Skip to content

fix: require strict session receipts on all paid success paths#371

Merged
Slokh merged 9 commits intomainfrom
fix/pr-349-receipt-strictness
Mar 23, 2026
Merged

fix: require strict session receipts on all paid success paths#371
Slokh merged 9 commits intomainfrom
fix/pr-349-receipt-strictness

Conversation

@Slokh
Copy link
Collaborator

@Slokh Slokh commented Mar 23, 2026
edited
Loading

Follow up fixes to #349

Summary

This PR enforces strict session Payment-Receipt validation for every successful paid session path, including reused persisted sessions. It removes warning-only handling and makes missing/malformed receipts and invalid spent semantics deterministic protocol errors.

What Changed

  • Enforced required Payment-Receipt handling on successful paid responses in open/session flow paths.
  • Enforced strict receipt validation in streaming paths (response header, SSE payment-receipt event, voucher HEAD/POST updates, and top-up responses).
  • Required valid spent semantics (spent present, parseable, and <= acceptedCumulative) across all strict receipt paths.
  • Preserved conservative local channel state when a paid top-up response succeeds but strict receipt validation fails.
  • Consolidated strict receipt parsing/validation/error helpers into receipt.rs.
  • Updated session test harness behavior so success paths return receipts by default, while strict-failure scenarios remain explicitly testable.
  • Added/updated integration coverage for reused-session strictness, strict open failures, strict top-up failures, and strict streaming receipt handling.

Diff Scope

  • .changelog/strict-session-receipt-enforcement.md
  • crates/tempo-request/src/payment/session/flow.rs
  • crates/tempo-request/src/payment/session/receipt.rs
  • crates/tempo-request/src/payment/session/streaming.rs
  • crates/tempo-request/tests/session/harness.rs
  • crates/tempo-request/tests/session/spec_alignment.rs
  • crates/tempo-request/tests/session/streaming.rs

Behavior Change

  • Reused persisted sessions no longer have permissive warning-only receipt handling.
  • Successful paid responses without a valid session receipt now fail.

Validation

  • make check

@github-actions
Copy link
Contributor

github-actions bot commented Mar 23, 2026
edited
Loading

✅ Changelog found on PR.

Edit changelog

@Slokh Slokh changed the title fix: strict session receipt spent validation for new channels fix: strict session receipt enforcement across streaming paid paths Mar 23, 2026
@Slokh Slokh marked this pull request as ready for review March 23, 2026 21:12
@Slokh Slokh changed the title fix: strict session receipt enforcement across streaming paid paths fix: harden strict session receipts and close reconciliation Mar 23, 2026
Slokh and others added 4 commits March 23, 2026 17:38
@Slokh Slokh force-pushed the fix/pr-349-receipt-strictness branch from 5479030 to f14ea5f Compare March 23, 2026 21:38
@Slokh Slokh changed the title fix: harden strict session receipts and close reconciliation fix: harden strict session receipt handling and recovery Mar 23, 2026
@Slokh Slokh changed the title fix: harden strict session receipt handling and recovery fix: enforce strict session receipts across all sessions Mar 23, 2026
@Slokh Slokh changed the title fix: enforce strict session receipts across all sessions fix: require strict session receipts on all paid success paths Mar 23, 2026
@Slokh Slokh merged commit cf5f5a7 into main Mar 23, 2026
10 checks passed
@Slokh Slokh deleted the fix/pr-349-receipt-strictness branch March 23, 2026 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Slokh