Alan-Jowett / sonde / 26543495002
82%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 130
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 82.548% (+0.04%) from 82.507%
26543495002

push

github

web-flow 
feat(gateway): implement declarative node recovery engine (GW-2009, GW-2013) (#1070)

* :feat(gateway): implement declarative node recovery engine (GW-2009, GW-2013)

Implement the declarative node recovery flow from evolve-962 section 2.8:

- Add `MissingKeyHintTracker` to `Gateway` -- bounded LRU set (max 256
  entries, 60s rate limit per `key_hint`) for reporting unknown key_hints
  in gateway ACTUAL_STATE `missing_key_hints` field.

- Add trial authentication in `process_frame_with_rssi` -- when no known
  node matches a frame's `key_hint`, look up `pending_recovery` candidates,
  decrypt each escrowed PSK with the master key into zeroized memory, and
  trial-decrypt the frame. On success, promote the node via `upsert_node`
  and delete from `pending_recovery`.

- Process `recovered_psks` in `RotationEngine::handle_desired_state` --
  validate `master_key_id` matches the gateway's current key, insert
  matching records into the `pending_recovery` table.

- Add startup and periodic (hourly) expiry of stale `pending_recovery`
  records older than 24 hours.

- Wire `set_sqlite_storage` in the gateway binary for typed
  `pending_recovery` access from the engine.

- Expand gateway-design.md section 23.8 with implementation detail.

Tests: T-2006 (full recovery cycle), T-2006a (wrong PSK not promoted),
T-2006b (mismatched `master_key_id` skipped), plus `MissingKeyHintTracker`
unit tests. T-2010 (purge on rotation) was already on main.

Closes #1056

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* fix: return `Zeroizing<[u8; 32]>` from `decrypt_psk_with_master_key`

Change the public PSK decryption wrapper to return `Zeroizing`-wrapped
key material instead of raw bytes, ensuring automatic zeroization on drop
without relying on callers to wrap it manually.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com... (continued)

176 of 235 new or added lines in 4 files covered. (74.89%)

66 existing lines in 3 files now uncovered.

39080 of 47342 relevant lines covered (82.55%)

240.79 hits per line

Uncovered Changes

Lines Coverage File
34
83.36
 -0.95% crates/sonde-gateway/src/engine.rs
18
72.31
 -0.57% crates/sonde-gateway/src/bin/gateway.rs
5
91.79
 4.15% crates/sonde-gateway/src/rotation_engine.rs
2
83.01
 0.23% crates/sonde-gateway/src/sqlite_storage.rs

Coverage Regressions

Lines Coverage File
41
91.79
 4.15% crates/sonde-gateway/src/rotation_engine.rs
16
75.41
 -1.26% crates/sonde-gateway/src/storage.rs
9
83.01
 0.23% crates/sonde-gateway/src/sqlite_storage.rs
Jobs
ID Job ID Ran Files Coverage
1 26543495002.1 130
82.55
 GitHub Action Run
Source Files on build 26543495002