refactor: statement submit core#217
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
statement-store: standalone sign-and-submit primitives over a shared expiry allocator
What
This branch extracts the statement signing and submission logic out of the session into a small set of standalone primitives in
@novasamatech/statement-store, exports them from the package index, and rewires the session to consume them. External writers (e.g. a desktop V2 SSO session) can now submit statements with the same expiry/priority and retry behaviour the session uses, instead of duplicating it.New exports
createExpiryAllocator()— hands out strictly increasing statement expiries for one signing account. When the chain rejects a submission with a higher minimum, the allocator adopts that minimum so the next submit clears it. All writers signing with the same account should share one allocator — independent counters can tie on same-second priorities, which the store rejects.submitStatementOnce(params)— a single attempt: allocate the next expiry, prove and submit the statement, and on a priority rejection raise the allocator floor to the chain-reported minimum.signAndSubmitStatement(params)/submitWithRetry(submit, options)— the same with a retry policy on top: separate budgets for transient failures and priority rejections, a per-retry delay schedule, and a liveness gate.isPriorityTooLow(error)— narrows an error toExpiryTooLowError/AccountFullError.PRIORITY_EPOCH_OFFSET— the spec's priority epoch base (see below).Behaviour changes
AccountFullErroris handled likeExpiryTooLowError. Both are priority rejections: while a submission is still live the session resyncs its expiry above the chain-reported minimum and keeps retrying past the transient-failure cap; once the submission has been superseded on its channel, the rejection is absorbed as success (it lost the race to a newer statement — re-answering would clobber it). Priority rejections never surface to session callers.createSessionaccepts an optional sharedallocator. Defaults to a private one, identical to the previous behaviour.submitRequestMessage/submitResponseMessagereject immediately afterdispose(), and a session disposed while initialization is in flight no longer re-activates or submits queued work.