Phase 1 (0.6.0-beta): remove direct PostPush for encrypted posts

Encrypted posts now propagate only via the CDN (ManifestPush + neighbor header updates), eliminating the sender→recipient traffic signal on the wire. Encrypted DMs are indistinguishable from any other encrypted post. - Remove push_post_to_recipients entirely from network.rs - Remove call sites in create_post and re-encrypt-on-revoke - PostPush handler now ignores non-public visibility (kept for public audience push path) Known gap: non-follower DMs won't reach until Phase 3 (merged pull + recipient-match). Followers receive via the existing CDN path — new posts trigger neighbor-manifest updates, ManifestPush fans out to downstream holders, recipients pull missing post IDs from followed authors. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 20:46:34 -04:00 · 2026-04-21 20:46:34 -04:00 · e6265b52b6
commit e6265b52b6
parent 921a0ec40a
3 changed files with 31 additions and 68 deletions
--- a/crates/core/src/connection.rs
+++ b/crates/core/src/connection.rs
@ -4958,24 +4958,34 @@ impl ConnectionManager {
            }
            MessageType::PostPush => {
                let push: PostPushPayload = read_payload(recv, MAX_PAYLOAD).await?;
-                let cm = conn_mgr.lock().await;
-                let storage = cm.storage.get().await;
-                if !storage.is_deleted(&push.post.id)?
-                    && storage.get_post(&push.post.id)?.is_none()
-                    && crate::content::verify_post_id(&push.post.id, &push.post.post)
-                {
-                    let _ = storage.store_post_with_visibility(
-                        &push.post.id,
-                        &push.post.post,
-                        &push.post.visibility,
-                    );
-                    let prio = storage.get_post_upstreams(&push.post.id).map(|v| v.len() as u8).unwrap_or(0);
-                    let _ = storage.add_post_upstream(&push.post.id, &remote_node_id, prio);
-                    info!(
+                // Encrypted posts are no longer accepted via direct push — they propagate
+                // via the CDN to eliminate the sender→recipient traffic signal.
+                if !matches!(push.post.visibility, crate::types::PostVisibility::Public) {
+                    debug!(
                        peer = hex::encode(remote_node_id),
                        post_id = hex::encode(push.post.id),
-                        "Received direct post push"
+                        "Ignoring non-public PostPush"
                    );
+                } else {
+                    let cm = conn_mgr.lock().await;
+                    let storage = cm.storage.get().await;
+                    if !storage.is_deleted(&push.post.id)?
+                        && storage.get_post(&push.post.id)?.is_none()
+                        && crate::content::verify_post_id(&push.post.id, &push.post.post)
+                    {
+                        let _ = storage.store_post_with_visibility(
+                            &push.post.id,
+                            &push.post.post,
+                            &push.post.visibility,
+                        );
+                        let prio = storage.get_post_upstreams(&push.post.id).map(|v| v.len() as u8).unwrap_or(0);
+                        let _ = storage.add_post_upstream(&push.post.id, &remote_node_id, prio);
+                        info!(
+                            peer = hex::encode(remote_node_id),
+                            post_id = hex::encode(push.post.id),
+                            "Received direct post push"
+                        );
+                    }
                }
            }
            MessageType::AudienceRequest => {