fix: separate known-peers index from peer store to fix blocking for shared URLs

[synchwire]

Closes #450

Problem

The blocking implementation had a fundamental design contradiction:

• Blocked agents are excluded from the PeerStore (not inserted; removed on block) to prevent gossip with them
• CorePeerAccessState used PeerStore::get_by_url to map peer URLs → agent IDs in order to decide whether to block incoming connections

These assumptions are mutually incompatible. When a blocked agent is removed from the peer store, the URL lookup can no longer find them. If a non-blocked agent shares the same peer URL, the lookup finds the non-blocked agent, sees no block, and incorrectly grants access — allowing the blocked agent's traffic through.

Net result: blocking only worked when all agents at a peer URL were blocked, not when any were.

Solution

Introduce a new KnownPeers trait in the api crate: an append-only index of all ever-seen agent infos, including blocked ones, used purely for URL → agent ID resolution by the access control layer.

• KnownPeers::record — records agent infos without any block filtering
• KnownPeers::get_by_url — returns all known agents at a URL regardless of block status

CorePeerAccessState now uses DynKnownPeers for URL lookups instead of DynPeerStore. Agent infos are recorded into KnownPeers before the block filter runs, so blocked agents remain findable for access control purposes even after being removed from the peer store.

A new integration test verifies the fixed behaviour: a blocked agent sharing a peer URL with a non-blocked agent is correctly blocked.

[cocogitto-bot]

✔️ fccc54f - Conventional commits check succeeded.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 67921fbc-19c5-4352-bb93-4355bd0281df

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/blocking-peer-store-contradiction

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

The following will be added to the changelog

---

[0.4.0-dev.5] - 2026-03-11

Bug Fixes

• Separate known-peers index from peer store to fix blocking for shared URLs
  • Introduce a new KnownPeers trait as an append-only index of all ever-seen agent infos. MemPeerStore::insert records to KnownPeers before any block or expiry filtering so that the URL→agent mapping is always available. CorePeerAccessState now uses KnownPeers::get_by_url instead of PeerStore::get_by_url for access control decisions, ensuring that blocked agents (which are excluded from PeerStore) still block incoming connections from a shared URL.

[cloudflare-workers-and-pages]

Deploying kitsune2 with    Cloudflare Pages

Latest commit:	fccc54f
Status:	✅  Deploy successful!
Preview URL:	https://717e3c06.kitsune2.pages.dev
Branch Preview URL:	https://fix-blocking-peer-store-cont.kitsune2.pages.dev

View logs