Steward list integration#57
Merged
seemenkina merged 3 commits intomainfrom Apr 21, 2026
Merged
Conversation
- Updated the CSS layout for the members panel to improve visual organization and spacing. - Introduced a new `MembersSection` in the UI to display group members with their roles and scores. - Implemented logic to track and display freeze candidate counts during the freezing state, enhancing user feedback on consensus processes. - Updated the `ConsensusState` structure to include freeze candidate progress, ensuring accurate representation of the group's state. - Enhanced event handling to manage freeze candidates effectively, improving overall user experience during group operations.
- Introduced a new `GroupConfig` struct to manage group behavior settings, including epoch duration, freeze duration, proposal expiration, and consensus timeout. - Added methods for creating custom group configurations and retrieving effective freeze durations. - Implemented a `consensus_bridge` module to facilitate interactions between core consensus operations and the application layer, including proposal submission and vote casting. - Refactored user management to streamline group creation and joining processes, integrating the new configuration settings. - Enhanced the `User` struct with methods for processing user votes and managing group states during the consensus lifecycle. - Updated display helpers to improve the representation of group update requests and member roles in the UI. - Removed the deprecated `message_type` module, consolidating message handling into the display module for better organization. - Added comprehensive tests to validate the new configuration and consensus functionalities, ensuring robustness in group operations.
… live rotation Makes the multi-steward flow resilient to real-world failure modes observed in live testing. The common thread: the group should keep making progress when individual stewards fail (leave, go offline, or diverge on timing boundaries), without getting stuck or attributing blame incorrectly. Pending-updates buffer on Group - Every member buffers incoming membership-change intents (KPs via welcome subtopic; UI-initiated leave/remove via the app subtopic). - Only the live epoch steward promotes a buffered entry to a voting proposal; non-epoch-steward members just hold it. - If a commit round fails, the buffer survives: the next epoch steward (or next live steward after rotation) retries on its turn. - Pruned on successful commit (by target identity) and on age via GroupConfig.pending_update_max_epochs (default 3). Live steward rotation - StewardList::live_epoch_steward / live_backup_steward skip stewards removed from the group, wrapping within the nominal list. - All nodes derive the same answer from the same MLS member set, so no divergence. - Used by KP promotion, buffer draining, UI role display, and the censorship-ECP target in poll_freeze_status (avoids accusing a ghost member when the nominal epoch steward was already removed). Creator auto-YES - GroupConfig.creator_auto_vote_delay (default Some(10s)) schedules a YES vote on behalf of the proposal creator if they haven't voted manually by the delay. One tokio::spawn per proposal with two sequential sleeps (auto-YES, then consensus timeout) -- no nested tasks. - Addresses the small-group (N <= 2) unanimity requirement in the consensus library by removing the "creator forgot to click" failure mode. Self-remove skip in create_commit_candidate - When the approved batch contains RemoveMember(self), skip local candidate creation (MLS forbids a committer removing their own leaf). Another live steward picks up the batch and commits it, including the leaver's removal. Leave/remove through buffer - leave_group now buffers RemoveMember(self) on the leaver's own Group before initiate_proposal, so a failed commit round doesn't lose the intent. - Peers mirror InviteMember/RemoveMember into their buffer when they receive the proposal on the app subtopic. Freeze-time app-message guard - send_app_message now blocks in PendingJoin, Freezing, and Selection (matches MLS RFC 9420: keys are rotating, messages may not decrypt on members who have already merged). Governance traffic (votes, proposal notifications) lives above MLS and its own gates are unchanged. SessionNotActive downgrade - forward_incoming_vote matches the library's exact ConsensusError::SessionNotActive variant and returns Ok with a debug log. A late vote for an already-resolved session is a benign boundary-timing race, not an error. All other consensus errors still propagate. GroupSync proto - StewardListSync renamed to GroupSync and extended with allow_subset_candidates, peer_scores, and timing fields so joiners arrive with a full working config, not just the steward list. Gateway diagnostic logging - gateway::create_group and join_group now log on entry and after subtopic subscription so the creator path is visible (previously silent, making it hard to tell whether a node had actually joined). Arc-wrap User.mls_service - Required so the auto-YES spawned task can share the MLS service without refactoring every caller. MlsService uses interior mutability, so Arc wrapping is transparent at call sites. Tests - async_scoring_removal uses the new User::regenerate_steward_list helper to simulate a completed election between joins (unblocks the three-member test flow under the new live-rotation rules). - core_process_inbound asserts non-steward members now surface incoming KPs so the app layer can buffer them (previously dropped as Noop).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.