fix(downgrade): block during protected array shrink#2698
Conversation
WalkthroughThe downgrade flow now prevents overlapping downgrade requests and blocks downgrades while parity-protected shrink activity is detected. A reusable guard module constructs and checks proof-file paths, with tests covering idle and active states. ChangesDowngrade protection
Estimated code review effort: 3 (Moderate) | ~15–30 minutes Sequence Diagram(s)sequenceDiagram
participant Downgrade
participant Marker
participant ShrinkGuard
Downgrade->>Marker: create exclusive marker
Marker-->>Downgrade: allow or report existing marker
Downgrade->>ShrinkGuard: check protected shrink files
ShrinkGuard-->>Downgrade: report active or idle state
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
🔧 PR Test Plugin AvailableA test plugin has been generated for this PR that includes the modified files. Version: 📥 Installation Instructions:Install via Unraid Web UI:
Alternative: Direct Download
|
There was a problem hiding this comment.
🧹 Nitpick comments (1)
emhttp/plugins/dynamix.plugin.manager/tests/parity_protected_shrink_guard_test.php (1)
28-28: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueUse double quotes for newline escape sequences.
The string
'stage=prepared\n'uses single quotes, which means\nis interpreted as literal characters\andnrather than a newline character. While this doesn't impact theis_file()check in this test, it's best to use double quotes if a true newline was intended.🧽 Proposed nitpick
-file_put_contents($testFiles[2], 'stage=prepared\n'); +file_put_contents($testFiles[2], "stage=prepared\n");🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@emhttp/plugins/dynamix.plugin.manager/tests/parity_protected_shrink_guard_test.php` at line 28, Update the file_put_contents call in parity_protected_shrink_guard_test to use a double-quoted string so \n is written as an actual newline, preserving the existing content and test behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In
`@emhttp/plugins/dynamix.plugin.manager/tests/parity_protected_shrink_guard_test.php`:
- Line 28: Update the file_put_contents call in
parity_protected_shrink_guard_test to use a double-quoted string so \n is
written as an actual newline, preserving the existing content and test behavior.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 8e288f21-1229-4663-b6f8-e20811c64a73
📒 Files selected for processing (3)
emhttp/plugins/dynamix.plugin.manager/include/Downgrade.phpemhttp/plugins/dynamix.plugin.manager/include/ParityProtectedShrinkGuard.phpemhttp/plugins/dynamix.plugin.manager/tests/parity_protected_shrink_guard_test.php
Summary
An OS downgrade can strand a parity-protected array shrink on a release that cannot recover it; this adds an exclusive downgrade marker and blocks downgrade staging while any Core intent or daemon proof exists.
Why This Exists
The protected shrink protocol spans Core and emhttpd and remains recoverable across host restarts. Downgrading either side during that transaction could remove the code that understands the durable recovery records, so downgrade must participate in the same fail-closed transaction boundary.
Resolution
Downgrade.php now creates an exclusive runtime marker before it inspects persistent state. Core and emhttpd reject protected-shrink work while the marker exists. If the production Core intent or any daemon proof is present, WebGUI removes the marker and returns HTTP 409 without moving boot artifacts.
Reviewer Considerations
Behavior Changes
Implementation Summary
Verification
Risk
Low code volume but safety-critical ordering. The marker is transient and fail-closed; deployment must follow the documented daemon-first sequence.
Summary by CodeRabbit
Bug Fixes
Tests