fix(dm): send after restart + real chat delete (v0.2.3)#9
Merged
Conversation
Two restart-related bugs reported from the field:
1. Could receive but not send after a restart. On reconnect the mesh
re-delivers already-consumed MLS messages; decrypting them fails by design
("secret deleted to preserve forward secrecy") because the in-memory
replay-dedup set is cleared on restart. send_message drains inbound first,
so that expected error propagated out of the send. drain_inbound now drops
an undecryptable/replayed frame and continues instead of aborting.
2. Closing a chat (the X) only removed it from memory, so it reappeared after a
restart. close_session now also purges the persisted session record, MLS
snapshot and messages (new Persistence::delete_session) and the UI asks for
confirmation first (destructive).
Tests: crypto restore-and-send across a generation advance for both roles;
persistence delete_session; UI confirm path. The timing-flaky real-network
handshake tests (joiner/exchange/smoke) are marked #[ignore] and run on demand
(`cargo test -- --ignored`) so they no longer redden CI; deterministic crypto +
runtime persistence tests retain coverage.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two restart bugs from the field, plus the destructive-delete confirmation.
1. Could receive but not send after restart
On reconnect the mesh re-delivers already-consumed MLS messages; decrypting them fails by design (
secret deleted to preserve forward secrecy) because the in-memory replay-dedup set is cleared on restart.send_messagedrains inbound first, so that expected error propagated out of the send.drain_inboundnow drops an undecryptable/replayed frame and continues.2. Deleting a chat didn't stick
Closing only removed it from memory → it returned on next launch.
close_sessionnow purges the persisted record + MLS snapshot + messages (Persistence::delete_session), and the UI confirms first.Tests
mls_crypto: restore-and-send across a generation advance, both roles (deterministic).persistence::delete_session_removes_record_snapshot_and_messages.#[ignore](run withcargo test -- --ignored). They depend on the loopback/NAT handshake, which is itself unreliable (same root as the user'sconnected_peers=0flapping). Deterministic crypto + runtime persistence tests retain coverage.Local: fmt ✓ · clippy
-D warnings✓ · nextest 63 passed (1 unrelated flaky recovered), 5 skipped · tsc ✓ · vitest 47/47.🤖 Generated with Claude Code