration, validation, documentation, and integration tests.
|
|
Combined Accept and AcceptArchive match arms in builder.rs to ensure
bare repositories are created for both cases. Previously AcceptArchive
had duplicate code that didn't call ensure_bare_repository().
Also includes:
- Config fix: effective_git_data_path() respects explicit paths with memory backend
- TestRelay: Added git_data_path() and archive config support for testing
- Integration tests for archive_read_only behavior
|
|
shutdown/startup
Implement save/restore functionality for rejected events cache and
integrate persistence with relay shutdown/startup lifecycle. Both
purgatory and rejected cache now survive relay restarts.
Key features:
- Serialize rejected events cache to JSON (rejected-events-cache.json)
- Save both hot cache (2min, full events) and cold index (7day, metadata)
- Restore with downtime adjustment (preserves remaining TTL)
- Graceful degradation (missing/corrupted files don't crash)
- File cleanup after successful restore
- Automatic restoration in SyncManager::new()
Integration:
- Shutdown hook saves both purgatory and rejected cache
- Startup hook restores both and re-queues repositories
- Non-fatal errors (logs warnings, continues on failure)
Files:
- src/sync/rejected_index.rs: save_to_disk/restore_from_disk methods
- src/sync/mod.rs: SyncManager integration and auto-restore
- src/main.rs: Shutdown/startup hooks for both caches
- tests/purgatory_persistence.rs: 17 integration tests
Tests: 13 unit tests + 17 integration tests covering full lifecycle
|
|
Add mandatory uploadpack.allowFilter capability to support partial clones
and fetches as required by GRASP-01 specification. This enables efficient
git operations for bandwidth-constrained clients (e.g., browser-based git
clients like git-natural-api).
Changes:
- Add uploadpack.allowFilter=true to git subprocess configuration
- Update SmartGitServer test helper with filter support
- Add integration tests for filter capability advertisement and functionality
- Update documentation to reflect filter as required capability
Tests verify:
- Filter capability is advertised in info/refs
- Filtered clones with blob:none work correctly
- Filtered fetches with tree:0 work correctly
|
|
SimpleGitServer had a TOCTOU race where find_free_port() would bind a port,
immediately release it, then the caller would try to bind it - allowing another
process to grab the port in between. This caused intermittent test failures.
Changed to bind the port once and keep it bound while converting from std to
tokio listener, matching the pattern already used in SmartGitServer.
Deleted the now-unused find_free_port() helper function.
|
|
|
|
Add comprehensive authorization checks to ensure state events are only
accepted from maintainers of accepted repository announcements. This
implements the core GRASP-01 requirement that pushes must match the
latest state announcement "respecting the maintainer set."
Changes:
1. StatePolicy authorization (src/nostr/policy/state.rs):
- Check authorization BEFORE git data validation (fail-fast)
- Reject if no announcement exists for repository
- Reject if author not in maintainer set
- Use existing helpers: fetch_repository_data() and
pubkey_authorised_for_repo_owners()
- Structured logging for all rejections
2. Purgatory invalidation (src/nostr/builder.rs):
- New method: check_purgatory_state_events_for_identifier()
- Called when announcements accepted (Accept and AcceptMaintainer)
- Re-evaluates state events in purgatory for the identifier
- Processes newly-authorized events (releases from purgatory)
- Keeps unauthorized events for natural expiry (30 min)
- Enables retroactive authorization when announcements arrive late
3. Purgatory sync authorization (src/git/sync.rs):
- Check authorization BEFORE processing git data
- Remove unauthorized events from purgatory (permanent rejection)
- Prevents processing even if git data arrives first
- Structured logging for monitoring
4. Rejected events tracking (src/sync/rejected_index.rs):
