Until now, clients of Jael have had to store the first-seen rift if they
want to reliably detect breaches. Otherwise, they would get a false
positive if they heard an old message about a breach (eg if you kick
azimuth-tracker). Clay and Gall did this correctly, but Ames did not.
Jael already maintains this state, so I added a notification to the
existing subscription that happens whenever it notices a breach (a diff
or full where the new rift is greater than the old one).
Because this is an issue on the live network, I wrote state adapters
for Gall and Clay. The Gall one just removes the rift from our state,
but the Clay one is much more involved because we have to upgrade
instances of the clad monad that are possibly in progress.
Specifically, since more input is possible than before, we must wrap any
in-progress instances of the monad in a function that handles the
potential new input from Jael. This temporarily preservers a copy of
the old kernel, but only until the current commit/merge/update has
completed.
The real solution for Clay is to factor out those IO-heavy instances to
userspace tapp/async/imp/threads, and if an upgrade happens in the
middle, you should simply restart them.
Fixes#1852
* claz-invites-newline:
claz: do invite file reading in +read-invites
claz: ignore empty lines in invites file
Signed-off-by: Jared Tobin <jared@tlon.io>
* publish-fixes:
publish: auto-resubscribe on quit, crash on failed subscription
publish: added permission logic to %serve and import flows
Signed-off-by: Jared Tobin <jared@tlon.io>
fc7901d2 refactored much of +ap-peek, but introduced a bug in the
process. The relevant diff from that commit is as follows:
- =/ =path [ren tyl]
- =/ =vase !>((slag p.u.cug path))
- (ap-slam q.u.cug p.arm vase)
+ =/ index p.u.maybe-arm
+ =/ term q.u.maybe-arm
+ =/ =vase
+ =/ =path [term tyl]
+ =/ raw (slag index path)
+ !> raw
+ (ap-slam term p.arm vase)
Note that [ren tyl] was replaced with [term tyl], where 'term' and 'ren'
are not equal. This commit merely rights that wrong.
* claz-checks:
claz: group state check arms together
claz: factor asserts out of callsites
claz: check pool sizes when inviting
claz: check planet availability for %invites
claz: print proper error messages
Signed-off-by: Jared Tobin <jared@tlon.io>
This test depends on the ames protocol version, and so should probably
be rewritten. It's currently holding up a breach, so it's most
expedient to just disable it for the time being.
09cb5f2 added a %send-point call, which is meant to target the delegated sending
contract. For %invites batches, this was the case. Handling of %single, however,
still sent all calls to the ecliptic contract.
This looks at the call tag to determine the target contract.