Adds a "mode" to channels, which can be set to either %json (current
behavior) or %jam. For %jam channels, aside from the SSE framing, all
communication happens through @uw-encoded jammed nouns. This applies to
both outgoing channel events, as well as incoming channel requests.
We choose @uw-style encoding because raw bytestreams are fragile and
cannot work inside the SSE stream context.
Currently, a separate endpoint (/~/channel-jam/etc) is used to indicate
%jam as the desired mode for a channel. We will probably want to make
this a bit cleaner, not least because it's not currently implemented as
a formal standalone endpoint, but also to give it stronger aesthetic
equivalence with the existing channel endpoint. Putting the mode in the
file extension is a tempting option here, but semantically not quite
right.
Connecting to the same channel across multiple modes is currently
supported, but it's untested, and unclear whether this is desirable or
not.
Marks it as deprecated in lull with a comment, and removes the verbosity
toggle state from dill. Filtering should now happen at the edges where
%crud error messages get printed.
We don't remove it from lull just yet, because that would necessitate a
kelvin bump, even though the rest of this changeset doesn't.
previously we were acking the nack-trace message (adding a %send move)
before notifying the message-pump with a %near task. Now, due to the
refactoring we invert the order of those moves. This seems safe but will
determine with livenet testing
The previous changes implementing the /~/name endpoint were breaking,
since we changed the type of `$action:eyre`. This commit keeps the /~/name
endpoint functional, but adds adapters to eyre scries that returns the old
`$action:eyre` type. These adapters and their associated intermediate types
can be removed the next time we burn a kelvin.
Now that %logs exists, dill can delegate responsibility for printing
system output to outsiders (like the runtime, or the terminal handler
agent). Here, we remove dill's printing logic, which was still coupling
it to the default session and drum's expected semantics.
A dill %logs task can be used to open and close subscriptions to "system
output". Whenever dill receives a %text, %talk, or %crud task, it
considers this "system output", and passes it along to all %logs
subscribers.
Previously, if the pointer for a syntax error pointed to the end of the file
(and the file ended in a newline) the code snippet rendering would try to
display a line _beyond_ the end of the file, causing a crash.
Here, we detect that case, and display `<<end of file>>` instead.
(Originally merged through #5812, but got lost somewhere along the way.)
Fixes#6287.
This removes the logic from cleaning up stale subscriptions in %gall,
leaving +ap-rake as it was, and moves it to the +on-kroc arm in %ames.
Failed subscriptions from nacking a %watch plea that were
not properly corked (fixed in https://github.com/urbit/urbit/pull/6102)
are a subset of the more general "stale re-subscription" issue, so
we take care of all stale flows at the same time, by focusing on the
current subscription—leaving all others to be corked automatically—and
checking if it received a nack, to subsequently cork it.
This modifies the %rake task in %gall, to select what kind of
subscriptions we try to close:
=mode %o: kill old pre-nonce subscriptions
=mode %z: kill old pre-nonce subscriptions, including sub-nonce = 0
=mode %r: kills all stale resubscription flows
It also adds a dry-run option to both tasks (%kroc in ames, %rake in gall)
Address PR6136 comments to improve the interface to this scry.
Now it looks like .^((set ship) %cs /=landscape=/subs)
instead of .^((set ship) %cs %/subs/landscape)
Implements a /cx/[our]//[now]/cult/[desk] endpoint, for getting a set of
pending requests for any given desk. We don't give the $cult for the
desk as-is, but instead slim the $roves back down into $raves, remove
clay protocol version metadata, and make sure to put our @p in place of
empty "for" fields.
This flow is not supported, and it was causing issues releasing
416. This change just drops the responses to avoid crashing, but at
some point we should either support this flow or reject the request in
the first place.
As of version %5, dill uses a new wire format for its userspace
subscriptions. Its existing subscriptions (read: the one subscription
into %hood for the default session) was never updated to use this new
style.
We observed a bug on one ship, where it had both old-style and new-style
subscriptions into hood, resulting in output being rendered twice. How
exactly this happened remains as of yet unclear.
Here, we forcefully clean up the old-style subscription, and
(re)establish the equivalent new-style subscription. This will prevent
issues like this from reoccurring.
Adds .snub to ames-state, a global blocklist for ships. If a packet is
received from a ship that is in the .snub set, it is immediately
dropped. Adds %snub to ames' $task, to allow manipulating this list
Previously, fake breaches triggered by a %ruin task would only get sent to
subscribers watching for the affected ship specifically. Now, we send them to
both those subscribers, and the ones watching for pubkey changes on all ships.
Most of the memory stays in gall anyway, and this means you need to
recompile everything the next time anything changes, which could be
counterproductive. It's important that %trim not make things worse.
The functionality is moved to the debug %stir task.
These were originally added because they reduced memory usage, primarily
by clearing the memoization cache. Now that the memoization cache is
no longer used, we use less memory without them. On ~wicdev-wisryt with
~30 apps, updating Clay now takes ~320MB.
- fix `fragment-num` and `num-fragments` having duplicate faces
- fix faces being wrapped around wrong things in various places
- fix `bone` not being printed in "hear last in-progess" message
- make pretty tape interpolation style more uniform
The +on-cork handler asserts that the peer is known to us. This is the
incorrect behaviour, because it will crash when corking a flow to a peer
that is still an %alien. This can happen, for instance, when making a
gall subscription for the first time and then corking it before the
alien naturalises.
if a cert is configured and a secure port is live it will set the
redirect flag in http-config.state.
When it gets a ++request it will return a 301 redirect to
https://[host]/[path] if:
1. not already secure
2. redirect flag set
3. secure port live
4. is not requesting /.well-known/acme-challenge/...
5. the host is in domains.state
It will not happen if forwarded-secured, localhost, local loopback, ip
addresses or domains not in domains.state.
in ++load it checks the secure port is live and a cert is set and
enables it if so (for people who already use in-urbit letencrypt)
%rule %cert tasks also toggle it (only turning it on if secure port
live)
%live tasks also toggle it (only turning it on if cert set)
Have tested with a couple of ships and seems to work fine.
This is useful in combination with pyry's auto arvo.network dns config
system - can finally get rid of reverse proxies entirely.
Eyre always gets passed request headers in lowercase, so we should search for
the lowercased version of the header.
Arguably `+get-header` should lowercase keys before comparing them, but that's
a more serious behavioral change.
This allows you to pass a thread directly into khan, instead of passing
a filename. This has several implications:
- The friction for using threads from an app is significantly lower.
Consider:
=/ shed
=/ m (strand ,vase)
;< ~ bind:m (poke:strandio [our %hood] %helm-hi !>('hi'))
;< ~ bind:m (poke:strandio [our %hood] %helm-hi !>('there'))
(pure:m !>('product'))
[%pass /wire %arvo %k %lard %base shed]
- These threads close over their subject, so you don't need to parse
arguments out from a vase -- you can just refer to them. The produced
value must still be a vase.
++ hi-ship
|= [=ship msg1=@t msg2=@t]
=/ shed
=/ m (strand ,vase)
;< ~ bind:m (poke:strandio [ship %hood] %helm-hi !>(msg1))
;< ~ bind:m (poke:strandio [ship %hood] %helm-hi !>(msg2))
(pure:m !>('product'))
[%pass /wire %arvo %k %lard %base shed]
- Inline threads can be added to the dojo, though this PR does not add
any sugar for this.
=strandio -build-file %/lib/strandio/hoon
=sh |= message=@t
=/ m (strand:rand ,vase)
;< ~ bind:m (poke:strandio [our %hood] %helm-hi !>('hi'))
;< ~ bind:m (poke:strandio [our %hood] %helm-hi !>(message))
(pure:m !>('product'))
|pass [%k %lard %base (sh 'the message')]
Implementation notes:
- Review the commits separately: the first is small and implements the
real feature. The second moves the strand types into lull so khan can
refer to them.
- In lull, I wanted to put +rand inside +khan, but this fails to that
issue that puts the compiler in a loop. +rand depends on +gall, which
depends on +sign-arvo, which depends on +khan. If +rand is in +khan,
this spins the compiler. The usual solution is to either move
everything into the same battery (very ugly here) or break the
recursion (which we do here).
Whenever a session gets created or removed, send the set of valid auth
tokens to the runtime, so that it may use them in determining whether
incoming requests are authenticated or not.