Skip to content

serviceability: EdgeSeat feed-seat data model and SetAccessPassFeeds#3954

Draft
nikw9944 wants to merge 1 commit into
nikw9944/infra-1700-1-feed-catalogfrom
nikw9944/infra-1700-2-feed-provisioning
Draft

serviceability: EdgeSeat feed-seat data model and SetAccessPassFeeds#3954
nikw9944 wants to merge 1 commit into
nikw9944/infra-1700-1-feed-catalogfrom
nikw9944/infra-1700-2-feed-provisioning

Conversation

@nikw9944

@nikw9944 nikw9944 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Stack — review/merge bottom-up. Replaces #3952.

  1. serviceability: add Feed catalog account and CRUD #3953 — Feed catalog account + CRUD
  2. serviceability: EdgeSeat feed-seat data model and SetAccessPassFeeds #3954 — EdgeSeat data model + SetAccessPassFeeds
  3. serviceability: enforce EdgeSeat feed metro gate at connect #3955 — metro gate enforcement at connect
  4. sdk: Feed and EdgeSeat read support for Go, Python, and TypeScript #3956 — Go/Python/TS SDK read support + fixtures

---## Summary

  • Rework the AccessPass EdgeSeat variant from a bare marker into EdgeSeat(Vec<FeedSeat>) (feed_key + per-feed cap), changing the AccessPass borsh layout for EdgeSeat passes (EdgeSeat is new and unused, so no migration).
  • Add the SetAccessPassFeeds instruction so the oracle provisions feed_keys onto a pass via its ACCESS_PASS_ADMIN permission, plus its Rust SDK builder.
  • Part 2 of 4 (malbeclabs/infra#1700). Connect-time enforcement of the metro gate lands in the next PR; existing connect behavior is unchanged here.

Testing Verification

  • EdgeSeat borsh layout/size unit tests; SetAccessPassFeeds SDK builder test; existing access-pass cap and CLI tests updated for the new variant.

Rework the AccessPass EdgeSeat variant from a bare marker into EdgeSeat(Vec<FeedSeat>)
(feed_key + per-feed cap) and add the SetAccessPassFeeds instruction so the oracle
provisions feed_keys onto a pass via its ACCESS_PASS_ADMIN permission. Connect-time
enforcement of the per-feed metro gate lands in the next PR.

@martinsander00 martinsander00 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few inline notes (F1/F2/F4 from the review). F1 breaks make generate-fixtures and should land in this PR; F2 is a real double-count bug; F4 is a latent note for Part 3. Otherwise this looks well-scoped and the design comments are great.

/// Layout note (#1700): this variant previously carried no payload (#3865). EdgeSeat is new and
/// has no production passes, so changing the payload (same discriminant index 4) does not
/// orphan any deployed account; no migration is required.
EdgeSeat(Vec<FeedSeat>),

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Build break — fix in this PR. Turning EdgeSeat into a tuple variant breaks the fixture generator, which still constructs the bare unit variant at sdk/serviceability/testdata/fixtures/generate-fixtures/src/main.rs:1199 (accesspass_type: AccessPassType::EdgeSeat). That crate is in the workspace exclude list, so make rust-build / rust-test skip it and CI stays green — but make generate-fixtures compiles it and hard-fails. One-line fix there: AccessPassType::EdgeSeat(vec![]). (Regenerating the fixture data itself stays deferred to Part 4 — only the compile fix belongs here.)

(Commenting here since main.rs isn't part of this diff; this variant change is the root cause.)

.map(|s| s.current_users)
.unwrap_or(0);

if !prior_seats.iter().any(|s| s.feed_key == seat.feed_key) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate feed_key double-counts. prior_seats is snapshotted once before the loop (line 105) and never updated, so if value.feeds lists the same feed_key twice (and it wasn't already on the pass) this guard passes on both iterations: reference_count is bumped twice — the second Feed::try_from re-reads the just-written +1 — and new_seats ends up with two identical FeedSeat entries. Nothing dedups value.feeds. Since reference_count is never decremented, the over-count isn't reclaimable either. Recommend rejecting or de-duplicating repeated feed_keys (track seen keys in-loop, or revert on a dup) so a feed is bumped at most once and seats aren't duplicated.

try_acc_write(&feed, feed_account, payer_account, accounts)?;
}

new_seats.push(FeedSeat {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

max_users can be set below the preserved current_users. current_users is preserved from the prior seat while max_users comes from the caller, with no max_users >= current_users check — so a re-provision can leave a seat over its cap. Latent today (nothing ticks current_users until Part 3), but Part 3's connect-time enforcement will inherit this unchecked invariant. Worth a clamp/guard when that lands — flagging here so it isn't lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants