fix(disk-cache): bind snapshot identity to model+config (manifest hardening)

[dusterbloom]

Re-carved from #274 (commit 4d12bca) onto current main, reconciled with #352's lazy layout verify, plus a DRY sha1 consolidation.

The disk KV-cache identity (layout_id) hashed only tensor name+type+shape, so restarting over the same --kv-cache-dir with a different model / max_ctx / chat_template could serve stale, invalid KV → corruption. compute_layout_id now prepends a 16-byte salt = sha1(GGUF path+size+mtime, max_ctx, chat_template). rope/yarn are GGUF-derived (covered by the file stat); kv_dtype already lives in tensor types. All-zero salt (the default) is byte-for-byte back-compatible; composes with #352 (both the live-learn and lazy-verify paths call the salted compute_layout_id).

DRY: sha1_hash was a file-static in disk_prefix_cache.cpp and prefix_cache.cpp; #274 cloned a third into http_server.cpp. Consolidated to one server/src/common/sha1.h — three copies → one.

Unit-tested (different config → different layout_id; identical → identical; all-zero back-compat; existing layout-verify regression). 1866 assertions green.

End-to-end validated (real server + --kv-cache-dir across restarts): same config → disk hit, same layout_id (reuse, no regression); max_ctx 8192→4096 → new layout_id, the stale entry is rejected at the layout-mismatch guard (disk_hit=false), response coherent; different model path → a third distinct layout_id. The salt lives in DiskPrefixCache (config-derived, backend-agnostic).

7 files, +349/-120. Folding max_ctx also makes the planned gemma4 cross-session (WS2) disk reuse collision-safe.

[cubic-dev-ai]

3 issues found across 7 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="server/src/server/http_server.cpp">

<violation number="1" location="server/src/server/http_server.cpp:779">
P2: Model fingerprint uses second-resolution mtime; fast same-size file replacement can collide and reuse invalid disk KV. Include sub-second timestamp (or stronger file identity) in the salted hash input.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[cubic-dev-ai]

P2: Model fingerprint uses second-resolution mtime; fast same-size file replacement can collide and reuse invalid disk KV. Include sub-second timestamp (or stronger file identity) in the salted hash input.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At server/src/server/http_server.cpp, line 779:

<comment>Model fingerprint uses second-resolution mtime; fast same-size file replacement can collide and reuse invalid disk KV. Include sub-second timestamp (or stronger file identity) in the salted hash input.</comment>

<file context>
@@ -758,6 +761,48 @@ std::vector<ChatMessage> normalize_chat_messages(
+    int64_t file_mtime = 0;
+    if (::stat(path.c_str(), &st) == 0) {
+        file_size  = (int64_t)st.st_size;
+        file_mtime = (int64_t)st.st_mtime;
+    } else {
+        std::fprintf(stderr, "[disk-cache] salt: stat(%s) failed — path-only fingerprint\n",
</file context>

Suggested change

	file_mtime = (int64_t)st.st_mtime;
	file_mtime = (int64_t)st.st_mtime * 1000000000LL + (int64_t)st.st_mtim.tv_nsec;