Post-PR8 follow-up: host lifecycle state enum, signing/verification tests, disconnect test realism#12
Post-PR8 follow-up: host lifecycle state enum, signing/verification tests, disconnect test realism#12Copilot wants to merge 2 commits into
Conversation
…onnect test realism Agent-Logs-Url: https://github.com/danielsobrado/P2P-Market-Data/sessions/13aa5ea5-26fb-46fe-9c83-8788ee691201 Co-authored-by: danielsobrado <35833752+danielsobrado@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 578ce37731
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| h.mu.Unlock() | ||
| return fmt.Errorf("host is already running") | ||
| if h.state == hostRunning { |
There was a problem hiding this comment.
Read host state under lock before branching on it
In Start, the non-stopped path unlocks h.mu and then immediately reads h.state again to choose the error message. That second read is unsynchronized while Stop and Start both write h.state under the mutex, which introduces a real data race under concurrent start/stop calls and can also return the wrong branch if the state changes between unlock and read. Capture the state while still holding the lock (or keep the whole branch under lock) to avoid the race.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
This PR follows up on PR #8 by tightening host lifecycle semantics, adding end-to-end signing/verification tests, and improving disconnect-path test coverage to better reflect real guard behavior.
Changes:
- Replace
Host.running boolwith ahostStateenum to modelstopped/running/stoppingand reduce double-start race risk. - Add Ed25519 round-trip and negative-case tests for message signing/verification using real libp2p crypto primitives.
- Add tests for
ConnectionManager.DisconnectPeerguard paths without requiring a real libp2p host.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/p2p/host/host.go | Introduces hostState lifecycle tracking and updates Start/Stop/IsRunning semantics. |
| pkg/p2p/host/host_test.go | Adds white-box tests for IsRunning() behavior across host states. |
| pkg/p2p/message/message_test.go | Adds end-to-end Ed25519 signing/verification tests (round-trip + negative cases). |
| pkg/peer/connection_test.go | Adds tests that exercise DisconnectPeer guard paths without a real host. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| h.mu.Lock() | ||
| if h.running { | ||
| if h.state != hostStopped { | ||
| h.mu.Unlock() | ||
| return fmt.Errorf("host is already running") | ||
| if h.state == hostRunning { | ||
| return fmt.Errorf("host is already running") | ||
| } | ||
| return fmt.Errorf("host is shutting down, cannot start") |
There was a problem hiding this comment.
Start() reads h.state after releasing the mutex (the if h.state == hostRunning branch). That creates a data race with concurrent Stop()/Start() calls and can also produce the wrong error message. Capture the state in a local variable before unlocking (or keep the lock held until after deciding which error to return).
Three small, targeted fixes for concerns surfaced during PR #8 review: a double-start race in
Host.Start(), missing end-to-end signing/verification test coverage, and untestedDisconnectPeerguard paths.Concern 1 – Host lifecycle state (
pkg/p2p/host/host.go)running boolwas set tofalsebefore shutdown completed, andStart()had a TOCTOU race — the running check and assignment were separated by an unlock, allowing two concurrent callers to both pass the guard.Replaced
running boolwith ahostStateenum (hostStopped → hostRunning → hostStopping → hostStopped):Stop()now transitions throughhostStopping(immediately reflected byIsRunning()) before settinghostStoppedonce teardown completes. Four white-box state tests added inhost_test.go.Concern 2 – End-to-end signing/verification (
pkg/p2p/message/message_test.go)Prior tests only validated payload serialization shape. Added three tests using real libp2p Ed25519 primitives:
TestSignVerify_RoundTrip— sign → verify succeedsTestSignVerify_TamperedMessage— mutateDataafter signing → verify failsTestSignVerify_WrongKey— correct payload, wrong public key → verify failsConcern 3 –
DisconnectPeerguard path (pkg/peer/connection_test.go)DisconnectPeerchecksactiveConnsbefore touchingcm.host.Network(), but this path had no test coverage. Added two tests that exercise it without a real libp2p host:TestDisconnectPeer_UnknownPeer— peer never seen → errorTestDisconnectPeer_AfterHandlerDisconnect—handleDisconnectedalready fired → errorOriginal prompt
Create small follow-up implementation pull requests in repository
danielsobrado/P2P-Market-Datafor the remaining smaller concerns identified after reviewing PR #8.Reference PR: #8
These should be small, separate, reviewable PRs, not one large combined PR.
Concern 1: Clarify/strengthen host lifecycle semantics around stop state
There is a smaller concern that
pkg/p2p/host/host.gonow setsh.running = falsebefore shutdown is fully complete. That may be acceptable, but it can blur the meaning ofIsRunning().PR A goal
Make host lifecycle state semantics clearer and safer with minimal scope.
PR A requirements
Concern 2: Improve end-to-end verification confidence for message signing / verification
PR #8 added payload-coverage tests, but there is still a smaller concern that signing/verification behavior may not be covered end-to-end.
PR B goal
Add small, focused tests for message signing/verification behavior if the repository has the necessary primitives available.
PR B requirements
Concern 3: Improve connection-manager test realism where practical
PR #8 added handler-level tests with a nil host. That is acceptable, but there is still a smaller concern that disconnect behavior is not tested in a more realistic path.
PR C goal
If feasible with small scope, improve connection-manager test realism slightly.
PR C requirements
Delivery requirements
The following is the prior conversation context from the user's chat exploration (may be truncated):
User: Do that
Assistant: PR #6’s diff mostly matches its description.
Files changed
The changed files I could confirm are:
pkg/scripts/executor.gopkg/scripts/manager.gopkg/scripts/scripts_test.gopkg/peer/connection.gopkg/peer/discovery/validator.gopkg/peer/discovery/validator_test.gopkg/p2p/message/message.goscripts/proto_to_sql.pyfrontend/src/components/data/utils/handleScripts.tsfrontend/src/App.tsxWhat the diff clearly covers
1. Script lifecycle hardening
Covered well.
Evidence in diff:
pkg/scripts/executor.goscriptRun{cmd, done}Wait()patternStopScriptnow does graceful stop → timeout → killExecuteScriptnow returns result+error togetherExecuteScriptWithOutputCapturenow trims output and returns parsing errors with raw outputexec.LookPathpkg/scripts/manager.goos.CreateTemppkg/scripts/scripts_test.goAssessment: this part strongly matches the PR description.
2. P2P correctness fixes
Mostly covered.
Evidence in diff:
pkg/peer/connection.goDisconnectPeerpkg/peer/discovery/validator.gopkg/peer/discovery/validator_test.gopkg/p2p/message/message.goVersion,ID, andTimestampAssessment: this also matches the description well.
3. Migration/tooling safety
Covered.
Evidence in diff:
scripts/proto_to_sql.pyCREATE TABLEtoIF NOT EXISTSschema_managercleanup infinallyAssessment: matches the described migration safety work.
4. Frontend script UX consistency
Covered, but lightly.
Evidence in diff:
frontend/src/components/data/utils/handleScripts.tsrefreshScriptsThis pull request was created from Copilot chat.
⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.