Add graph-storage crate#4198
Draft
TrueDoctor wants to merge 6 commits into
Draft
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces the graph-storage crate, which provides a delta-based graph representation for the Graphite file format, including CRDT/delta computation, conversion utilities, and round-trip tests. It also cleans up legacy migrations in graph-craft and updates MemoHash to compare values instead of hashes. The review feedback highlights a potential DoS/OOM vulnerability when resizing the exports vector with unvalidated slot indices, suggests optimizing the O(N^2) pairwise comparison in order_consistent to O(N log N) by sorting, and recommends using into_iter().next() instead of drain(..).next() for idiomatic element extraction.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Keavon
force-pushed
the
upstream-graph-storage
branch
from
21ab02a to
2350854
Compare
TrueDoctor
force-pushed
the
upstream-graph-storage
branch
from
2350854 to
6dda108
Compare
TrueDoctor
force-pushed
the
upstream-graph-storage
branch
from
6811f03 to
9b01dd2
Compare
Member
Author
|
@cubic-ai-dev |
Contributor
@TrueDoctor I have started the AI code review. It will take a few minutes to complete. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
9 issues found across 26 files
Confidence score: 2/5
- There are multiple high-confidence, user-impacting regressions (sev 7–8) across hashing, graph diffing, and serialization, so merge risk is currently high rather than routine.
- Most severe:
node-graph/libraries/core-types/src/memo.rsmakesMemoHashequality ignorehashwhileHashstill includes it, which can violate hash collection invariants and cause incorrect map/set behavior. - Several storage/runtime paths risk dropped or corrupted data: missed network/export diffs in
document/graph-storage/src/delta.rs, omitted export-only resources indocument/graph-storage/src/from_runtime.rs, and silent truncation indocument/graph-storage/src/to_runtime.rswheninputslengths differ. - Pay close attention to
node-graph/libraries/core-types/src/memo.rs,document/graph-storage/src/delta.rs,document/graph-storage/src/from_runtime.rs,document/graph-storage/src/to_runtime.rs, andnode-graph/libraries/resources/src/lib.rs- they contain the highest-likelihood correctness and round-trip integrity risks.
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
TrueDoctor
force-pushed
the
upstream-graph-storage
branch
from
49f9dee to
05848ee
Compare
Contributor
There was a problem hiding this comment.
11 issues found across 19 files
Confidence score: 2/5
- Multiple high-severity, high-confidence data-integrity risks make this PR risky to merge as-is, especially in core graph storage/CRDT paths (
document/graph-storage/src/attributes.rs,document/graph-storage/src/to_runtime.rs,document/graph-storage/src/crdt.rs,document/graph-storage/src/ids.rs). - The most severe issue is inconsistent
Priorityequality/ordering/hashing indocument/graph-storage/src/attributes.rs, which can breakHashMap/BTree*behavior and lead to hard-to-debug corruption-like behavior. - There are additional concrete regression risks affecting user-visible state correctness: duplicate node IDs can silently collapse nodes during runtime reconstruction, deletes can be resurrected without tombstones, and non-canonical
Revhashing can make identical deltas produce different IDs. - Pay close attention to
document/graph-storage/src/attributes.rs,document/graph-storage/src/to_runtime.rs,document/graph-storage/src/crdt.rs,document/graph-storage/src/ids.rs,document/graph-storage/src/session.rs,document/graph-storage/src/delta.rs,document/graph-storage/src/model.rs- core invariants and history/diff behavior can diverge from expected graph state.
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
TrueDoctor
force-pushed
the
upstream-graph-storage
branch
from
1fcc880 to
02ff474
Compare
Contributor
There was a problem hiding this comment.
3 issues found across 19 files
Confidence score: 3/5
- There is meaningful regression risk in
document/graph-storage/src/session.rs: the unconditional registry reset can drop visible hot-zone edits and desynchronize working state fromhot_logwhen unretired ops are present, which is user-facing state integrity impact. document/graph-storage/src/session.rsalso has a fallible path incommit_opsthat currently usesassert!for missing parents, so malformed or unexpected input could panic the app instead of returning an error.document/graph-storage/src/ids.rsderivingDefaultforLamportClockintroduces an ambiguous/invalid construction path without an explicitPeerId; this is moderate API correctness risk rather than an immediate blocker.- Pay close attention to
document/graph-storage/src/session.rs,document/graph-storage/src/ids.rs- state rebuild correctness, panic-free error handling, and explicit clock initialization need validation before merge.
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
…corruption, drop LamportClock Default
Contributor
There was a problem hiding this comment.
5 issues found across 19 files
Confidence score: 2/5
- There are concrete regression risks in core behavior:
document/graph-storage/src/document.rscan drop the root delta in history iteration, which can break history-based restoration when a removal happens at the root commit. document/graph-storage/src/to_runtime.rslacks same-network validation during node-reference remapping, so cross-network references may be converted into wrong or dangling runtime IDs instead of failing fast.- Additional medium-severity correctness issues in
document/graph-storage/src/attributes.rs(finite-value invariant bypass forPriority) anddocument/graph-storage/src/delta.rs(nondeterministic diffs fromHashSetiteration) increase the chance of inconsistent state and revision behavior. - Pay close attention to
document/graph-storage/src/document.rs,document/graph-storage/src/to_runtime.rs,document/graph-storage/src/attributes.rs, anddocument/graph-storage/src/delta.rs- they contain the highest-impact correctness and determinism risks before merge.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="document/graph-storage/src/attributes.rs">
<violation number="1" location="document/graph-storage/src/attributes.rs:113">
P2: `Priority` exposes its inner `f64`, so callers/deserialization can bypass the finite-value invariant enforced by `Priority::new`. Make invalid states unrepresentable by preventing direct construction and validating deserialization.</violation>
</file>
<file name="document/graph-storage/src/document.rs">
<violation number="1" location="document/graph-storage/src/document.rs:457">
P1: History iterator drops the root delta because `?` short-circuits before `Some(delta)`. This breaks history-based restoration when the relevant removal is at the root commit.</violation>
</file>
<file name="document/graph-storage/src/delta.rs">
<violation number="1" location="document/graph-storage/src/delta.rs:12">
P2: Diff generation is nondeterministic because it iterates `HashSet` differences/intersections. This makes identical state transitions produce different commit sequences and revision IDs across runs.</violation>
</file>
<file name="document/graph-storage/src/to_runtime.rs">
<violation number="1" location="document/graph-storage/src/to_runtime.rs:99">
P2: Per-network conversion does repeated full-map scans of `node_instances`, causing avoidable quadratic work on nested/large graphs. This can noticeably slow full rebuilds.</violation>
<violation number="2" location="document/graph-storage/src/to_runtime.rs:228">
P1: Node-reference remapping lacks a same-network validation guard. Cross-network references can be converted into wrong/dangling local runtime IDs instead of returning an error.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
| fn next(&mut self) -> Option<Self::Item> { | ||
| let delta = self.document.history.get(&self.parent_rev)?; | ||
| // First parent only for now. Local-chain walking (filter by author) is a follow-up. | ||
| self.parent_rev = *delta.parents.first()?; |
Contributor
There was a problem hiding this comment.
P1: History iterator drops the root delta because ? short-circuits before Some(delta). This breaks history-based restoration when the relevant removal is at the root commit.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At document/graph-storage/src/document.rs, line 457:
<comment>History iterator drops the root delta because `?` short-circuits before `Some(delta)`. This breaks history-based restoration when the relevant removal is at the root commit.</comment>
<file context>
@@ -0,0 +1,480 @@
+ fn next(&mut self) -> Option<Self::Item> {
+ let delta = self.document.history.get(&self.parent_rev)?;
+ // First parent only for now. Local-chain walking (filter by author) is a follow-up.
+ self.parent_rev = *delta.parents.first()?;
+ Some(delta)
+ }
</file context>
|
|
||
| fn convert_input(registry: &Registry, input: &NodeInput, input_attributes: &crate::Attributes) -> Result<GraphCraftNodeInput, ConversionError> { | ||
| Ok(match input { | ||
| NodeInput::Node { node_id, output_index } => { |
Contributor
There was a problem hiding this comment.
