Skip to content

Post-PR8 follow-up: host lifecycle state enum, signing/verification tests, disconnect test realism#12

Open
Copilot wants to merge 2 commits into
mainfrom
copilot/clarify-host-lifecycle-semantics
Open

Post-PR8 follow-up: host lifecycle state enum, signing/verification tests, disconnect test realism#12
Copilot wants to merge 2 commits into
mainfrom
copilot/clarify-host-lifecycle-semantics

Conversation

Copilot AI commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

Three small, targeted fixes for concerns surfaced during PR #8 review: a double-start race in Host.Start(), missing end-to-end signing/verification test coverage, and untested DisconnectPeer guard paths.

Concern 1 – Host lifecycle state (pkg/p2p/host/host.go)

running bool was set to false before shutdown completed, and Start() had a TOCTOU race — the running check and assignment were separated by an unlock, allowing two concurrent callers to both pass the guard.

Replaced running bool with a hostState enum (hostStopped → hostRunning → hostStopping → hostStopped):

h.mu.Lock()
if h.state != hostStopped {
    h.mu.Unlock()
    // ...
}
h.state = hostRunning  // set while lock is still held — no race window
h.mu.Unlock()

Stop() now transitions through hostStopping (immediately reflected by IsRunning()) before setting hostStopped once teardown completes. Four white-box state tests added in host_test.go.

Concern 2 – End-to-end signing/verification (pkg/p2p/message/message_test.go)

Prior tests only validated payload serialization shape. Added three tests using real libp2p Ed25519 primitives:

  • TestSignVerify_RoundTrip — sign → verify succeeds
  • TestSignVerify_TamperedMessage — mutate Data after signing → verify fails
  • TestSignVerify_WrongKey — correct payload, wrong public key → verify fails

Concern 3 – DisconnectPeer guard path (pkg/peer/connection_test.go)

DisconnectPeer checks activeConns before touching cm.host.Network(), but this path had no test coverage. Added two tests that exercise it without a real libp2p host:

  • TestDisconnectPeer_UnknownPeer — peer never seen → error
  • TestDisconnectPeer_AfterHandlerDisconnecthandleDisconnected already fired → error
Original prompt

Create small follow-up implementation pull requests in repository danielsobrado/P2P-Market-Data for the remaining smaller concerns identified after reviewing PR #8.

Reference PR: #8

These should be small, separate, reviewable PRs, not one large combined PR.

Concern 1: Clarify/strengthen host lifecycle semantics around stop state

There is a smaller concern that pkg/p2p/host/host.go now sets h.running = false before shutdown is fully complete. That may be acceptable, but it can blur the meaning of IsRunning().

PR A goal

Make host lifecycle state semantics clearer and safer with minimal scope.

PR A requirements

  • Review whether a tiny improvement is appropriate to clarify the distinction between:
    • actively running
    • stopping/in shutdown
    • fully stopped
  • Prefer a minimal change such as a small lifecycle state indicator, improved guard, or clearly safer semantics.
  • Avoid large lifecycle refactors.
  • Add a focused test if practical.

Concern 2: Improve end-to-end verification confidence for message signing / verification

PR #8 added payload-coverage tests, but there is still a smaller concern that signing/verification behavior may not be covered end-to-end.

PR B goal

Add small, focused tests for message signing/verification behavior if the repository has the necessary primitives available.

PR B requirements

  • Add minimal tests that improve confidence in real signing/verification behavior, not just payload serialization.
  • Keep scope focused to the message/signature path.
  • If true end-to-end signing tests are not practical with current code structure, add the smallest meaningful integration-style test available and explain that in the PR.

Concern 3: Improve connection-manager test realism where practical

PR #8 added handler-level tests with a nil host. That is acceptable, but there is still a smaller concern that disconnect behavior is not tested in a more realistic path.

PR C goal

If feasible with small scope, improve connection-manager test realism slightly.

PR C requirements

  • Add a small additional test around disconnect behavior that increases confidence without requiring a large integration harness.
  • Keep scope very small.
  • If not practical, avoid forcing a brittle test.

Delivery requirements

  • Create separate small PRs where appropriate rather than combining unrelated small concerns.
  • Each PR must contain real code changes.
  • Keep each PR safe, tiny, and easy to review.
  • Do not create planning-only PRs.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Do that

Assistant: PR #6’s diff mostly matches its description.

Files changed

The changed files I could confirm are:

  • pkg/scripts/executor.go
  • pkg/scripts/manager.go
  • pkg/scripts/scripts_test.go
  • pkg/peer/connection.go
  • pkg/peer/discovery/validator.go
  • pkg/peer/discovery/validator_test.go
  • pkg/p2p/message/message.go
  • scripts/proto_to_sql.py
  • frontend/src/components/data/utils/handleScripts.ts
  • frontend/src/App.tsx

What the diff clearly covers

1. Script lifecycle hardening

Covered well.