- Add support for tracking rejected state events
- New methods: add_state(), contains_state()
- Separate metrics for state rejections
- Enables sync to avoid re-fetching rejected states
5. Sync metrics (src/sync/metrics.rs, src/sync/mod.rs):
- Add state-specific metrics (hot cache, cold index)
- Track rejected states separately from announcements
- Support monitoring of authorization rejections
6. Comprehensive tests (tests/state_authorization.rs):
- test_reject_state_without_announcement
- test_reject_state_from_unauthorized_author
- test_accept_state_from_announcement_author
- test_accept_state_from_maintainer
Security Impact:
- Before: State events could be published by anyone
- After: Only maintainers can publish state events
- Defense-in-depth: Authorization checked at 3 points:
1. On arrival (StatePolicy)
2. On announcement acceptance (purgatory re-evaluation)
3. On git data arrival (purgatory sync)
All tests pass:
- 248 unit tests
- 51 NIP-34 announcement tests
- 4 new state authorization tests
- 9 rejected index tests
Closes: State authorization requirement from GRASP-01 spec
|
|
- Add two-tier rejected events index (hot cache + cold index)
- Hot cache: 2-minute in-memory storage of full rejected events
- Cold index: 7-day metadata storage for deduplication
- Immediate re-processing when owner announcements list maintainers
- Fix rejection reason detection to match actual error messages
- Rewrite integration tests to use two-relay sync pattern
- All tests passing (3 passed, 1 ignored slow test)
|
|
- Fix relay_connected() helper to check v >= 2 (Syncing/Connected states)
- Fix unit test to use status value 3 (Connected) instead of 1 (Connecting)
- Fix clippy warning: use .to_vec() instead of .iter().cloned().collect()
All 61 sync integration tests now passing.
All 238 unit tests passing.
Clippy clean.
|
|
- Replace KIND_REPOSITORY_ANNOUNCEMENT with Kind::GitRepoAnnouncement
- Replace KIND_REPOSITORY_STATE with Kind::RepoState
- Replace KIND_PR with Kind::GitPullRequest
- Replace KIND_PR_UPDATE with Kind::GitPullRequestUpdate
- Replace KIND_USER_GRASP_LIST with Kind::GitUserGraspList
- Replace KIND_PATCH with Kind::GitPatch
- Replace KIND_ISSUE with Kind::GitIssue
- Replace KIND_COMMENT with Kind::Comment
- Replace all Kind::Custom(30617|30618|1617|1618|1619|1621|1111|10317) patterns
- Remove all hardcoded KIND_* constants from events.rs
- Update all match statements to use Kind enum directly
- Update all filter builders to use Kind variants
- Update all test helpers and assertions
Benefits:
- Type safety: compiler prevents wrong kind numbers
- Readability: Kind::GitRepoAnnouncement is self-documenting
- Maintainability: single source of truth (rust-nostr)
- IDE support: full autocompletion and refactoring
- Standards: aligns with rust-nostr best practices
Files modified: 21
Constants removed: 9
Patterns replaced: 100+
Tests passing: 222/222
|
|
- Update nostr-relay-builder, nostr-sdk, nostr-lmdb to latest revision
- Update grasp-audit nostr-sdk dependency
- Fix clippy warnings:
- Replace .clone() with std::slice::from_ref() in src/git/sync.rs
- Change &PathBuf to &Path in tests/common/git_server.rs
- Replace vec![] with array literal in src/purgatory/sync/functions.rs
- Update PR_TEST_COMMIT_HASH in grasp-audit due to event generation changes
All 249 tests passing, no breaking changes required.
|
|
|
|
Prevent GPG signing prompts (including Yubikey activation) during test runs
by explicitly disabling commit.gpgsign and tag.gpgsign in all test repository
creation helpers.
Modified:
- tests/common/purgatory_helpers.rs: create_test_repo_with_commit()
- src/git/mod.rs: create_test_repo_with_commit()
- src/purgatory/helpers.rs: create_test_repo_with_commit()
All test repositories now have GPG signing disabled regardless of global
git configuration.
|
|
|
|
|
|
mulitple git servers
|
|
Add a test helper that serves git repositories over HTTP using git's
dumb HTTP protocol. This enables integration tests that need to fetch
git data from an external URL without requiring a full git HTTP backend.
