You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Two state-transition paths coexist: the canonical per-device DeviceState::advance / advance_relationship path, and an older State-based path (transition::apply_transition, RelationshipManager::execute_relationship_transition, BilateralTransactionManager::execute_bilateral_transaction).
The older relationship.rsapply_transition performs no signature, balance, or token-consistency checks.
Severity: Low (cleanup). The older transition-execution machinery is not reachable from any live
SDK/JNI/bridge/Android/frontend code — it is wired only into a SDK example and integration tests. Production
uses only the free helpers compute_smt_key / initial_chain_tip_from_device_ids from that module. Per repo
zero-legacy policy this is dead protocol-bearing code that should be removed before someone wires it into a live
path (which would jump it to High).
Reachability — older execution path is dead in prod: execute_bilateral_transaction callers are only the #[cfg(test)] module (bilateral_transaction_manager.rs:1814,1865), the SDK example dsm_sdk/examples/bilateral_transaction_example.rs:313,326, and integration tests dsm/tests/bilateral_transaction_integration_tests.rs. Live SDK uses prepare_advance_relationship + commit_advance (dsm_sdk/src/sdk/core_sdk.rs:856/933/1233, dsm_sdk/src/bluetooth/bilateral_ble_handler.rs:4876-4880).
Delete BilateralTransactionManager::execute_bilateral_transaction / exec_offline / exec_online / execute_transition_bytes, keeping only the live free functions (compute_smt_key, initial_chain_tip_from_device_ids, SMT-replace/anchor helpers).
Delete BilateralStateManager::execute_transition_bytes, RelationshipManager::execute_relationship_transition,
and relationship.rs's local apply_transition (:657).
Delete transition::apply_transition/create_next_state once their tests are removed (verify still-live
exports are untouched).
Rewrite the SDK example + integration tests against the canonical prepare_advance_relationship/commit_advance API.
If full deletion is too large for one change, gate the entire older module behind #[cfg(test)] / a non-default
feature so no shippable build can reach it.
Summary
Two state-transition paths coexist: the canonical per-device
DeviceState::advance/advance_relationshippath, and an olderState-based path (transition::apply_transition,RelationshipManager::execute_relationship_transition,BilateralTransactionManager::execute_bilateral_transaction).The older
relationship.rsapply_transitionperforms no signature, balance, or token-consistency checks.Severity: Low (cleanup). The older transition-execution machinery is not reachable from any live
SDK/JNI/bridge/Android/frontend code — it is wired only into a SDK example and integration tests. Production
uses only the free helpers
compute_smt_key/initial_chain_tip_from_device_idsfrom that module. Per repozero-legacy policy this is dead protocol-bearing code that should be removed before someone wires it into a live
path (which would jump it to High).
Evidence (
dsm_client/deterministic_state_machine/)dsm/src/core/state_machine/mod.rs:163(prepare_advance_relationship),:216(
commit_advance);dsm/src/types/device_state.rs:457(DeviceState::advance, enforces token consistencywith
checked_add/checked_sub).dsm/src/core/state_machine/relationship.rs:657(apply_transition— clones state, swapsop/entropy, rehashes; no op-level validation);
:538(execute_relationship_transition);dsm/src/core/state_machine/transition.rs:774(apply_transition),:881(create_next_state);dsm/src/core/bilateral_transaction_manager.rs:874(execute_bilateral_transaction).execute_bilateral_transactioncallers are only the#[cfg(test)]module (bilateral_transaction_manager.rs:1814,1865), the SDK exampledsm_sdk/examples/bilateral_transaction_example.rs:313,326, and integration testsdsm/tests/bilateral_transaction_integration_tests.rs. Live SDK usesprepare_advance_relationship+commit_advance(dsm_sdk/src/sdk/core_sdk.rs:856/933/1233,dsm_sdk/src/bluetooth/bilateral_ble_handler.rs:4876-4880).create_next_stateis now fail-closed on incoming unilateral transfers (transition.rs:907-924, theIssue core/state_machine: relationship keys still use Base32 text and unilateral receive can skip local signature verification #194 fix), so that specific looseness is already addressed; the genuine remaining looseness is the
relationship.rsapply_transitionhelper.Fix (cleanup, delete legacy)
BilateralTransactionManager::execute_bilateral_transaction/exec_offline/exec_online/execute_transition_bytes, keeping only the live free functions (compute_smt_key,initial_chain_tip_from_device_ids, SMT-replace/anchor helpers).BilateralStateManager::execute_transition_bytes,RelationshipManager::execute_relationship_transition,and
relationship.rs's localapply_transition(:657).transition::apply_transition/create_next_stateonce their tests are removed (verify still-liveexports are untouched).
prepare_advance_relationship/commit_advanceAPI.#[cfg(test)]/ a non-defaultfeature so no shippable build can reach it.
Affected files
dsm_client/deterministic_state_machine/dsm/src/core/state_machine/{mod.rs,transition.rs,relationship.rs,bilateral.rs}dsm_client/deterministic_state_machine/dsm/src/core/bilateral_transaction_manager.rsdsm_client/deterministic_state_machine/dsm_sdk/examples/bilateral_transaction_example.rsdsm_client/deterministic_state_machine/dsm/tests/bilateral_transaction_integration_tests.rs