pub enum RejectKind {
UnknownCommitment,
Transient,
Protocol,
}Expand description
Why a responder rejected an audit challenge, in a form the auditor can act on without string-matching.
The distinction matters for accounting: a responder that no longer RETAINS the pinned commitment may simply have rotated past it legitimately — the auditor can pin a root it gossiped a while ago, or one whose newer replacements the auditor never observed (retention is capped at the last two gossiped roots, so a peer that rotated several times within the answerability window can honestly drop an older one). That is NOT provable misbehaviour, so it is GRACED like a timeout. Every other rejection is a genuine protocol fault the auditor confirms.
Self-grace is bounded and does not preserve stale credit. A Byzantine
peer can deliberately claim UnknownCommitment/Transient to dodge the
confirmed-failure trust penalty. But the auditor still REVOKES the holder
credit for the PINNED commitment on any graced rejection (it answered and
could not prove possession now — see the credit revocation in
storage_commitment_audit’s rejection handling). The revocation is scoped to
the pinned commitment hash, so it strips exactly the credit for the root the
peer would not prove without touching credit it legitimately re-earned for a
newer commitment. Lying therefore does not let a deleter keep “proven holder”
status for that root until the credit TTL — the loophole a plain timeout
would leave. A peer that self-graces on every audit remains uncredited for the
pinned commitments it refuses to prove; an honest peer that genuinely rotated
simply re-earns credit on the next audit of its current commitment. The grace
removes only the false TRUST PENALTY for the genuinely-ambiguous
rotated/transient case; it does not remove the possession requirement.
Variants§
UnknownCommitment
The responder does not retain the pinned commitment (rotated past it). GRACED — indistinguishable from legitimate rotation the auditor missed.
Transient
A transient, recoverable condition on the responder (e.g. a storage read error) that is NOT evidence of missing data. GRACED like a timeout so a flaky disk never manufactures a confirmed possession failure.
Protocol
Any other rejection (wrong target peer, no commitment state, malformed proof plan, oversized byte challenge, …). CONFIRMED failure.
Implementations§
Source§impl RejectKind
impl RejectKind
Sourcepub fn is_graced(self) -> bool
pub fn is_graced(self) -> bool
Whether the auditor should GRACE this rejection (treat like a timeout — no confirmed penalty, no holder-credit revocation) rather than confirm it. Only genuine protocol faults are confirmed; rotation/transient conditions are graced because they are not provable misbehaviour.
Trait Implementations§
Source§impl Clone for RejectKind
impl Clone for RejectKind
Source§fn clone(&self) -> RejectKind
fn clone(&self) -> RejectKind
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreimpl Copy for RejectKind
Source§impl Debug for RejectKind
impl Debug for RejectKind
Source§impl<'de> Deserialize<'de> for RejectKind
impl<'de> Deserialize<'de> for RejectKind
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
impl Eq for RejectKind
Source§impl PartialEq for RejectKind
impl PartialEq for RejectKind
Source§fn eq(&self, other: &RejectKind) -> bool
fn eq(&self, other: &RejectKind) -> bool
self and other values to be equal, and is used by ==.Source§impl Serialize for RejectKind
impl Serialize for RejectKind
impl StructuralPartialEq for RejectKind
Auto Trait Implementations§
impl Freeze for RejectKind
impl RefUnwindSafe for RejectKind
impl Send for RejectKind
impl Sync for RejectKind
impl Unpin for RejectKind
impl UnsafeUnpin for RejectKind
impl UnwindSafe for RejectKind
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
impl<'de, T> BorrowedRpcObject<'de> for T
impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more