Skip to content

serviceability: EdgeSeat feed-seat data model and SetAccessPassFeeds#3954

Draft
nikw9944 wants to merge 2 commits into
nikw9944/infra-1700-1-feed-catalogfrom
nikw9944/infra-1700-2-feed-provisioning
Draft

serviceability: EdgeSeat feed-seat data model and SetAccessPassFeeds#3954
nikw9944 wants to merge 2 commits into
nikw9944/infra-1700-1-feed-catalogfrom
nikw9944/infra-1700-2-feed-provisioning

Conversation

@nikw9944

@nikw9944 nikw9944 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Rework the AccessPass EdgeSeat variant into EdgeSeat(Vec<FeedSeat>) (feed_key + per-feed cap) and add the SetAccessPassFeeds instruction so the oracle provisions feed_keys onto a pass via its ACCESS_PASS_ADMIN permission. EdgeSeat is new and unused, so the borsh layout change needs no migration.

Part of malbeclabs/infra#1700.

Stack (merge bottom-up):

  1. serviceability: add Feed catalog account and CRUD #3953 — Feed catalog account + CRUD
  2. serviceability: EdgeSeat feed-seat data model and SetAccessPassFeeds #3954 — EdgeSeat data model + SetAccessPassFeeds
  3. serviceability: enforce EdgeSeat feed metro gate at connect #3955 — metro gate enforcement at connect
  4. sdk: Feed and EdgeSeat read support for Go, Python, and TypeScript #3956 — Go/Python/TS SDK read support

@martinsander00 martinsander00 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few inline notes (F1/F2/F4 from the review). F1 breaks make generate-fixtures and should land in this PR; F2 is a real double-count bug; F4 is a latent note for Part 3. Otherwise this looks well-scoped and the design comments are great.

/// Layout note (#1700): this variant previously carried no payload (#3865). EdgeSeat is new and
/// has no production passes, so changing the payload (same discriminant index 4) does not
/// orphan any deployed account; no migration is required.
EdgeSeat(Vec<FeedSeat>),

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Build break — fix in this PR. Turning EdgeSeat into a tuple variant breaks the fixture generator, which still constructs the bare unit variant at sdk/serviceability/testdata/fixtures/generate-fixtures/src/main.rs:1199 (accesspass_type: AccessPassType::EdgeSeat). That crate is in the workspace exclude list, so make rust-build / rust-test skip it and CI stays green — but make generate-fixtures compiles it and hard-fails. One-line fix there: AccessPassType::EdgeSeat(vec![]). (Regenerating the fixture data itself stays deferred to Part 4 — only the compile fix belongs here.)

(Commenting here since main.rs isn't part of this diff; this variant change is the root cause.)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed — the generator now builds EdgeSeat(vec![]) so make generate-fixtures compiles (fixture data regen stays in #3956).

.map(|s| s.current_users)
.unwrap_or(0);

if !prior_seats.iter().any(|s| s.feed_key == seat.feed_key) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate feed_key double-counts. prior_seats is snapshotted once before the loop (line 105) and never updated, so if value.feeds lists the same feed_key twice (and it wasn't already on the pass) this guard passes on both iterations: reference_count is bumped twice — the second Feed::try_from re-reads the just-written +1 — and new_seats ends up with two identical FeedSeat entries. Nothing dedups value.feeds. Since reference_count is never decremented, the over-count isn't reclaimable either. Recommend rejecting or de-duplicating repeated feed_keys (track seen keys in-loop, or revert on a dup) so a feed is bumped at most once and seats aren't duplicated.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now reject a repeated feed_key in-loop with InvalidArgument (no double-bump, no duplicate seats).

try_acc_write(&feed, feed_account, payer_account, accounts)?;
}

new_seats.push(FeedSeat {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

max_users can be set below the preserved current_users. current_users is preserved from the prior seat while max_users comes from the caller, with no max_users >= current_users check — so a re-provision can leave a seat over its cap. Latent today (nothing ticks current_users until Part 3), but Part 3's connect-time enforcement will inherit this unchecked invariant. Worth a clamp/guard when that lands — flagging here so it isn't lost.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a guard rejecting max_users < current_users.

@nikw9944 nikw9944 force-pushed the nikw9944/infra-1700-1-feed-catalog branch from b54c4bc to 114eabe Compare July 2, 2026 19:38
nikw9944 added 2 commits July 2, 2026 19:38
Rework the AccessPass EdgeSeat variant from a bare marker into EdgeSeat(Vec<FeedSeat>)
(feed_key + per-feed cap) and add the SetAccessPassFeeds instruction so the oracle
provisions feed_keys onto a pass via its ACCESS_PASS_ADMIN permission. Connect-time
enforcement of the per-feed metro gate lands in the next PR.
Reject duplicate feed_keys in SetAccessPassFeeds (avoids double-counting reference_count
and duplicate seats), reject max_users below the preserved current_users, and fix the
fixture generator to construct EdgeSeat(vec![]) so make generate-fixtures compiles.
@nikw9944 nikw9944 force-pushed the nikw9944/infra-1700-2-feed-provisioning branch from 8fa12fc to 4d30675 Compare July 2, 2026 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants