This PR introduces to each InputHandleCore the antichain of Timestamp::Summary associated with each output. Before the input will produce capabilities for the output, it first validates them against the summary to make sure that the requested timestamp complies with the operator's promise.
This closes a hole in timely's "safety" story, and secretly opens another one that I will keep quiet for the moment.
This PR introduces to each
InputHandleCore
the antichain ofTimestamp::Summary
associated with each output. Before the input will produce capabilities for the output, it first validates them against the summary to make sure that the requested timestamp complies with the operator's promise.This closes a hole in timely's "safety" story, and secretly opens another one that I will keep quiet for the moment.