17
205
Fork
You've already forked human.json
6

fix: trust propagation through previously trusted seeds #47

Merged
robida merged 1 commit from dennis_str/human.json:trust-issue into main 2026年04月15日 18:43:25 +02:00
Contributor
Copy link

fixes #46

We only recrawl and consequently update the trust status, if the site containing the human.json is a trusted site.

(LLM only used to explain some browser extension things to me; all text and reasoning done by myself)

Why should you merge this?

handleHumanJsonLink is called on each page load. We only want to propagate the vouched_by and hops properties, if the site is trusted, which is (1) the current page is a seed or (2) the page is already vouched for.

Why shouldn't you merge this?

The recursive function calls and lack of available sites, makes it hard for me to keep all relevant code paths in memory. Therefore, the introduced check might skip updates to aggressively.
I think it might be worth adding tests for part of the update logic. (As I already spend quite some hours on the analysis, thats a topic for another day)

Full chain of argument

  • human.json site data is stored in IndexedDB humanJsonTrust keyed by site URL.
  • A trusted site is stored with isSeed = 1
    • achieved through background.jsaddSeedstore.addSeedcrawler.rawlFrom
  • removeSeed calls recrawlAll, which in turn recalculates the graph
  • resetNonSeedHops within recrawlAll works (confirmed by looking into IndexedDB while debugging)
  • crawlFrom is called through handleHumanJsonLink on each page load, which has a human.json , iff that site vouches for sites, this vouch information is added to the target sites in the humanJsonTrust database although the loaded site is not a seed.
fixes #46 We only recrawl and consequently update the trust status, if the site containing the human.json is a trusted site. (LLM only used to explain some browser extension things to me; all text and reasoning done by myself) ## Why should you merge this? `handleHumanJsonLink` is called on each page load. We only want to propagate the `vouched_by` and `hops` properties, if the site is trusted, which is (1) the current page is a seed or (2) the page is already vouched for. ## Why shouldn't you merge this? The recursive function calls and lack of available sites, makes it hard for me to keep all relevant code paths in memory. Therefore, the introduced check might skip updates to aggressively. I think it might be worth adding tests for part of the update logic. (As I already spend quite some hours on the analysis, thats a topic for another day) ## Full chain of argument - `human.json` site data is stored in IndexedDB `humanJsonTrust` keyed by site URL. - A trusted site is stored with `isSeed = 1` - achieved through `background.js` → `addSeed` → `store.addSeed` → `crawler.rawlFrom` - `removeSeed` calls `recrawlAll`, which in turn recalculates the graph - `resetNonSeedHops` within `recrawlAll` works (confirmed by looking into IndexedDB while debugging) - `crawlFrom` is called through `handleHumanJsonLink` on each page load, which has a `human.json` , **iff** that site vouches for sites, this vouch information is added to the target sites in the `humanJsonTrust` database although the loaded site is **not** a seed.
Author
Contributor
Copy link

Is there anything I could do to simplify your review?

Is there anything I could do to simplify your review?

Hi, @dennis_str! Sorry, I just had a busy week and haven't had time to look into this! I'll take a look this weekend, I'm planning to do some more work to publish 0.2.0. Thanks for the contribution!

Hi, @dennis_str! Sorry, I just had a busy week and haven't had time to look into this! I'll take a look this weekend, I'm planning to do some more work to publish 0.2.0. Thanks for the contribution!
robida left a comment
Copy link

Thanks for the PR, @dennis_str! It looks good, there's just an issue with knownSite being potentially null that we need to account for.

Thanks for the PR, @dennis_str! It looks good, there's just an issue with `knownSite` being potentially `null` that we need to account for.
@ -2,1 +2,4 @@
## Unreleased
- Fix trusting sites that were are vouched for by a previously trusted seed (https://codeberg.org/robida/human.json/issues/46).
Owner
Copy link

that were (削除) are (削除ここまで) vouched

that were ~~are~~ vouched
dennis_str marked this conversation as resolved
@ -133,3 +133,3 @@
// On reload, re-crawl outward from this site so updated vouches propagate.
if (isReload && hasHumanJson) {
const isTrusted = knownSite.isSeed || (knownSite.hops != null && knownSite.vouchedBy != null);
Owner
Copy link

We need to guard against knownSite being null:

const isTrusted = knownSite?.isSeed === 1 || (knownSite?.hops != null && knownSite?.vouchedBy != null);
We need to guard against `knownSite` being `null`: ```javascript const isTrusted = knownSite?.isSeed === 1 || (knownSite?.hops != null && knownSite?.vouchedBy != null); ```
Author
Contributor
Copy link

Good catch! I ammended the previous commit and used your suggestion exactly.

Good catch! I ammended the previous commit and used your suggestion exactly.

Awesome! Thanks for the PR, I'll deploy a new version ASAP!

Awesome! Thanks for the PR, I'll deploy a new version ASAP!
Sign in to join this conversation.
No reviewers
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
robida/human.json!47
Reference in a new issue
robida/human.json
No description provided.
Delete branch "dennis_str/human.json:trust-issue"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?