auto-fix batch claude/friendly-maxwell-f34GI 2026-05-02#511
Merged
Conversation
Pre-existing: `cargo clippy --target wasm32-unknown-unknown -p willow-client --all-targets` failed with ~209 errors from test modules pulling tokio/std::fs/etc. Production code is WASM-clean (`--lib` passes); only `#[cfg(test)]` modules tripped. Gate test modules with `#[cfg(all(test, not(target_arch = "wasm32")))]` so the wasm-clippy `--all-targets` gate (per resolving-issues skill) can run without false positives masking real wasm regressions. The `test_client` / `test_client_on_hub` helpers are likewise tightened to match `MemNetwork`'s existing native-only gate; they reference `willow_network::mem::MemNetwork` which is already `cfg(all(not(target_arch = "wasm32"), any(test, feature = "test-utils")))`, so this is a correctness fix rather than a behavioural change. No production-code change. Refs #506
…04, #243) Peer-supplied http(s):// URLs ending in image extensions auto-embed as <img>. Without `referrerpolicy=no-referrer` the browser sends the page URL via Referer, leaking channel/message context to whatever host the peer chose. IP/UA leak via TCP/TLS is unavoidable once a fetch occurs. Brainstorm rejected `crossorigin=anonymous` — would activate CORS mode and break most legitimate CDN images. Modern browsers strip cookies via SameSite=Lax defaults, so the cookie-leak component is already covered. A user-preference gate (full disable / scheme allowlist) is left as a follow-up (#243); this PR ships the minimum-scope, zero-UX-cost mitigation. Updated the existing browser test (`url_with_image_extension_embeds_inline`) to mirror the new attribute and added an explicit assertion. wasm-pack / Firefox / geckodriver aren't available in this sandbox so the browser test wasn't executed; native `cargo test -p willow-web`, native + wasm32 `cargo clippy -- -D warnings`, and `cargo fmt --check` all pass. Refs #243
… (GEN-08, #268) `topological_sort()` ran O(N) on every WireMessage::SyncRequest, then truncated to 500. For a 50k-event server every sync request paid the full sort + alloc cost. N+1 amplifier per peer. Cache the materialized 500-event Vec on DagState; clear on every successful try_insert_event (and the local-mutation siblings: seed_genesis, build_event, the JoinRequest grant in listeners, plus the server-switch sites in servers.rs that swap ds.managed). Listener checks the cache, recomputes lazily on miss. Test helpers that bypass the listener (replay_dag_into in multi_peer_sync / trust_flow, the sync test in lib.rs) call invalidate_sync_reply_cache explicitly so they don't leak stale defaults. Brainstorm rejected caching on EventDag itself: willow-state's design comment commits it to zero-I/O / pure / no-interior-mutability; cache is a listener concern, belongs at the actor-state layer. Long-term migration to heads-based sync (WorkerRequest::Sync { heads }) remains tracked under #65; this PR closes the per-request waste only. Tests live in crates/client/src/tests/sync_reply_cache.rs: - cached_reply_matches_topological_sort_prefix (semantic preservation) - cache_invalidates_on_insert (invalidation correctness) - cache_hit_returns_identical_vec (cache-hit smoke regression canary) Refs #268
3rd-trigger rule for structural-deps meta-tracker was reactive — a run could land in a queue with 5+ trackers and no meta-tracker, with no clear instruction whether to consolidate or wait for the next filing trigger. Spell out: when the sweep finds 3+ trackers without a meta-tracker, file the meta-tracker as part of the sweep itself. Pure metadata work, falls under the Coordinator-never-codes exceptions (no source files touched). Surfaced this run: 5 trackers (#246, #247, #249, #481, #485) existed since prior runs; meta-tracker filed retroactively as #510. Refs .claude/skills/resolving-issues/SKILL.md
6 tasks
intendednull
pushed a commit
that referenced
this pull request
May 3, 2026
Prior PR #511 lessons dismissed `willow-state::tests_materialize::non_admin_set_profile_is_accepted` as a sandbox-side flake. This run reproduced it cleanly on coordinator HEAD post-PR #505 (which added the SetProfile membership gate) — the "flake" was a real regression all along, just exposed once the gating PR landed. Filed #565. Strengthen the implementer-flagged-rot section: always re-verify on coordinator HEAD; don't rely on a prior dismissal alone. Rot accumulates between runs; a previously-flaky symptom can become a real regression as PRs merge. Refs auto-fix batch claude/friendly-maxwell-M5xB6.
