Merge branch 'main' into respond_at_commit

achamayou · web-flow · commit b8cefa97d45d · 2026-03-06T09:36:34.000Z
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -5,7 +5,7 @@
 
 **Key directories**:
 
-- `src/` - Core CCF implementation in C++ (consensus, crypto, kv store, HTTP, TLS, JavaScript runtime), including unit tests in subdirs
+- `src/` - Core CCF implementation in C++ (consensus, crypto, KV store, HTTP, TLS, JavaScript runtime), including unit tests in subdirs
 - `include/ccf/` - Public C++ API headers
 - `tests/` - Python-based end-to-end test suite
 - `python/` - CCF Python SDK and client libraries
@@ -16,8 +16,8 @@
 
 - Coding style is enforced by the `ci-checks.sh` script, which runs clang-format for C++ and black for Python.
 - Linters and static analysis tools are also run as part of CI, clang-tidy for C++ and ruff for Python.
-- Run `ci-checks.sh -f` to automatically run these tools.
-- This tool must run successfully before creating a PR.
+- Run `ci-checks.sh -f` to automatically apply fixes (formatting and supported lint fixes).
+- `ci-checks.sh` must run successfully before any commit is pushed.
 - Match the existing coding style for naming and casing conventions. This is not automatically enforced, so pay attention to surrounding code for guidance.
 - All tests in `ci.yml` must pass before a PR can be merged. Consider which are likely to be affected by your changes and run those locally before pushing.
 - Take particular care with any changes that may affect compatibility with older releases, and ensure these are tested, via the `lts_compatibility` test with `LONG_TESTS=1` enabled.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Added
 
+- Added `ccf::IdentityHistoryNotFetched` exception type to distinguish identity-history-fetching errors from other logic errors in the network identity subsystem (#7708).
 - Added `ccf::describe_cose_receipt_v1(receipt)` to obtain COSE receipts with Merkle proof in unprotected header for non-signature TXs, and empty unprotected header for signature TXs (#7700).
 - `NetworkIdentitySubsystemInterface` now exposes `get_trusted_keys()`, returning all trusted network identity keys as a `TrustedKeys` map (#7690).
 
diff --git a/include/ccf/network_identity_interface.h b/include/ccf/network_identity_interface.h
@@ -5,6 +5,7 @@
 #include "ccf/crypto/ec_public_key.h"
 #include "ccf/node_subsystem_interface.h"
 
+#include <exception>
 #include <map>
 #include <optional>
 #include <string>
@@ -31,6 +32,20 @@ namespace ccf
   /// network identity keys over the history of the service.
   using TrustedKeys = std::map<ccf::SeqNo, ccf::crypto::ECPublicKeyPtr>;
 
+  /// Exception thrown when identity data is requested before the
+  /// asynchronous identity-history-fetching process has completed.
+  struct IdentityHistoryNotFetched : public std::exception
+  {
+    std::string msg;
+
+    IdentityHistoryNotFetched(std::string msg) : msg(std::move(msg)) {}
+
+    [[nodiscard]] const char* what() const noexcept override
+    {
+      return msg.c_str();
+    }
+  };
+
   /// Interface for accessing the network identity subsystem, which manages
   /// the service's cryptographic identity and its historical trusted keys.
   class NetworkIdentitySubsystemInterface : public ccf::AbstractNodeSubSystem
@@ -53,25 +68,27 @@ namespace ccf
     /// or std::nullopt if the chain is not available for the given sequence
     /// number.
     ///
-    /// @throws std::logic_error if endorsement fetching has not completed.
+    /// @throws IdentityHistoryNotFetched if identity history fetching has not
+    /// completed.
     [[nodiscard]] virtual std::optional<CoseEndorsementsChain>
     get_cose_endorsements_chain(ccf::SeqNo seqno) const = 0;
 
     /// Returns the trusted EC public key that was active at the given
     /// sequence number, or nullptr if the sequence number precedes the
     /// earliest known trusted key.
     ///
-    /// @throws std::logic_error if endorsement fetching has not completed
-    /// (i.e. endorsements_fetching_status() != FetchStatus::Done), or if
-    /// no trusted keys have been fetched.
+    /// @throws IdentityHistoryNotFetched if identity history fetching has not
+    /// completed.
+    /// @throws std::logic_error if no trusted keys have been fetched, or if
+    /// internal key resolution is inconsistent.
     [[nodiscard]] virtual ccf::crypto::ECPublicKeyPtr get_trusted_identity_for(
       ccf::SeqNo seqno) const = 0;
 