Evidence in diff:

  • pkg/scripts/executor.go
    • introduces scriptRun{cmd, done}
    • removes the old double-Wait() pattern
    • StopScript now does graceful stop → timeout → kill
    • ExecuteScript now returns result+error together
    • ExecuteScriptWithOutputCapture now trims output and returns parsing errors with raw output
    • Python path validation now checks binary naming and exec.LookPath
  • pkg/scripts/manager.go
    • dependency validation temp files moved out of the script dir via os.CreateTemp
  • pkg/scripts/scripts_test.go
    • adds tests for stop behavior, missing Python, temp-file handling, and non-nil result on execution error

Assessment: this part strongly matches the PR description.


2. P2P correctness fixes

Mostly covered.

Evidence in diff:

  • pkg/peer/connection.go
    • guards connection counter updates on actual membership
    • removes manual decrement from DisconnectPeer
  • pkg/peer/discovery/validator.go
    • returns error if all records are invalid
  • pkg/peer/discovery/validator_test.go
    • adds multiple tests for selection behavior
  • pkg/p2p/message/message.go
    • expands signed payload coverage to include Version, ID, and Timestamp

Assessment: this also matches the description well.


3. Migration/tooling safety

Covered.

Evidence in diff:

  • scripts/proto_to_sql.py
    • adds identifier validation regex
    • quotes identifiers
    • changes CREATE TABLE to IF NOT EXISTS
    • guards schema_manager cleanup in finally

Assessment: matches the described migration safety work.


4. Frontend script UX consistency

Covered, but lightly.

Evidence in diff:

  • frontend/src/components/data/utils/handleScripts.ts
    • adds refreshScripts
    • refreshes after up...

This pull request was created from Copilot chat.


⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.

…onnect test realism

Agent-Logs-Url: https://github.com/danielsobrado/P2P-Market-Data/sessions/13aa5ea5-26fb-46fe-9c83-8788ee691201

Co-authored-by: danielsobrado <35833752+danielsobrado@users.noreply.github.com>
Copilot AI changed the title [WIP] Clarify host lifecycle semantics around stop state Post-PR8 follow-up: host lifecycle state enum, signing/verification tests, disconnect test realism Mar 27, 2026
Copilot AI requested a review from danielsobrado March 27, 2026 13:45
@danielsobrado danielsobrado marked this pull request as ready for review March 28, 2026 05:46
Copilot AI review requested due to automatic review settings March 28, 2026 05:46

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 578ce37731

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread pkg/p2p/host/host.go
Comment on lines 177 to +178
h.mu.Unlock()
return fmt.Errorf("host is already running")
if h.state == hostRunning {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Read host state under lock before branching on it

In Start, the non-stopped path unlocks h.mu and then immediately reads h.state again to choose the error message. That second read is unsynchronized while Stop and Start both write h.state under the mutex, which introduces a real data race under concurrent start/stop calls and can also return the wrong branch if the state changes between unlock and read. Capture the state while still holding the lock (or keep the whole branch under lock) to avoid the race.

Useful? React with 👍 / 👎.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR follows up on PR #8 by tightening host lifecycle semantics, adding end-to-end signing/verification tests, and improving disconnect-path test coverage to better reflect real guard behavior.

Changes:

  • Replace Host.running bool with a hostState enum to model stopped/running/stopping and reduce double-start race risk.
  • Add Ed25519 round-trip and negative-case tests for message signing/verification using real libp2p crypto primitives.
  • Add tests for ConnectionManager.DisconnectPeer guard paths without requiring a real libp2p host.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
pkg/p2p/host/host.go Introduces hostState lifecycle tracking and updates Start/Stop/IsRunning semantics.
pkg/p2p/host/host_test.go Adds white-box tests for IsRunning() behavior across host states.
pkg/p2p/message/message_test.go Adds end-to-end Ed25519 signing/verification tests (round-trip + negative cases).
pkg/peer/connection_test.go Adds tests that exercise DisconnectPeer guard paths without a real host.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/p2p/host/host.go
Comment on lines 175 to +181
h.mu.Lock()
if h.running {
if h.state != hostStopped {
h.mu.Unlock()
return fmt.Errorf("host is already running")
if h.state == hostRunning {
return fmt.Errorf("host is already running")
}
return fmt.Errorf("host is shutting down, cannot start")

Copilot AI Mar 28, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Start() reads h.state after releasing the mutex (the if h.state == hostRunning branch). That creates a data race with concurrent Stop()/Start() calls and can also produce the wrong error message. Capture the state in a local variable before unlocking (or keep the lock held until after deciding which error to return).

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants