Pause groups when min libxmtp version exceeds current (#1708)

* pause groups when min libxmtp version exceeds current version

* fix spelling error

* cleanup

* groups from welcome are paused if they have min version higher than current

* verify groups on different versions are not paused when committing until someone set min group version

* fix import

* more logs when skipping sync on paused group

* adds paused_for_version to bindings

* fix bindings, make paused_for_version synchronous

* fix after merge with main

* fmt fix

* remove unused import

* fixed metadata permissions

* lint warning

* tests showing expected errors when trying to send a message in a group while paused

* fix default policy check since update min version defaults to super admin only

* add version_info to wasm trait. make ordering consistent

* wasm version_info scoped client one more spot

* remove extra char

---------

Co-authored-by: cameronvoell <cameronvoell@users.noreply.github.com>

Author: cameronvoell

bindings_ffi/src/mls.rs

@@ -2102,6 +2102,11 @@ impl FfiConversation {
         self.inner.is_active(&provider).map_err(Into::into)
     }
 
+    pub fn paused_for_version(&self) -> Result<Option<String>, GenericError> {
+        let provider = self.inner.mls_provider()?;
+        self.inner.paused_for_version(&provider).map_err(Into::into)
+    }
+
     pub fn consent_state(&self) -> Result<FfiConsentState, GenericError> {
         self.inner
             .consent_state()

bindings_node/src/conversation.rs

@@ -601,6 +601,21 @@ impl Conversation {
     )
   }
 
+  #[napi]
+  pub fn paused_for_version(&self) -> napi::Result<Option<String>> {
+    let group = MlsGroup::new(
+      self.inner_client.clone(),
+      self.group_id.clone(),
+      self.created_at_ns,
+    );
+
+    Ok(
+      group
+        .paused_for_version(&group.mls_provider().map_err(ErrorWrapper::from)?)
+        .map_err(ErrorWrapper::from)?,
+    )
+  }
+
   #[napi]
   pub fn added_by_inbox_id(&self) -> Result<String> {
     let group = MlsGroup::new(

bindings_wasm/src/conversation.rs

@@ -548,6 +548,19 @@ impl Conversation {
       .map_err(|e| JsError::new(&format!("{e}")))
   }
 
+  #[wasm_bindgen(js_name = pausedForVersion)]
+  pub fn paused_for_version(&self) -> Result<Option<String>, JsError> {
+    let group = self.to_mls_group();
+
+    group
+      .paused_for_version(
+        &group
+          .mls_provider()
+          .map_err(|e| JsError::new(&format!("{e}")))?,
+      )
+      .map_err(|e| JsError::new(&format!("{e}")))
+  }
+
   #[wasm_bindgen(js_name = addedByInboxId)]
   pub fn added_by_inbox_id(&self) -> Result<String, JsError> {
     let group = self.to_mls_group();

xmtp_mls/migrations/2025-03-03-072233_paused_for_version/down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE groups
+DROP COLUMN paused_for_version;

xmtp_mls/migrations/2025-03-03-072233_paused_for_version/up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE groups
+ADD COLUMN paused_for_version TEXT DEFAULT NULL;

xmtp_mls/src/builder.rs

@@ -57,7 +57,7 @@ pub struct ClientBuilder<ApiClient, V> {
 }
 
 impl Client<(), ()> {
-    /// Ge tthe builder for this [`Client`]
+    /// Get the builder for this [`Client`]
     pub fn builder(strategy: IdentityStrategy) -> ClientBuilder<(), ()> {
         ClientBuilder::<(), ()>::new(strategy)
     }

xmtp_mls/src/client.rs

@@ -3,6 +3,7 @@ use crate::groups::device_sync::WorkerHandle;
 use crate::groups::group_mutable_metadata::MessageDisappearingSettings;
 use crate::groups::{ConversationListItem, DMMetadataOptions};
 use crate::storage::consent_record::ConsentType;
+use crate::utils::VersionInfo;
 use crate::GroupCommitLock;
 use crate::{
     groups::{
@@ -141,6 +142,7 @@ pub struct Client<ApiClient, V = RemoteSignatureVerifier<ApiClient>> {
     pub(crate) local_events: broadcast::Sender<LocalEvents>,
     /// The method of verifying smart contract wallet signatures for this Client
     pub(crate) scw_verifier: Arc<V>,
+    pub(crate) version_info: Arc<VersionInfo>,
 
