Protocol
QUIC wire protocol, the request lifecycle, and version negotiation. Every wire variant, message body, and verdict below is the real serialized output of the Rust protocol types from this run.
The exact messages machines exchange to run a job (Offer → Bid → Dispatch → Commit → Verify → Settle) and how they negotiate versions so different builds stay compatible.
Impact: Independent implementations can talk to each other and upgrade over time without splitting or breaking the network.
- 1OfferR W
Requester broadcasts query_hash + a fresh nonce. No SQL yet — workers bid blind on the hash and cost hint.
- 2BidW R
Worker replies Accept with an ETA, its attestation, and recent receipts. Requester selects k by trust + ETA.
- 3DispatchR W
Full SQL + a scoped credential, sealed to each node key. For Sensitive data a SealedKey is gated on attestation.
- 4ProgressW R
Liveness heartbeat while executing. A stall past the deadline ⇒ the requester re-dispatches to a fresh host.
- 5CommitW R
result_hash is sent FIRST — commit-first — binding the worker to an answer before any bytes stream.
- 6VerifyR only
Requester waits for quorum: q matching result hashes across the racing workers before accepting.
- 7StreamW R
Winner only sends a Manifest then Chunk/Part frames over parallel uni-streams. Losers never stream.
- 8Cancel / RESETR W
Losing racers are cancelled and RESET — their in-flight work is discarded; they incur no fault.
- 9ReceiptR only
Requester emits a signed receipt per worker and gossips it into the reputation trail.
Wire tagged-enum variants carried over QUIC streams — the real registered set.| Variant | Direction | Purpose |
|---|---|---|
| Hello | R↔W | connection handshake (versions + engine build) |
| VersionReject | R↔W | typed version-incompatibility rejection |
| Offer | R→W | probe a candidate with query_hash + nonce |
| Bid | W→R | accept (ETA + attestation + receipts) or reject |
| Dispatch | R→W | full SQL + scoped credential to top-k |
| Progress | W→R | liveness heartbeat during execution |
| Commit | W→R | result_hash first (commit-first) |
| Manifest | W→R | describes result encoding/splitting |
| Chunk | W→R | bulk result bytes (winner only) |
| Part | W→R | header for one parallel stream part |
| Cancel | R→W | RESET losers |
| Ack | R↔W | generic acknowledgement / error |
| Verdict | Fault class | Meaning |
|---|---|---|
| Correct | neutral | result agreed with quorum |
| Incorrect | provider | diverged from the agreed hash |
| Timeout | provider | accepted then failed to commit |
| Malformed | provider | unparseable / protocol-violating reply |
| ResourceExceeded | requester | job exceeded its declared budget |
| Infeasible | requester | query could not be satisfied as posed |
| Inconclusive | neutral | no quorum reached; no party penalised |
Hello handshake is exchanged per connection before any work.- wire_schema_version
- 1
- protocol_version
- 1.0.0
- min_supported
- 1.0.0
- engine_version
- mock-1
- require_matching_engine_version
- false
If a peer's protocol_version < our min_supported (1.0.0), the connection is closed with a typed VersionReject{ reason, our_version, min_supported }.
engine_version drives result-determinism and quorum policy — hashes are only compared across matching engines. A match is not strictly required here, but mismatched engines never enter the same quorum.
| Peer protocol | Outcome | Why |
|---|---|---|
| 1.0.0 | Accept | current — full feature set |
| 1.0.0 | Accept | exactly min_supported |
| 0.9.9 | Reject | below min_supported ⇒ VersionReject |