feat: validate received headers were actually requested

[xdustinface]

Reject headers in SegmentState::receive_headers if the coordinator
does not recognize the prev_hash as an in-flight request. Returns an InvalidState error instead of silently processing unexpected responses.

Also adjust the post-sync processing to allow for unrequested headers since we don't request post-sync headers, they get announced.

Summary by CodeRabbit

• Bug Fixes

  • Strengthened header validation: rejects unrequested headers and headers for already-completed segments, preventing them from being buffered.

• Behavior Changes

  • Tip segments can be reset to accept unsolicited post-sync headers: such headers are marked in-flight, completion is cleared, and they are buffered for storage in order.

• Tests

  • Added tests covering unrequested headers rejection and completed-segment handling.

[coderabbitai]

Warning

Rate limit exceeded

@xdustinface has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 11 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

Reject unrequested or post-checkpoint headers in SegmentState::receive_headers, make tip segment accept unsolicited post-sync headers by resetting completion and marking them in-flight, expose current_tip_hash as pub(super), and add unit tests covering these behaviors.

Changes

Cohort / File(s)	Summary
Segment state validation & tests dash-spv/src/sync/block_headers/segment_state.rs	Added guards in receive_headers to: reject headers for already-completed segments (return SyncError::InvalidState), reject headers whose prev_hash was not requested (return SyncError::InvalidState), and changed current_tip_hash visibility to pub(super). Added tests test_unrequested_headers_returns_error and test_completed_segment_rejects_new_headers.
Tip-segment post-sync handling & test dash-spv/src/sync/block_headers/pipeline.rs	When a post-sync header arrives for a completed tip segment (no target_height), mark it in-flight via coordinator.mark_sent(prev_hash), clear the complete flag, set next_to_store to the segment index, buffer the header for storage, and emit a debug message. Added a unit test verifying this flow.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hop through headers, ears alert and bright,
If prev_hash wasn't asked — I tuck it out of sight.
For finished tips I reset and take the chore,
Buffering the chain, then hop to store. 🥕

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main objective of the pull request: adding validation to ensure received headers were actually requested by the coordinator.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into v0.42-dev

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/validate-received-headers

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

This PR has merge conflicts with the base branch. Please rebase or merge the base branch into your branch to resolve them.