     #[cfg(any(test, feature = "test-utils"))]
     pub(crate) sync_worker_handle: Arc<parking_lot::Mutex<Option<Arc<WorkerHandle>>>>,
@@ -155,6 +157,7 @@ impl<ApiClient, V> Clone for Client<ApiClient, V> {
             history_sync_url: self.history_sync_url.clone(),
             local_events: self.local_events.clone(),
             scw_verifier: self.scw_verifier.clone(),
+            version_info: self.version_info.clone(),
 
             #[cfg(any(test, feature = "test-utils"))]
             sync_worker_handle: self.sync_worker_handle.clone(),
@@ -217,6 +220,18 @@ impl XmtpMlsLocalContext {
     }
 }
 
+impl<ApiClient, V> Client<ApiClient, V>
+where
+    ApiClient: XmtpApi,
+    V: SmartContractSignatureVerifier,
+{
+    // Test only function to update the version of the client
+    #[cfg(test)]
+    pub fn test_update_version(&mut self, version: &str) {
+        Arc::make_mut(&mut self.version_info).test_update_version(version);
+    }
+}
+
 impl<ApiClient, V> Client<ApiClient, V>
 where
     ApiClient: XmtpApi,
@@ -252,12 +267,17 @@ where
             #[cfg(any(test, feature = "test-utils"))]
             sync_worker_handle: Arc::new(parking_lot::Mutex::default()),
             scw_verifier: scw_verifier.into(),
+            version_info: Arc::new(VersionInfo::default()),
         }
     }
 
     pub fn scw_verifier(&self) -> &Arc<V> {
         &self.scw_verifier
     }
+
+    pub fn version_info(&self) -> &Arc<VersionInfo> {
+        &self.version_info
+    }
 }
 
 impl<ApiClient, V> Client<ApiClient, V>

xmtp_mls/src/groups/device_sync/backup/export_stream/group_save.rs

@@ -64,6 +64,7 @@ impl TryFrom<GroupSave> for StoredGroup {
             last_message_ns: value.last_message_ns,
             message_disappear_from_ns: value.message_disappear_from_ns,
             message_disappear_in_ns: value.message_disappear_in_ns,
+            paused_for_version: None, // TODO: Add this to the backup
         })
     }
 }

xmtp_mls/src/groups/group_mutable_metadata.rs

@@ -46,6 +46,7 @@ pub enum MetadataField {
     GroupImageUrlSquare,
     MessageDisappearFromNS,
     MessageDisappearInNS,
+    MinimumSupportedProtocolVersion,
 }
 
 impl MetadataField {
@@ -57,6 +58,7 @@ impl MetadataField {
             MetadataField::GroupImageUrlSquare => "group_image_url_square",
             MetadataField::MessageDisappearFromNS => "message_disappear_from_ns",
             MetadataField::MessageDisappearInNS => "message_disappear_in_ns",
+            MetadataField::MinimumSupportedProtocolVersion => "minimum_supported_protocol_version",
         }
     }
 }
@@ -205,6 +207,7 @@ impl GroupMutableMetadata {
             MetadataField::GroupImageUrlSquare,
             MetadataField::MessageDisappearFromNS,
             MetadataField::MessageDisappearInNS,
+            MetadataField::MinimumSupportedProtocolVersion,
         ]
     }
 

xmtp_mls/src/groups/group_permissions.rs

@@ -31,7 +31,6 @@ use super::{
 };
 use crate::configuration::{GROUP_PERMISSIONS_EXTENSION_ID, SUPER_ADMIN_METADATA_PREFIX};
 use crate::groups::group_mutable_metadata::MetadataField;
-use crate::groups::group_mutable_metadata::MetadataField::MessageDisappearInNS;
 
