Refactor local-sealing and self-healing-open into sealing-recovery#7679
Merged
cjen1-msft merged 49 commits intomicrosoft:mainfrom Feb 27, 2026
Merged
Refactor local-sealing and self-healing-open into sealing-recovery#7679cjen1-msft merged 49 commits intomicrosoft:mainfrom
cjen1-msft merged 49 commits intomicrosoft:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors the sealing-based recovery feature with new terminology and reorganized configuration:
- Renames "self-healing-open" to "recovery-decision-protocol" throughout the codebase
- Consolidates "local-sealing" configuration under a new "sealing-recovery" umbrella config structure
- Updates test infrastructure to store and track sealing_recovery_identity within Node objects
- Reorganizes documentation to present the feature as "Sealing-based Recovery" with two sub-components: Recovery Decision Protocol and Local Sealing
Changes:
- Renamed all C++ files, classes, functions, and namespaces from self_healing_open to recovery_decision_protocol
- Restructured configuration: sealing_recovery.identity (required) and sealing_recovery.recovery_decision_protocol (optional nested config)
- Enhanced test infrastructure with Node.get_sealing_recovery_identity() and automatic identity management
- Updated documentation to clarify the distinction between the protocol (Recovery Decision Protocol) and the mechanism (Local Sealing)
Reviewed changes
Copilot reviewed 25 out of 25 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/infra/remote.py | Renamed parameters from enable_local_sealing/previous_local_sealing_identity/self_healing_open_* to sealing_recovery_identity/recovery_decision_protocol_cluster_identities |
| tests/infra/node.py | Added sealing_recovery_identity field and get_sealing_recovery_identity() method to Node class |
| tests/infra/network.py | Refactored start_in_self_healing_open to start_in_recovery_decision_protocol with automatic identity extraction from existing_network |
| tests/e2e_operations.py | Renamed test functions and updated to use new sealing_recovery_identity configuration structure |
| tests/config.jinja | Restructured configuration template to nest recovery_decision_protocol under sealing_recovery |
| src/node/rpc/self_healing_open_handlers.h | Deleted file (replaced by recovery_decision_protocol_handlers.h) |
| src/node/rpc/recovery_decision_protocol_handlers.h | New file replacing self_healing_open_handlers.h with updated naming and config access |
| src/node/rpc/node_stub.h | Updated interface method name from self_healing_open() to recovery_decision_protocol() |
| src/node/rpc/node_operation_interface.h | Updated virtual method signature from self_healing_open() to recovery_decision_protocol() |
| src/node/rpc/node_operation.h | Updated wrapper method delegation |
| src/node/rpc/node_interface.h | Updated interface includes and method signature |
| src/node/rpc/node_frontend.h | Updated handler initialization and subsystem calls |
| src/node/recovery_decision_protocol_impl.h | Renamed from self_healing_open_impl.h, updated all class/namespace names |
| src/node/recovery_decision_protocol_impl.cpp | Renamed from self_healing_open_impl.cpp, added get_identity() helper, updated config access paths |
| src/node/node_state.h | Updated friend class declaration, member variable naming, and config access for sealing recovery |
| src/host/run.cpp | Simplified config handling - removed previous_local_sealing_identity, directly assigns sealing_recovery config |
| src/host/configuration.h | Replaced enable_local_sealing bool with sealing_recovery optional config structure |
| src/common/configuration.h | Added RecoveryDecisionProtocolConfig and SealingRecoveryConfig JSON declarations, removed previous_local_sealing_identity |
| include/ccf/service/tables/recovery_decision_protocol.h | Renamed from self_healing_open.h, updated namespace and table name constants |
| include/ccf/service/node_info_network.h | Removed will_locally_seal_ledger_secrets field (feature detection now via sealing_recovery presence) |
| include/ccf/node/startup_config.h | Added RecoveryDecisionProtocolConfig and SealingRecoveryConfig structs, removed enable_local_sealing and previous_local_sealing_identity fields |
| doc/operations/recovery.rst | Reorganized documentation with Recovery Decision Protocol as primary section, Local Sealing as subsection |
| doc/host_config_schema/cchost_config.json | Updated schema to reflect new sealing_recovery configuration structure |
| doc/audit/builtin_maps.rst | Updated all table documentation from self_healing_open to recovery_decision_protocol |
| CMakeLists.txt | Updated source file references from self_healing_open_impl.cpp to recovery_decision_protocol_impl.cpp |
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
eddyashton
reviewed
Feb 20, 2026
achamayou
reviewed
Feb 23, 2026
achamayou
reviewed
Feb 23, 2026
achamayou
reviewed
Feb 23, 2026
eddyashton
reviewed
Feb 23, 2026
eddyashton
reviewed
Feb 23, 2026
achamayou
reviewed
Feb 25, 2026
achamayou
reviewed
Feb 25, 2026
achamayou
reviewed
Feb 25, 2026
Member
achamayou
left a comment
achamayou
left a comment
There was a problem hiding this comment.
@cjen1-msft there are still a couple uses of cluster that ought to say network, but this otherwise looks good to me.
achamayou
approved these changes
Feb 25, 2026
Member
achamayou
left a comment
achamayou
left a comment
There was a problem hiding this comment.
@cjen1-msft there are still a couple uses of cluster that ought to say network, but this otherwise looks good to me.
This reverts commit 2b232f5.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is primarily a UX change to the config, as well as renaming all of the internal things to follow this.
So:
The other change is an update to the test infra to store the sealing-recovery identity inside the
Nodewhich is locally sealing, allowing it to be read later by a recovering node.