mnem-transport 0.1.6

Offline transport for mnem: CAR v1 export/import of content-addressed subtrees.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

//! Transport-layer error type.
//!
//! Kept deliberately coarse-grained: callers distinguish between "the
//! CAR bytes were malformed" (`Car`), "the blockstore refused a block"
//! (`Store`), and "the underlying I/O stream failed" (`Io`). Richer
//! context rides in the variant strings.

use thiserror::Error;

use mnem_core::error::{CodecError, StoreError};
use mnem_core::id::Cid;

/// Errors raised by CAR export / import.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum TransportError {
    /// The CAR bytes were malformed (bad header, truncated block,
    /// invalid varint, wrong CAR version).
    #[error("car: {0}")]
    Car(String),

    /// A block inside an imported CAR did not hash to the CID it
    /// claimed. The caller's CAR is untrusted input; this is rejected
    /// instead of silently accepting corrupt blocks.
    #[error("cid mismatch: claimed {claimed}, computed {computed}")]
    CidMismatch {
        /// CID the CAR asserted for the block.
        claimed: Cid,
        /// CID the importer computed from the payload bytes.
        computed: Cid,
    },

    /// A block's CID used a hash algorithm this build does not know how
    /// to recompute. Currently only SHA-256 and BLAKE3-256 are verified
    /// on import; anything else is rejected.
    #[error("unsupported hash algorithm: {0:#x}")]
    UnsupportedHash(u64),

    /// The CAR header advertised a root CID that was not present in any
    /// block actually delivered in the body. Rejected so a downstream
    /// caller can't be deceived into walking a non-existent root.
    #[error("declared root not present in body: {root}")]
    MissingRoot {
        /// Root CID that appeared in the header but never arrived.
        root: Cid,
    },

    /// Total block-payload bytes exceeded the import-time cap. Rejected
    /// mid-stream before the excess data reaches the blockstore.
    #[error("import exceeded size limit: {observed} > {limit} bytes")]
    SizeLimit {
        /// Cap requested by the caller (bytes).
        limit: u64,
        /// Observed total at the moment of rejection (bytes).
        observed: u64,
    },

    /// Wrapped [`CodecError`] from the underlying DAG-CBOR codec
    /// (header decode, link extraction).
    #[error("codec: {0}")]
    Codec(#[from] CodecError),

    /// Wrapped [`StoreError`] from the target blockstore.
    #[error("store: {0}")]
    Store(#[from] StoreError),

    /// Wrapped [`std::io::Error`] from the underlying byte stream.
    #[error("io: {0}")]
    Io(#[from] std::io::Error),
}

/// Errors raised by the async HTTP `RemoteClient` (only meaningful
/// with the `client` feature). Kept separate from [`TransportError`]
/// so the pure-sync CAR surface stays free of async / reqwest types.
///
/// Variants split the failure modes a caller cares about:
///
/// - `Network` - the HTTP request never reached a response (DNS, TLS,
///   connect, body-read mid-flight). Retryable at the caller's
///   discretion.
/// - `Framing` - the response arrived but the CAR body was malformed.
///   Not retryable on the same URL without a server fix; wraps the
///   pure-sync [`TransportError`].
/// - `CasMismatch` - the server rejected `advance-head` because the
///   stored `old` CID no longer matches the one the client sent.
///   Caller must refresh refs and retry.
/// - `Auth` - 401 / 403 on a push endpoint. The bearer token is
///   missing, expired, or lacks the required capability.
/// - `Protocol` - the server responded with an unexpected status
///   code, missing header, or a `mnem-protocol` version mismatch.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum ClientError {
    /// Underlying HTTP request failed before a complete response was
    /// received (connect, TLS handshake, mid-body socket close, ...).
    #[error("network: {0}")]
    Network(String),

    /// CAR body received but failed framing / CID verification.
    #[error("framing: {0}")]
    Framing(#[from] TransportError),

    /// `advance-head` rejected: the stored `old` value drifted between
    /// the client's read and its write. Caller refreshes refs and
    /// retries.
    #[error(
        "cas mismatch on ref {ref_name:?}: expected old={expected}, server reports actual={actual}"
    )]
    CasMismatch {
        /// Ref name the client tried to advance (e.g. `main`).
        ref_name: String,
        /// `old` CID the client sent.
        expected: Cid,
        /// `old` CID the server actually holds.
        actual: Cid,
    },

    /// 401 / 403 on a push endpoint. The bearer token is missing,
    /// expired, or lacks the required capability.
    #[error("auth failed: {0}")]
    Auth(String),

    /// Server responded with an unexpected status code, missing
    /// header, or `mnem-protocol` version mismatch.
    #[error("protocol: {0}")]
    Protocol(String),

    /// JSON serialisation or deserialisation failed. Only raised by
    /// the `client` feature.
    #[cfg(feature = "client")]
    #[error("serde: {0}")]
    Serde(String),
}

#[cfg(feature = "client")]
impl From<reqwest::Error> for ClientError {
    fn from(e: reqwest::Error) -> Self {
        // `reqwest::Error` carries enough context in its Display impl
        // to diagnose connect / TLS / body-read failures.
        Self::Network(e.to_string())
    }
}

#[cfg(feature = "client")]
impl From<serde_json::Error> for ClientError {
    fn from(e: serde_json::Error) -> Self {
        Self::Serde(e.to_string())
    }
}