 /// Errors that can occur when working with GroupMutablePermissions.
 #[derive(Debug, Error)]
@@ -228,10 +227,22 @@ impl MetadataPolicies {
     pub fn default_map(policies: MetadataPolicies) -> HashMap<String, MetadataPolicies> {
         let mut map: HashMap<String, MetadataPolicies> = HashMap::new();
         for field in GroupMutableMetadata::supported_fields() {
-            if field == MessageDisappearInNS {
-                map.insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
-            } else {
-                map.insert(field.to_string(), policies.clone());
+            match field {
+                MetadataField::MessageDisappearInNS => {
+                    map.insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+                }
+                MetadataField::MessageDisappearFromNS => {
+                    map.insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+                }
+                MetadataField::MinimumSupportedProtocolVersion => {
+                    map.insert(
+                        field.to_string(),
+                        MetadataPolicies::allow_if_actor_super_admin(),
+                    );
+                }
+                _ => {
+                    map.insert(field.to_string(), policies.clone());
+                }
             }
         }
         map
@@ -960,27 +971,37 @@ impl PolicySet {
 
         // Verify that update metadata policy was not violated
         let metadata_changes_valid = self.evaluate_metadata_policy(
-            commit.metadata_changes.metadata_field_changes.iter(),
+            commit
+                .metadata_validation_info
+                .metadata_field_changes
+                .iter(),
             &self.update_metadata_policy,
             &commit.actor,
         );
 
         // Verify that add admin policy was not violated
-        let added_admins_valid = commit.metadata_changes.admins_added.is_empty()
+        let added_admins_valid = commit.metadata_validation_info.admins_added.is_empty()
             || self.add_admin_policy.evaluate(&commit.actor);
 
         // Verify that remove admin policy was not violated
-        let removed_admins_valid = commit.metadata_changes.admins_removed.is_empty()
+        let removed_admins_valid = commit.metadata_validation_info.admins_removed.is_empty()
             || self.remove_admin_policy.evaluate(&commit.actor);
 
         // Verify that super admin add policy was not violated
-        let super_admin_add_valid =
-            commit.metadata_changes.super_admins_added.is_empty() || commit.actor.is_super_admin;
+        let super_admin_add_valid = commit
+            .metadata_validation_info
+            .super_admins_added
+            .is_empty()
+            || commit.actor.is_super_admin;
 
         // Verify that super admin remove policy was not violated
         // You can never remove the last super admin
-        let super_admin_remove_valid = commit.metadata_changes.super_admins_removed.is_empty()
-            || (commit.actor.is_super_admin && commit.metadata_changes.num_super_admins > 0);
+        let super_admin_remove_valid = commit
+            .metadata_validation_info
+            .super_admins_removed
+            .is_empty()
+            || (commit.actor.is_super_admin
+                && commit.metadata_validation_info.num_super_admins > 0);
 