This was referenced May 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Scheduled
/resolving-issuessweep. Three small-scope fixes landed; five issues closed as already-fixed by master PR #507's commits within the last day; one new structural-deps meta-tracker issue filed; one skill edit pulled forward.Fixes
test(client): cfg-gate native-only lib tests against wasm32(commit0c48f09). 209 wasm-clippy--all-targetserrors → 0; 329 native tests still pass. Production code untouched, only#[cfg(test)]modules +test_clienthelpers gated.<img>with no scheme/host allowlist — passive-tracking vector #243 —fix(web): add referrerpolicy=no-referrer to auto-embed images(commit4af9add). SEC-W-04 mitigation. Single-attribute add on<img>for peer-supplied URLs incrates/web/src/components/message.rs. Brainstorm rejectedcrossorigin="anonymous"(would break legit CDN images via CORS) and a settings-pref toggle (out of scope). Browser test updated.topological_sort()runs O(N) on everySyncRequest, then truncates to 500 #268 —perf(client): cache truncated SyncRequest reply, invalidate on insert(commitb65ea28). GEN-08 mitigation. Cache lives onDagState(5 production sites + 3 test helpers invalidate on mutation); listener consumes lazily. Brainstorm rejected caching onEventDagitself (purity / zero-I/O design contract). Long-term migration to heads-based sync remains tracked under Worker sync protocol uses bulk SyncBatch instead of per-author Advertise/Request/Response #65. 3 new tests incrates/client/src/tests/sync_reply_cache.rs. Test count 329 → 332.Already-Fixed
Coordinator-direct close-pass during step 6 sweep — all 5 resolved by commits already on
mainvia PR #507:b075140 fix(storage): cap authors in sync_since/history at 256b51a151 fix(client): bind JoinResponse/JoinDenied to expected invitere07d974 perf(web): incremental search index, drop rebuild-on-signal Effect+24499f2 perf(web): wire search bootstrap helpers, drop rebuild Effect2667683 ci: ignore RUSTSEC-2026-0119 + 0120 (hickory-* via iroh)2667683Parked
None this run.
Skill Evolution
bb3aa73 docs(skill): retroactive meta-tracker fill-in during sweep— clarifies that when a run's triage finds 3+ structural-deps trackers without a consolidating meta-tracker, the coordinator files the meta-tracker as part of step 6 (pure metadata work, falls under Coordinator-never-codes exceptions).randmajor versions + RUSTSEC-2026-0097 across all of them #246, [DEP-03] Workspace uses unmaintainedbincode 1.3for on-wire + on-disk serialization #247, [DEP-05/TD-01] Two crypto-primitive stacks (0.10 + 0.11-rc) compiled side-by-side #249, [TD-03 follow-up]getrandom3-way split is structural — driven by aes-gcm 0.10, ahash, and iroh 0.98 #481, [TD-02 follow-up]convert_case3-way split is structural — pinned by Leptos internals + derive_more #485) under one[meta] upstream-domino tracker. Future runs check there first.Lessons Learned
bb3aa73) closes that gap so future runs file retroactively when they spot the same shape.test_client()/test_client_on_hub()helpers inlib.rs(not under#[cfg(test)]) to matchMemNetwork's gate. Out-of-strict-scope but load-bearing for the wasm-clippy gate to actually pass.topological_sort()runs O(N) on everySyncRequest, then truncates to 500 #268 implementer invalidated cache at 5 production sites (try_insert_event, JoinRequest grant, seed_genesis, build_event, server-switch) plus 3 test helpers, not just the bare insert. Necessary because local mutations also change the topological prefix.Both flagged the deviation in their reports. Skill's existing "mechanical call-site migration is part of the fix, not scope creep" wording covered it; no edit needed.
git statusafter each signal disambiguated cleanly.topological_sort()runs O(N) on everySyncRequest, then truncates to 500 #268 implementer (willow-state::tests_materialize::non_admin_set_profile_is_accepted) didn't reproduce on coordinator HEAD — likely a sandbox-side flake, not real rot. No follow-up filed. Worth noting that "implementer reports baseline failure" needs coordinator-side verification before filing a follow-up issue, otherwise we accumulate phantom rot tickets.Test plan
Master-PR CI is the load-bearing gate. Locally each implementer ran:
cargo fmt --all -- --checkcargo clippy <scope> --all-targets -- -D warnings(native)cargo clippy --target wasm32-unknown-unknown <scope> --all-targets -- -D warningscargo test <scope>(willow-client: 329 → 332 passed)cargo check --target wasm32-unknown-unknown <scope>CI gates to verify on this PR:
<img>with no scheme/host allowlist — passive-tracking vector #243 lands here)Generated by Claude Code