Skip to content

Commit 946256a

Browse files
mswilkisonmswilkison
committed
feat(frost/roast): RFC-21 Phase 4.4 -- multi-coordinator soak harness
Closes Phase 4 of RFC-21 by adding the soak harness the RFC asks for: a synthetic-fault-injection test that drives the full attempt -> evidence -> next-attempt loop across N coordinator instances and asserts every honest signer arrives at a byte-identical next-attempt context. The harness bypasses the receive-loop wiring (which is unit-tested in pkg/frost/signing under the frost_roast_retry tag) and drives the Coordinator API directly with synthetic snapshots. The novel property it exercises is multi-instance agreement: every node's NextAttempt result must hash-match every other node's, regardless of which fault-injection scenario was run. Tests (6 scenarios in multi_coordinator_soak_test.go): * Clean attempt -- no overflow, no silence -> IncludedSet unchanged at next attempt; nothing excluded or parked. * Overflow exclusion -- 4 observers report 1 overflow each against member 3 (sum = OverflowExclusionThreshold) -> member 3 permanently excluded next attempt. * Silence parking -- member 3 silent -> member 3 parked at next attempt; not permanently excluded. * Park + reinstate cycle -- N+1 parks member 3 (silent at N); N+2 reinstates member 3 (still silent at N+1 by design, cannot submit while parked). * Infeasibility -- threshold = 5 with two silenced members -> every node's NextAttempt returns ErrAttemptInfeasible. * Original signer set preservation -- |Inc| + |Exc| + |Park| invariant holds across three consecutive transitions. Cross-instance agreement is asserted by every soakAttempt invocation: the helper computes NextAttempt on every node's local Coordinator instance and refuses to return until every result's hash matches every other's. A single divergence anywhere causes the test to fail with a precise hash comparison. soakSigner produces SHA-256(memberID || payload) signatures; the matching soakVerifier accepts byte-identical recomputations. No real crypto needed -- the harness exercises the policy + canonical- encoding contracts, not key infrastructure. Verification: * go test ./pkg/frost/roast/... -- pass * go test -race ./pkg/frost/roast/... -- pass * go test -tags 'frost_native frost_tbtc_signer frost_roast_retry' ./pkg/frost/... -- pass (5 packages) * staticcheck -checks '-SA1019' ./pkg/frost/... -- silent * gofmt -l ./pkg/frost/roast/ -- silent Stacked on Phase 4.3 (#3974). Closes the Phase 4 surface.
1 parent 4431a29 commit 946256a

1 file changed

Lines changed: 430 additions & 0 deletions

File tree

0 commit comments

Comments
 (0)