         // Permissions can only be changed by the super admin
         let permissions_changes_valid = !commit.permissions_changed || commit.actor.is_super_admin;
@@ -1158,9 +1179,14 @@ pub fn is_policy_default(policy: &PolicySet) -> Result<bool, PolicyError> {
                 name: field_name.to_string(),
             },
         )?;
-        if field_name == MessageDisappearInNS.as_str() {
+        if field_name == MetadataField::MessageDisappearInNS.as_str()
+            || field_name == MetadataField::MessageDisappearFromNS.as_str()
+        {
             metadata_policies_equal = metadata_policies_equal
                 && metadata_policy.eq(&MetadataPolicies::allow_if_actor_admin());
+        } else if field_name == MetadataField::MinimumSupportedProtocolVersion.as_str() {
+            metadata_policies_equal = metadata_policies_equal
+                && metadata_policy.eq(&MetadataPolicies::allow_if_actor_super_admin());
         } else {
             metadata_policies_equal =
                 metadata_policies_equal && metadata_policy.eq(&MetadataPolicies::allow());
@@ -1188,8 +1214,13 @@ pub fn is_policy_admin_only(policy: &PolicySet) -> Result<bool, PolicyError> {
                 name: field_name.to_string(),
             },
         )?;
-        metadata_policies_equal = metadata_policies_equal
-            && metadata_policy.eq(&MetadataPolicies::allow_if_actor_admin());
+        if field_name == MetadataField::MinimumSupportedProtocolVersion.as_str() {
+            metadata_policies_equal = metadata_policies_equal
+                && metadata_policy.eq(&MetadataPolicies::allow_if_actor_super_admin());
+        } else {
+            metadata_policies_equal = metadata_policies_equal
+                && metadata_policy.eq(&MetadataPolicies::allow_if_actor_admin());
+        }
     }
     Ok(metadata_policies_equal
         && policy.add_member_policy == MembershipPolicies::allow_if_actor_admin()
@@ -1205,12 +1236,26 @@ pub fn is_policy_admin_only(policy: &PolicySet) -> Result<bool, PolicyError> {
 pub(crate) fn default_policy() -> PolicySet {
     let mut metadata_policies_map: HashMap<String, MetadataPolicies> = HashMap::new();
     for field in GroupMutableMetadata::supported_fields() {
-        metadata_policies_map.insert(field.to_string(), MetadataPolicies::allow());
+        match field {
+            MetadataField::MessageDisappearInNS => {
+                metadata_policies_map
+                    .insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+            }
+            MetadataField::MessageDisappearFromNS => {
+                metadata_policies_map
+                    .insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+            }
+            MetadataField::MinimumSupportedProtocolVersion => {
+                metadata_policies_map.insert(
+                    field.to_string(),
+                    MetadataPolicies::allow_if_actor_super_admin(),
+                );
+            }
+            _ => {
+                metadata_policies_map.insert(field.to_string(), MetadataPolicies::allow());
+            }
+        }
     }
-    metadata_policies_map.insert(
-        MessageDisappearInNS.to_string(),
-        MetadataPolicies::allow_if_actor_admin(),
-    );
 
     PolicySet::new(
         MembershipPolicies::allow(),
@@ -1228,12 +1273,27 @@ pub(crate) fn default_policy() -> PolicySet {
 pub(crate) fn policy_admin_only() -> PolicySet {
     let mut metadata_policies_map: HashMap<String, MetadataPolicies> = HashMap::new();
     for field in GroupMutableMetadata::supported_fields() {
-        metadata_policies_map.insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+        match field {
+            MetadataField::MessageDisappearInNS => {
+                metadata_policies_map
+                    .insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+            }
+            MetadataField::MessageDisappearFromNS => {
+                metadata_policies_map
+                    .insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+            }
+            MetadataField::MinimumSupportedProtocolVersion => {
+                metadata_policies_map.insert(
+                    field.to_string(),
+                    MetadataPolicies::allow_if_actor_super_admin(),
+                );
+            }
+            _ => {
+                metadata_policies_map
+                    .insert(field.to_string(), MetadataPolicies::allow_if_actor_admin());
+            }
+        }
     }
-    metadata_policies_map.insert(
-        MetadataField::MessageDisappearInNS.to_string(),
-        MetadataPolicies::allow_if_actor_admin(),
-    );
 
     PolicySet::new(
         MembershipPolicies::allow_if_actor_admin(),
@@ -1297,7 +1357,7 @@ pub(crate) mod tests {
 
     use crate::groups::{
         group_metadata::DmMembers, group_mutable_metadata::MetadataField,
-        validated_commit::MutableMetadataChanges,
+        validated_commit::MutableMetadataValidationInfo,
     };
     use xmtp_common::{rand_string, rand_vec};
 
@@ -1388,7 +1448,7 @@ pub(crate) mod tests {
             removed_inboxes: member_removed
                 .map(build_membership_change)
                 .unwrap_or_default(),
-            metadata_changes: MutableMetadataChanges {
+            metadata_validation_info: MutableMetadataValidationInfo {
                 metadata_field_changes: field_changes,
                 ..Default::default()
             },

xmtp_mls/src/groups/intents.rs

@@ -250,6 +250,13 @@ impl UpdateMetadataIntentData {
             field_value: in_ns.to_string(),
         }
     }
+
+    pub fn new_update_group_min_version_to_match_self(min_version: String) -> Self {
+        Self {
+            field_name: MetadataField::MinimumSupportedProtocolVersion.to_string(),
+            field_value: min_version,
+        }
+    }
 }
 
 impl From<UpdateMetadataIntentData> for Vec<u8> {