     /// Returns all trusted network identity keys as a map from sequence
     /// number to EC public key.
     ///
-    /// @throws std::logic_error if endorsement fetching has not completed
-    /// (i.e. endorsements_fetching_status() != FetchStatus::Done).
+    /// @throws IdentityHistoryNotFetched if identity history fetching has not
+    /// completed.
     [[nodiscard]] virtual TrustedKeys get_trusted_keys() const = 0;
   };
 }
diff --git a/src/node/rpc/network_identity_subsystem.h b/src/node/rpc/network_identity_subsystem.h
@@ -144,9 +144,9 @@ namespace ccf
     {
       if (fetch_status.load() != FetchStatus::Done)
       {
-        throw std::logic_error(fmt::format(
-          "COSE endorsements chain requested for seqno {} but endorsement "
-          "fetching has not been completed yet",
+        throw IdentityHistoryNotFetched(fmt::format(
+          "COSE endorsements chain requested for seqno {} but identity "
+          "history fetching has not been completed yet",
           seqno));
       }
 
@@ -186,9 +186,9 @@ namespace ccf
     {
       if (fetch_status.load() != FetchStatus::Done)
       {
-        throw std::logic_error(fmt::format(
-          "Trusted key requested for seqno {} but the fetching has "
-          "not been completed yet",
+        throw IdentityHistoryNotFetched(fmt::format(
+          "Trusted key requested for seqno {} but identity history "
+          "fetching has not been completed yet",
           seqno));
       }
       if (trusted_keys.empty())
@@ -217,8 +217,8 @@ namespace ccf
     {
       if (fetch_status.load() != FetchStatus::Done)
       {
-        throw std::logic_error(
-          "Trusted keys requested but endorsements/key fetching has not "
+        throw IdentityHistoryNotFetched(
+          "Trusted keys requested but identity history fetching has not "
           "completed yet");
       }
       return trusted_keys;

Original file line number	Diff line number	Diff line change
`@@ -144,9 +144,9 @@ namespace ccf`
`144`	`144`	`{`
`145`	`145`	`if (fetch_status.load() != FetchStatus::Done)`
`146`	`146`	`{`
`147`		`- throw std::logic_error(fmt::format(`
`148`		`- "COSE endorsements chain requested for seqno {} but endorsement "`
`149`		`- "fetching has not been completed yet",`
	`147`	`+ throw IdentityHistoryNotFetched(fmt::format(`
	`148`	`+ "COSE endorsements chain requested for seqno {} but identity "`
	`149`	`+ "history fetching has not been completed yet",`
`150`	`150`	`seqno));`
`151`	`151`	`}`
`152`	`152`
`@@ -186,9 +186,9 @@ namespace ccf`
`186`	`186`	`{`
`187`	`187`	`if (fetch_status.load() != FetchStatus::Done)`
`188`	`188`	`{`
`189`		`- throw std::logic_error(fmt::format(`
`190`		`- "Trusted key requested for seqno {} but the fetching has "`
`191`		`- "not been completed yet",`
	`189`	`+ throw IdentityHistoryNotFetched(fmt::format(`
	`190`	`+ "Trusted key requested for seqno {} but identity history "`
	`191`	`+ "fetching has not been completed yet",`
`192`	`192`	`seqno));`
`193`	`193`	`}`
`194`	`194`	`if (trusted_keys.empty())`
`@@ -217,8 +217,8 @@ namespace ccf`
`217`	`217`	`{`
`218`	`218`	`if (fetch_status.load() != FetchStatus::Done)`
`219`	`219`	`{`
`220`		`- throw std::logic_error(`
`221`		`- "Trusted keys requested but endorsements/key fetching has not "`
	`220`	`+ throw IdentityHistoryNotFetched(`
	`221`	`+ "Trusted keys requested but identity history fetching has not "`
`222`	`222`	`"completed yet");`
`223`	`223`	`}`
`224`	`224`	`return trusted_keys;`