P1: Node-reference remapping lacks a same-network validation guard. Cross-network references can be converted into wrong/dangling local runtime IDs instead of returning an error.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At document/graph-storage/src/to_runtime.rs, line 228:
<comment>Node-reference remapping lacks a same-network validation guard. Cross-network references can be converted into wrong/dangling local runtime IDs instead of returning an error.</comment>
<file context>
@@ -0,0 +1,277 @@
+
+fn convert_input(registry: &Registry, input: &NodeInput, input_attributes: &crate::Attributes) -> Result<GraphCraftNodeInput, ConversionError> {
+ Ok(match input {
+ NodeInput::Node { node_id, output_index } => {
+ let referenced = registry.node_instances.get(node_id).ok_or(ConversionError::NodeNotFound(*node_id))?;
+ let local_id = referenced.attributes.get(ORIGINAL_NODE_ID).and_then(|v| v.value.as_u64()).unwrap_or(*node_id);
</file context>
| /// exact tie between two peers inserting at the same gap is broken by `PeerId` in [`SourceKey`]. | ||
| /// `f64` precision is ample for the short fallback chains resources carry in practice. | ||
| #[derive(Copy, Clone, Debug, Serialize, Deserialize)] | ||
| pub struct Priority(pub f64); |
Contributor
There was a problem hiding this comment.
P2: Priority exposes its inner f64, so callers/deserialization can bypass the finite-value invariant enforced by Priority::new. Make invalid states unrepresentable by preventing direct construction and validating deserialization.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At document/graph-storage/src/attributes.rs, line 113:
<comment>`Priority` exposes its inner `f64`, so callers/deserialization can bypass the finite-value invariant enforced by `Priority::new`. Make invalid states unrepresentable by preventing direct construction and validating deserialization.</comment>
<file context>
@@ -0,0 +1,155 @@
+/// exact tie between two peers inserting at the same gap is broken by `PeerId` in [`SourceKey`].
+/// `f64` precision is ample for the short fallback chains resources carry in practice.
+#[derive(Copy, Clone, Debug, Serialize, Deserialize)]
+pub struct Priority(pub f64);
+
+impl Priority {
</file context>
| pub fn compute_deltas(from: &Registry, to: &Registry) -> Vec<RegistryDelta> { | ||
| let mut deltas = Vec::new(); | ||
|
|
||
| let from_network_ids: HashSet<NetworkId> = from.networks.keys().copied().collect(); |
Contributor
There was a problem hiding this comment.
P2: Diff generation is nondeterministic because it iterates HashSet differences/intersections. This makes identical state transitions produce different commit sequences and revision IDs across runs.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At document/graph-storage/src/delta.rs, line 12:
<comment>Diff generation is nondeterministic because it iterates `HashSet` differences/intersections. This makes identical state transitions produce different commit sequences and revision IDs across runs.</comment>
<file context>
@@ -0,0 +1,370 @@
+pub fn compute_deltas(from: &Registry, to: &Registry) -> Vec<RegistryDelta> {
+ let mut deltas = Vec::new();
+
+ let from_network_ids: HashSet<NetworkId> = from.networks.keys().copied().collect();
+ let to_network_ids: HashSet<NetworkId> = to.networks.keys().copied().collect();
+
</file context>
| } | ||
|
|
||
| let mut nodes: FxHashMap<RuntimeNodeId, DocumentNode> = FxHashMap::default(); | ||
| for (&global_id, node) in registry.node_instances.iter().filter(|(_, node)| node.network == network_id) { |
Contributor
There was a problem hiding this comment.
P2: Per-network conversion does repeated full-map scans of node_instances, causing avoidable quadratic work on nested/large graphs. This can noticeably slow full rebuilds.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At document/graph-storage/src/to_runtime.rs, line 99:
<comment>Per-network conversion does repeated full-map scans of `node_instances`, causing avoidable quadratic work on nested/large graphs. This can noticeably slow full rebuilds.</comment>
<file context>
@@ -0,0 +1,277 @@
+ }
+
+ let mut nodes: FxHashMap<RuntimeNodeId, DocumentNode> = FxHashMap::default();
+ for (&global_id, node) in registry.node_instances.iter().filter(|(_, node)| node.network == network_id) {
+ let local_id = node.attributes.get(ORIGINAL_NODE_ID).and_then(|v| v.value.as_u64()).unwrap_or(global_id);
+ let runtime_id = RuntimeNodeId(local_id);
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.