Features:
- Creates bare clone of source repository
- Runs git update-server-info to generate required metadata
- Serves static files over HTTP using hyper
- Automatic cleanup on drop
- Path traversal protection
Tests included:
- Server starts and stops correctly
- info/refs endpoint is accessible
- git ls-remote works against server
- git fetch works against server
- Path traversal is blocked
This helper will be used in Phase 3 to test PR clone tag sync,
where the PR event's clone URL points to an external git server
that is NOT an ngit-grasp relay.
|
|
Implements test_concurrent_state_and_pr_sync which verifies that when both
a state event and a PR event for the same repository enter purgatory, both
are correctly synced from a remote relay and released when git data arrives.
The test:
1. Creates a source relay with a repo containing two commits
2. Sends both state event (referencing main branch) and PR event to source
3. Pushes git data to source relay, releasing both events from purgatory
4. Starts syncing relay that connects to source
5. Verifies both events sync to the syncing relay and are served
6. Confirms refs are correct (main branch and refs/nostr/<event-id>)
This validates that the purgatory sync mechanism handles multiple concurrent
events for the same repository without race conditions or conflicts.
|
|
|
|
Implements Phase 3 of the purgatory sync integration test plan.
Key changes:
- Add immediate sync triggering for sync-received events that go to
purgatory (instead of default 3-minute delay for user-submitted events)
- TestRelay now respects RUST_LOG environment variable for debugging
- New test verifies end-to-end flow: state event syncs from source relay,
enters purgatory, git data is fetched from source's clone URL, and
event is released and served
|
|
The clone URL format should be http://{domain}/{npub}/{identifier}.git
but was missing the npub segment. This caused git push authorization
to fail because the URL didn't match the expected repository path.
|
|
This test verifies the end-to-end flow where:
1. A state event is sent to the relay before git data exists
2. The event goes to purgatory (not served)
3. A git push delivers the required commits
4. The event is released from purgatory and served
This validates that process_newly_available_git_data is correctly
triggered after a git push and properly releases state events.
|
|
Add tests/common/purgatory_helpers.rs with utilities for purgatory sync
integration tests:
- Git repository setup helpers (create_test_repo_with_commit,
add_commit_to_repo, create_branch) for deterministic test commits
- State event creation (create_state_event) for kind 30618 events with
refs/heads/*, refs/tags/*, and HEAD tags
- PR event creation (create_pr_event) for kind 1618 events with a and c tags
- Purgatory state inspection helpers (wait_for_event_served,
verify_event_not_served) for polling event availability
- Git ref verification (check_ref_at_commit) for validating remote refs
- Push helper (push_to_relay) for pushing local repos to relay
All helpers include comprehensive unit tests verifying correct tag
structure and git operations.
|
|
|
|
because the current fixtures don't actually having mutliple
owner_repos.
they would need 2 announcements that both listed the service and a
maintainer relationship. We could do this in grasp-audit but it would
require an extra announcement from a different maintainer sent
eariler on in the dependancy chain.
|
|
|
|
commented out so it currently passes
|
|
|
|
as new feature purgatory is going to complicate having this test here.
it will be better to have this covered in push authorisation
|
|
|
|
setting lower thresholds
|
|
Replace broken event counting that occurred before duplicate/policy checks
with accurate tracking of events that are new, accepted, and saved.
