docs: adversarial review of ripclone (2026-06-25)

[russellromney]

What

An eight-track adversarial review of rust/src/ at origin/main (e6991f1), run per the adversarial-review playbook and the new Rust addendum. Adds a single report file — ADVERSARIAL_REVIEW_2026-06-25.md. No code changes.

Headline findings (line-verified)

• "A newer sync never loses to an older one" is largely unenforced. No ordering guard on FileRefStore (the default when no S3); TOCTOU get-then-upsert with no transaction on every SQL store; S3 branch refs skip the ETag CAS that HEAD uses. Surfaced independently by 3 tracks.
• Queue settlement double-settles. finish is UPDATE … WHERE id=? with no worker_id/status guard, and reclaim_stale is purely time-based with no attempt counter → a slow-but-alive worker is reclaimed and both workers settle; a SIGKILL/OOM build crash-loops forever with no dead-letter.
• Two-phase build acks done then fires phase 2 into a detached tokio::spawn — an ephemeral worker loses the full clonepack.
• io_uring UAF on the harvest/submit error path (buffers, incl. kernel-written statx, freed while the kernel still owns them).
• No per-repo authz in the backend (one shared token reads any tenant's cached artifacts); rate limiter keyed on raw socket IP; GC grace anchored on object mtime not reference time.
• Plus medium/low: non-UTF-8 symlink targets abort a files-mode clone, --depth N>1 silently serves full history, HashingWriter double-hashes on short writes, and a cluster of cheap hot-path perf wins.

Checked and sound: "upstream credentials never stored in the queue" holds; the files-mode integrity model (three independent hash anchors + zip-slip defenses) is strong; head-pack disjointness is a correct set-difference.

The report has the ranked top-10 fixes, per-track findings with file:line, invariants violated, suggested tests, and a track-coverage map.

🤖 Generated with Claude Code