diff --git a/sds/types/persistence.nim b/sds/types/persistence.nim
index 865b5f0..ffaf806 100644
--- a/sds/types/persistence.nim
+++ b/sds/types/persistence.nim
@@ -25,8 +25,8 @@ type
     ## filter is NOT in the snapshot — callers rebuild it from `messageHistory`.
     lamportTimestamp*: int64
     messageHistory*: seq[SdsMessage]
-      ## Delivered messages, oldest first (insertion order preserved for
-      ## causal-history tail access and FIFO eviction).
+      ## MUST be ordered oldest-first. FIFO eviction relies on insertion order;
+      ## skipping ORDER BY corrupts the log across restarts.
     outgoingBuffer*: seq[UnacknowledgedMessage]
     incomingBuffer*: seq[IncomingMessage]
     outgoingRepairBuffer*: seq[(SdsMessageID, OutgoingRepairEntry)]
@@ -75,7 +75,7 @@ type
     removeIncomingRepair*:
       proc(channelId: SdsChannelID, msgId: SdsMessageID) {.gcsafe, raises: [].}
 
-    # Bootstrap on `addChannel` / `getOrCreateChannel`
+    # Bootstrap on `addChannel` / `getOrCreateChannel`.
     loadAllForChannel*:
       proc(channelId: SdsChannelID): ChannelSnapshot {.gcsafe, raises: [].}
 
diff --git a/sds/types/reliability_config.nim b/sds/types/reliability_config.nim
index 7cd20f2..f1e931a 100644
--- a/sds/types/reliability_config.nim
+++ b/sds/types/reliability_config.nim
@@ -1,4 +1,5 @@
 import std/times
+import chronicles
 
 const
   DefaultMaxMessageHistory* = 1000
@@ -49,6 +50,13 @@ proc init*(
     maxRepairRequests: int = DefaultMaxRepairRequests,
     repairSweepInterval: Duration = DefaultRepairSweepInterval,
 ): T =
+  # Bloom is rebuilt by replaying messageHistory on restart and is also the
+  # outgoing summary peers see. A bloom smaller than the log causes continuous
+  # clean() churn and incomplete summaries to peers, with no compensating gain.
+  if maxMessageHistory > bloomFilterCapacity:
+    warn "maxMessageHistory > bloomFilterCapacity will cause continuous bloom rebuilds and incomplete summaries to peers; reduce maxMessageHistory or increase bloomFilterCapacity unless you have a specific reason",
+      maxMessageHistory = maxMessageHistory,
+      bloomFilterCapacity = bloomFilterCapacity
   return T(
     bloomFilterCapacity: bloomFilterCapacity,
     bloomFilterErrorRate: bloomFilterErrorRate,