Changes:
- Added ProcessResult enum to track event processing outcomes
- Modified process_event_static() to return ProcessResult
- Replaced events_total (with source labels) with events_synced_total
- Removed gap_events_total and event_source module
- Removed eose_received flag (EOSE is per-subscription, not suitable)
- Updated all tests to use new simplified API
The new ngit_sync_events_synced_total metric only counts events that:
1. Are new (not duplicates)
2. Pass write policy validation
3. Are successfully saved to database
All 165 tests pass (124 lib + 41 integration)
|
|
|
|
|
|
|
|
- Add comprehensive test pattern guidance to tests/sync/mod.rs
- Explain when to use run_sync_test() vs manual setup
- Document helper scope and architectural limitations
Key findings:
- historic_sync.rs: 4 tests refactored, 143 lines removed (50% reduction)
- live_sync/discovery/tag_variations: Manual setup required due to
architectural incompatibilities (timing, multi-relay, assertions)
- Helper works for batch historic verification, not real-time scenarios
Detailed summary available in work/sync-test-refactor-summary.md
|
|
- Refactored all 4 tests in historic_sync.rs to use run_sync_test()
- Tests maintain same logic and assertions, only setup simplified
- Moved run_sync_test() and SyncTestResult outside #[cfg(test)] module
- Updated validation to allow empty event slices (for announcement-only tests)
- All 4 historic_sync tests passing (test_bootstrap_syncs_existing_layer2_events, test_relay_replays_events_after_restart, test_announcement_not_listing_relay_is_not_synced, test_history_sync_without_negentropy)
- Result: 39/40 tests passing (1 more than Phase 1 baseline of 38/40)
|
|
|
|
Add SyncTestResult struct and run_sync_test() helper function to
sync_helpers.rs for unified test setup. The helper automatically
determines sync mode (historic vs live) based on which event slice
has content.
Features:
- SyncTestResult: holds test fixtures (relays, keys, repo_coord)
- run_sync_test(): unified setup for both historic and live sync tests
- Panic guards for invalid usage (both slices or neither)
- Unit tests for panic conditions
Test results: 40 tests total, 38 passing (same as baseline)
- 2 pre-existing metric test failures (unchanged from baseline)
- All new panic condition tests passing
- No regressions introduced
|
|
|
|
|
|
|
|
Main lib (src/):
- Add #[allow(dead_code)] for build_info field (stored to prevent Prometheus unregistration)
- Add #[allow(dead_code)] for first_seen field (reserved for future rate limiting)
- Replace .or_insert_with(RelaySyncNeeds::default) with .or_default()
- Replace manual div_ceil implementations with .div_ceil(100)
Test code (tests/):
- Replace .expect(&format!(...)) with .unwrap_or_else(|_| panic!(...))
- Remove needless borrows in fetch_metrics() calls
- Add #[allow(dead_code)] and #[allow(unused_imports)] to test helpers module
grasp-audit:
- Apply cargo fmt to fix formatting
|
|
|
|
|
|
The catchup sync mechanism (reconnection with since filter) is implemented
in src/sync/mod.rs handle_connect_or_reconnect(), but cannot be reliably
integration tested with current infrastructure:
- TestRelay uses in-memory database (events lost on stop)
- No way to force WebSocket disconnection without stopping relay
- Stopping syncing relay creates new instance (fresh sync, not catchup)
Convert the skeleton test file to comprehensive documentation explaining:
- How catchup sync works (since filter on reconnect)
- The 15-minute quick reconnect window logic
- Why integration testing is not feasible
- Alternative approaches that could enable testing
- Related tests that cover adjacent functionality
|
|
|
|
Previously, events were classified as 'startup' or 'live' based on whether
they came from a bootstrap relay (is_bootstrap flag). This meant ALL events
from bootstrap relays were counted as 'startup', even events received after
the initial sync completed.
Now events are classified based on whether EOSE (End Of Stored Events) has
been received for that connection:
- Events BEFORE EOSE → 'startup' (historical events during initial sync)
- Events AFTER EOSE → 'live' (new events via real-time subscription)
This enables the test_live_sync_event_count test which validates that events
received after sync connection is established are counted as live events.
Also removed the #[ignore] attribute from test_live_sync_event_count since
the metrics are now properly wired up.
|
|
- Add periodic health check in RelayConnection::run_event_loop that polls
nostr-sdk's relay.is_connected() every second to detect dead connections
- When event channel closes without explicit Closed/Shutdown, send
DisconnectNotification to SyncManager (fixes case where TCP drops silently)
- Enable test_relay_connected_status test which validates the
ngit_sync_relay_connected metric correctly reflects connection state
The issue was that when a remote relay stops abruptly, nostr-sdk's
notification receiver blocks indefinitely waiting for data. TCP disconnect
detection without keepalive can take minutes. The health check polls
nostr-sdk's internal relay status which detects disconnection promptly.
|
|
Root cause: Both Metrics::new() and SyncManager::new() were trying to register
SyncMetrics with the same Prometheus registry. The second registration failed
silently, leaving SyncManager.metrics = None, so record_connection_attempt()
calls were no-ops.
