fix(rc.12): publish ACK/allowance races + SPARQL parse-error classifier (#887, #888, #889)

[Bojan131]

Summary

Three independent rc.12 bugs found during live devnet / edge-node testing. Each is a distinct root cause with its own deterministic unit tests; they're bundled here because they were all found in the same publish/query smoke pass. All three issues are open with the rc 12 label and no other PR addresses them (verified against open + recently-merged PRs).

Fixes #887 — fresh public-CG publish fails with NO_DATA_IN_SWM

A freshly-created public CG fails publish with storage_ack_insufficient because the publisher's ACK round races SWM-gossip propagation to its newly-assigned cores. NO_DATA_IN_SWM was already classified as a transient decline and retried, but it shared the transport budget (MAX_RETRIES = 3, ~3s total) — shorter than gossip propagation to fresh cores.

• packages/publisher/src/ack-collector.ts: transient declines now get their own budget — MAX_TRANSIENT_DECLINE_RETRIES = 6 with capped-exponential backoff (~31s total, still well under the 120s ACK_TIMEOUT_MS). Transport errors keep the unchanged 3-attempt budget (a peer that never answers shouldn't hold the round open).
• Added an injectable sleep dep so the multi-retry path is unit-testable without real delays.

Fixes #888 — intermittent TooLowAllowance(TRAC,0,1) on consecutive zero-cost publishes

This is the #870 residual. PR #876 closed #870 with tests only, explicitly naming "stale allowance from an RPC-side read cache" as the unaddressed candidate root cause. This adds the actual code fix:

• packages/chain/src/evm-adapter.ts:
  • isTooLowAllowanceError(err) — robust classifier (decoded revert.name, message/shortMessage/reason, nested cause).
  • On a TooLowAllowance revert during populate/gas-estimation — which happens strictly pre-broadcast, before the onBroadcast WAL checkpoint — force a fresh approve up to the publish floor and confirm it is visible on the same read path (confirmAllowanceVisible, bounded poll) before retrying populate+sign exactly once. Any other error, or a second revert, propagates.
  • The visibility poll is gated on force, so the steady-state publish path issues exactly one allowance read + one approve as before (latency unchanged).
• packages/chain/src/index.ts: export isTooLowAllowanceError.

Fixes #889 — POST /api/query returns 500 (not 400) for invalid SPARQL

The parse-error classifier missed oxigraph's native error at <line>:<col>: expected one of … shape, so malformed queries fell through to the 500 path.

• packages/cli/src/daemon/routes/query.ts: widen the 400 classifier to match that shape, while still surfacing genuine server faults as 500.

Test plan

• packages/publisher — 1097 passed / 6 skipped (incl. 2 new ack-collector.test.ts cases: retries past the old budget then succeeds; bounded give-up at 7 sends; and the 6 typed-decline edge-case tests updated for the new budget with collapsed backoff).
• packages/chain unit — 117 passed (9 new: isTooLowAllowanceError classifier + ensureV10ApproveTrac forced re-approve / visibility-poll / stale-high-skip / bounded-give-up), plus 48 V10 publish-path / decode tests.
• packages/cli — query.test.ts 3 passed (oxigraph-parse→400 + a guard that real server faults stay 500).
• All deterministic (no live network). rc.12: publishing a freshly-created public CG fails with NO_DATA_IN_SWM (publish ACK round races SWM gossip propagation to cores) #887/rc.12: intermittent TooLowAllowance(TRAC,0,1) on consecutive zero-cost publishes (per-publish re-approve race; #870 residual) #888's live failure modes (gossip timing / RPC read-after-write) can't be reproduced on demand; verification is at the unit level.

Notes / coordination

• fix(publisher): filter ACK quorum candidates by <contextGraphsServed> #556 (open) edits the same two #887 files (ack-collector.ts, v10-ack-edge-cases.test.ts) for an orthogonal hosting-filter fix — whichever lands second needs a small rebase. Different logic, not a conflict in intent.
• Built on top of merged fix(chain): per-publish allowance check must target the actual publish signer (#870) #876 (signer-parity tests) and chore(chain): surface V10 per-publish 1-wei allowance floor for operators (#871) #875 (1-wei floor console.warn); my changes are additive (separate describe blocks, no test collision).

Made with Cursor

[github-actions]

Codex review produced 1 comment(s) but all targeted lines outside the diff and were dropped. Check the workflow logs for details.

[Bojan131]

Addressed the latest Codex review (commit `a07550341`) and resolved the threads:

• 🔴 evm-adapter.ts confirmAllowanceVisible() — each token.allowance() poll read is now wrapped in withTimeout(..., RPC_READ_STALL_TIMEOUT_MS), so a hung/read-stalled RPC can no longer block the (supposedly bounded) recovery poll. New fake-timer test proves the poll resolves even when every read stalls forever.
• 🔴 ack-collector.ts — the roundIsOver() quorum-bail guard is now also checked after each backoff sleep (both the transient-decline and transport-retry branches), so a round that settles during a sleep never leaks one more sendP2P. New deterministic test covers the settle-during-sleep case.
• 🟡 index.ts — dropped the package-root re-export of isTooLowAllowanceError; it stays internal (the unit test already imports it directly from ./evm-adapter.js).
• 🟡 earlier-round items (shared publish/update recovery helper + ACK quorum bail + retry-loop test coverage) remain addressed.

chain (144) + publisher (54) suites green locally, incl. the new tests.