v0.3.6: Active CDN replication, device roles, budgets, tombstones, engagement fix, DOS hardening

Active CDN replication: - All devices proactively replicate recent posts (<72h, <2 replicas) to peers - Target priority: desktops (300) > anchors (200) > phones (100) + cache_pressure - ReplicationRequest/Response (0xE1/0xE2) wire messages - 10-min cycle, 2-min initial delay, cap 20 posts per request - Graceful with small networks (1 peer = 1 replica, 0 peers = silent skip) Device roles & budgets: - Intermittent (phone), Available (desktop), Persistent (anchor) - Advertised in InitialExchange, stored per-peer - Replication budget: phones 100MB/hr, desktops/anchors 200MB/hr - Delivery budget: phones 1GB/hr, desktops 2GB/hr, anchors 1GB/hr - Hourly auto-reset, enforcement on blob serving Cache management: - 1GB default cache limit, configurable in settings UI - Eviction cycle activated (was implemented but never started) - Share-link priority boost (+100 for 3+ downstream) - Cache pressure score (0-255) for replication targeting Engagement distribution fix: - BlobHeader JSON rebuilt after BlobHeaderDiff ops - Previously reactions/comments stored in tables but header stayed stale Tombstone system: - deleted_at column on reactions and comments - Tombstones propagate through pull sync (additive merge respects timestamps) - UI queries filter WHERE deleted_at IS NULL Persistent notifications: - seen_engagement and seen_messages tables replace in-memory Sets - Only notify on genuinely unseen content, survives restarts DOS hardening: - BlobHeaderDiff fan-out: single batched task, max 10 concurrent via JoinSet - Blob prefetch: cap 20 per cycle, newest first - PostDownstreamRegister: cap 50 per sync - Delivery budget enforcement on BlobRequest handler - Pull preference: non-anchors first to preserve anchor delivery budget Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 21:00:28 -04:00 · 2026-03-20 21:00:28 -04:00 · a7e632de88
commit a7e632de88
parent b7f2d369fa
16 changed files with 1254 additions and 158 deletions
--- a/crates/core/src/protocol.rs
+++ b/crates/core/src/protocol.rs
@ -71,6 +71,8 @@ pub enum MessageType {
    TcpPunchRequest = 0xD6,
    TcpPunchResult = 0xD7,
    MeshKeepalive = 0xE0,
+    ReplicationRequest = 0xE1,
+    ReplicationResponse = 0xE2,
 }

 impl MessageType {
@ -126,6 +128,8 @@ impl MessageType {
            0xD6 => Some(Self::TcpPunchRequest),
            0xD7 => Some(Self::TcpPunchResult),
            0xE0 => Some(Self::MeshKeepalive),
+            0xE1 => Some(Self::ReplicationRequest),
+            0xE2 => Some(Self::ReplicationResponse),
            _ => None,
        }
    }
@ -174,6 +178,12 @@ pub struct InitialExchangePayload {
    /// External HTTP address if known (e.g. "1.2.3.4:4433")
    #[serde(default)]
    pub http_addr: Option<String>,
+    /// CDN replication device role: "intermittent", "available", "persistent"
+    #[serde(default)]
+    pub device_role: Option<String>,
+    /// CDN cache pressure: 0-255 availability score (255 = lots of capacity)
+    #[serde(default)]
+    pub cache_pressure: Option<u8>,
 }

 /// Incremental N1/N2 changes
@ -622,6 +632,26 @@ pub struct PostFetchResponsePayload {
    pub post: Option<SyncPost>,
 }

+// --- Active CDN Replication payloads ---
+
+/// Request a peer to replicate (cache) specific posts and their blobs (bi-stream)
+#[derive(Debug, Serialize, Deserialize)]
+pub struct ReplicationRequestPayload {
+    /// Posts to replicate (with their blobs)
+    pub post_ids: Vec<PostId>,
+    /// 0-255 urgency (higher = more important to cache)
+    pub priority: u8,
+}
+
+/// Response to a replication request (bi-stream)
+#[derive(Debug, Serialize, Deserialize)]
+pub struct ReplicationResponsePayload {
+    /// Posts the peer agreed to hold
+    pub accepted: Vec<PostId>,
+    /// Posts the peer declined (over budget or no space)
+    pub rejected: Vec<PostId>,
+}
+
 /// Request a TCP hole punch toward a browser IP (bi-stream).
 /// Sent by the anchor to a node that holds a post, so the node's NAT
 /// opens a pinhole allowing the browser to connect directly via HTTP.
@ -766,6 +796,11 @@ mod tests {
            MessageType::PostDownstreamRegister,
            MessageType::PostFetchRequest,
            MessageType::PostFetchResponse,
+            MessageType::TcpPunchRequest,
+            MessageType::TcpPunchResult,
+            MessageType::MeshKeepalive,
+            MessageType::ReplicationRequest,
+            MessageType::ReplicationResponse,
        ];
        for mt in types {
            let byte = mt.as_byte();