Changes:
- SyncManager::new() now accepts Option<SyncMetrics> instead of Option<&Registry>
- main.rs passes already-registered sync metrics from Metrics to SyncManager
- Simplified test_connection_failure_increments_counter assertion
- Marked 3 tests as #[ignore] pending relay tracking metrics wiring
Tests fixed:
- test_connection_failure_increments_counter (now counts failures)
- test_health_state_degrades_on_failure (now tracks health state)
- test_live_sync_layer3_events (already working, confirmed)
Tests ignored (future work):
- test_live_sync_event_count
- test_multi_source_aggregate_counts
- test_relay_connected_status
|
|
|
|
Changes:
- Fix connection attempt metrics: record success/failure based on actual
connection result instead of pre-emptively recording failure
- Add health tracker integration on connection failure: call
record_failure() and record_health_state() in error path
- Add connection verification in relay_connection.rs: wait 500ms after
connect() then verify is_connected() to detect silent failures
- Add configurable disconnect check interval via
NGIT_SYNC_DISCONNECT_CHECK_INTERVAL_SECS env var
- Update TestRelay with fast test settings: startup_delay=0, jitter=0,
disconnect_check_interval=1s
- Add debug output to metrics tests for investigation
Note: Tests may still fail due to 5-second base backoff in health tracker.
A follow-up task will add NGIT_SYNC_BASE_BACKOFF_SECS config parameter
to allow faster test cycles.
Related: metrics-wiring-plan.md Tasks 1 & 2
|
|
|
|
Deleted 12 existence-only tests that provided zero confidence:
- test_sync_metrics_exposed
- test_sync_metric_names_present
- test_connection_metrics_on_success
- test_event_sync_metrics
- test_health_state_metrics
- test_gap_event_tracking
- test_connection_failure_metrics
- test_failure_counter_increments
- test_relay_count_metrics
- test_event_source_labels_in_metrics
- test_multi_relay_load
- test_gap_events_tracked_separately
Kept 5 valuable tests:
- test_prometheus_format_valid
- test_concurrent_metrics_requests
- test_metric_values_are_numeric
- test_startup_sync_event_count
- test_metrics_availability_during_sync
Added 3 real value-checking tests (currently ignored):
- test_connection_failure_increments_counter
- test_live_sync_event_count
- test_relay_connected_status
Test results: 6 passed, 0 failed, 3 ignored
|
|
|
|
|
|
|
|
|
|
When root events (issues/patches) are received via self-subscription,
handle_root_event() was only updating the repo_sync_index directly.
This caused process_batch() to early-return when pending.is_empty(),
so Layer 3 filters for comments/replies were never created.
The fix adds root events to both:
1. repo_sync_index (for immediate availability)
2. pending queue (to trigger Layer 3 filter creation in next batch)
Critical: The pending entry must include relays from repo_sync_index
so derive_relay_targets() knows where to send Layer 3 subscriptions.
The Layer 3 test now verifies that events sent BEFORE the subscription
is established are still synced - proving subscriptions without 'since'
correctly fetch historical events.
Enabled 4 previously ignored Layer 3 tests:
- test_live_sync_layer3_events
- test_layer3_sync_with_lowercase_e_tag
- test_layer3_sync_with_uppercase_e_tag
- test_layer3_sync_with_q_tag
|
|
Enable recursive relay discovery by broadcasting synced events to
WebSocket subscribers via LocalRelay.notify_event(). This allows the
SelfSubscriber to receive 30617 announcements synced from external
relays and discover additional relay URLs to connect to.
