Skip to content

cli: verify previous transition hash on SetManifest#2189

Open
davidweisse wants to merge 1 commit intodav/expose-transitionsfrom
dav/set-verify-transition-hash
Open

cli: verify previous transition hash on SetManifest#2189
davidweisse wants to merge 1 commit intodav/expose-transitionsfrom
dav/set-verify-transition-hash

Conversation

@davidweisse
Copy link
Member

@davidweisse davidweisse commented Feb 17, 2026

We want to ensure that a SetManifest call only succeeds if the Coordinator is in an expected state, i.e., has the expected manifest history. For this, we pass the latest transition hash to contrast set and verify on the Coordinator side that it matches the current state before updating the manifest.

This means that, when the --atomic flag is set, subsequent calls to contrast set will fail because the transition hash changes. Before each contrast set the transition hash has to be obtained with contrast verify to ensure the CLI is aware of the current Coordinator state when setting a new manifest.

The PreviousTransitionHash field in the request is only checked if not nil, i.e., --atomic is not set. If --atomic is set on the first SetManifest call, the field is set to the all zero string (not nil), since we cannot default to nil if verify/latest-transition is not present. To the coordinator this would just seem as if --atomic is not set.

@davidweisse davidweisse added the breaking change A user-affecting breaking change label Feb 17, 2026
@burgerdev burgerdev self-assigned this Feb 18, 2026
@davidweisse davidweisse force-pushed the dav/expose-transitions branch from 475e720 to d6fdaad Compare February 23, 2026 11:49
@davidweisse davidweisse force-pushed the dav/set-verify-transition-hash branch from 63de6e1 to 4edf5ea Compare February 23, 2026 14:58
@davidweisse davidweisse added changelog PRs that should be part of the release notes and removed breaking change A user-affecting breaking change labels Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

changelog PRs that should be part of the release notes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants