feat(fastsync): verifying fast-sync client (pull + verify) (#116)#125
Merged
Conversation
The consumer half of the trust model (epic #111), pairing with the #115 HTTP gateway. - internal/fastsync/client.go: Client.FetchAnchors(ctx, from, to, RootSource) GETs /fastsync/anchors, reconstructs each bundle, and verifies its merkle proof against a RootSource — the CALLER'S OWN PoW-verified header roots (HeaderChain.HeaderAt gives them). Bundles that fail the proof, or whose height the caller can't yet verify, are dropped and counted (rejected); the peer can only omit, never forge. FetchCAS pulls a content blob (caller verifies multihash==cid). Response reads are size-bounded. This is the pull+verify primitive. The remaining half of #116 — writing verified anchors into the store as PROVISIONAL, the background full-scan reconciliation that drops provisional once first-principles indexing catches up (and bans an omitting peer), and a `bootstrap` flow — is a larger store/resolution integration that follows. Tests: a canned gateway serves single-tx bundles; the client verifies them against matching local roots (2/0), rejects them against wrong roots (0/2) and when the local header chain doesn't reach the height (0/2); FetchCAS round-trip + missing-cid error. go test -race ./... green. Co-authored-by: Liran Cohen <liranlasvegas@gmail.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The consumer half of the fast-sync trust model (epic #111), pairing with the #115 HTTP gateway.
Client.FetchAnchors(ctx, from, to, RootSource)GETs/fastsync/anchors, reconstructs each bundle, and verifies its merkle proof against aRootSource— the caller's OWN PoW-verified header roots (HeaderChain.HeaderAtprovides them). Bundles that fail the proof, or whose height the caller can't yet verify, are dropped and counted (rejected). The peer can only omit, never forge.FetchCAS(ctx, cid)pulls a content blob (caller verifiesmultihash == cid). All response reads are size-bounded.What's next in #116
This is the pull+verify primitive. The remaining half — writing verified anchors into the store as provisional, the background full-scan reconciliation that drops provisional once first-principles indexing catches up (and bans an omitting peer), and a
bootstrapflow — is a larger store/resolution integration that follows (worth a short design note; it touches how "provisional" is represented in the projection).Tests
A canned gateway serves single-tx bundles; the client verifies them against matching local roots (2/0), rejects them against wrong roots (0/2) and when the local header chain doesn't reach the height (0/2);
FetchCASround-trip + missing-cid error.go test -race ./...green (28 packages).Post-Deploy Monitoring & Validation
No additional operational monitoring required: the client isn't wired into a runtime path yet (nobootstrapcommand until the projection-integration slice); it's a verified building block consumed next.Part of #111. Advances #116 (client slice; provisional projection + reconciliation to follow).
🤖 Generated with Claude Code