Changes:
- Pass LocalRelay to SyncManager::new() from main.rs
- Add local_relay field to SyncManager struct
- Call notify_event() after saving synced events to database
- Enable test_recursive_relay_discovery_syncs_announcement test
The test verifies that when relay_a syncs announcement_x from bootstrap
relay_b (which lists relay_c), relay_a discovers and connects to
relay_c to sync announcement_y.
Fixes recursive relay discovery from bootstrap sync.
|
|
|
|
|
|
|
|
|
|
All tests from this file have been migrated to the new modular structure:
- tests/sync/bootstrap.rs (Tests 1, 4)
- tests/sync/discovery.rs (Tests 2, 3)
- tests/sync/live_sync.rs (Tests 5, 6, 7)
- tests/sync/tag_variations.rs (Tests 8a-c, 9a-c)
- tests/sync/catchup.rs (Test 0)
Verified: cargo test --test sync shows 19 passed, 5 ignored
|
|
|
|
Add comprehensive tests for different Layer 2 and Layer 3 tag variations:
Layer 2 tests (Tests 8a-c) - all pass:
- test_layer2_sync_with_lowercase_a_tag (standard NIP-01)
- test_layer2_sync_with_uppercase_a_tag (NIP-33)
- test_layer2_sync_with_q_tag (NIP-18 quotes)
Layer 3 tests (Tests 9a-c) - marked #[ignore]:
- test_layer3_sync_with_lowercase_e_tag (NIP-01)
- test_layer3_sync_with_uppercase_e_tag (NIP-22)
- test_layer3_sync_with_q_tag (NIP-18)
Layer 3 tests have full implementation but are ignored until
Layer 3 sync is enabled in the relay.
|
|
|
|
Create organized test structure for proactive sync:
tests/common/sync_helpers.rs (from Phase 4):
- TestClient with retry logic for connect/send
- Event builders: build_layer2_issue_event, build_layer3_comment_event
- Tag variants (a/A/q for Layer 2, e/E/q for Layer 3)
- wait_for_event_on_relay() assertion helper
- repo_coord() utility function
- Unit tests for all builders
tests/sync/mod.rs:
- Module organization for sync tests
- Documentation of test categories
tests/sync.rs:
- Main test harness including common and sync modules
tests/sync/bootstrap.rs:
- test_bootstrap_syncs_existing_layer2_events (Test 1)
- test_relay_replays_events_after_restart (Test 4)
tests/sync/discovery.rs:
- test_discovers_layer3_via_layer2 (Test 2)
- test_layer2_discovery_with_chain (Test 3 - simplified)
All 14 tests pass: cargo test --test sync
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Add SyncMetrics with full Prometheus integration
- Track sync gaps via catchup events
- Update Grafana dashboard with sync panels
- Document all sync configuration options
- Update design doc with implementation notes
|
|
- Add NegentropyService for set reconciliation
- Implement startup catchup with warm-up delay
- Implement reconnect catchup (last 3 days)
- Add daily catchup schedule with stagger
|
|
- Add SubscriptionManager for per-connection tracking
- Trigger subscription updates on new repo/PR events
- Implement consolidation when filter count > 150
|
|
- Add RelayHealthTracker with DashMap
- Implement exponential backoff (5s -> 1h max)
- Handle dead relays (24h failures -> daily retry)
- Add startup jitter to prevent thundering herd
- Add NGIT_SYNC_MAX_BACKOFF_SECS config
|
|
- Add relay discovery from stored announcements
- Implement FilterService with three-layer strategy
- Support multiple simultaneous relay connections
- Filter batching for large tag sets
|
|
- Add src/sync/ module with SyncManager
- Add NGIT_SYNC_RELAY_URL config option
- Subscribe to kind 30617 on configured relay
- Validate synced events through Nip34WritePolicy
- Integration test with two TestRelay instances
|
|
|
|
|
|
|
|
|
|
currently failing as branch isn't pushed (we should auto create this branch as we have the ref)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
allow-tip-sha1-in-want
|
|
|
|
|
|
|
|
|
|
we dont need to check the git files exist locally
|