Skip to content

bump[#51

Open
yapishu wants to merge 71 commits into
nockpool/hoonfrom
nockpool/hoon-7may26
Open

bump[#51
yapishu wants to merge 71 commits into
nockpool/hoonfrom
nockpool/hoon-7may26

Conversation

@yapishu

@yapishu yapishu commented May 14, 2026

Copy link
Copy Markdown

No description provided.

tacryt-socryp and others added 30 commits October 25, 2025 15:39
…for examining raw-txs, add batch writes to file driver, add file exts to http driver
* Sync from Nockup development repo.

* Change to workspace.

* Post with openssl
* Update README to remove status and development notes

Removed pre-release status and development notes from README.

* Fix URL branch reference in installation command

* Add permissions for contents in release workflow
* Post new deploy chain.

* Add pruning.

* Add protobuf support

* Add protobuf support

* Add protobuf support

* Tweak CI

* Tweak CI

* Tweak CI

* Tweak CI

* Fix nockup for new manifest format.

* Adjust

* Fix so build cleanup doesn't happen on PR.
* Post new deploy chain.

* Add pruning.

* Add protobuf support

* Add protobuf support

* Add protobuf support

* Tweak CI

* Tweak CI

* Tweak CI

* Tweak CI

* Fix nockup for new manifest format.

* Adjust

* Fix so build cleanup doesn't happen on PR.

* Fix install script and update old links to sigilante repo.

* Fix last URLs
* Post new deploy chain.

* Add pruning.

* Add protobuf support

* Add protobuf support

* Add protobuf support

* Tweak CI

* Tweak CI

* Tweak CI

* Tweak CI

* Fix nockup for new manifest format.

* Adjust

* Fix so build cleanup doesn't happen on PR.

* Fix install script and update old links to sigilante repo.

* Fix last URLs

* Fix cleanup logic.
github-actions Bot and others added 30 commits March 5, 2026 11:40
## Technical Overview

This PR introduces a bridge runtime architecture decomposition, a draft protocol specification for req-res gen2 (Nous), and req-res gen1 CBOR conformance fixtures with executable tests.

## Protocol Specification

### `changelog/protocol/013-nous.md`

Adds a draft protocol document for libp2p request-response generation 2:

- dual protocol registration (`gen1` + `gen2`)
- batch request/response schema and envelope semantics
- protocol-order fallback expectations
- size/count limits, queue pressure controls, and per-peer inflight guidance
- observability requirements and rollout/rollback procedures
- implementation file map for networking/driver touchpoints

## Bridge Runtime Architecture

### New planner modules (`crates/bridge/src/core/*`)

- `base_observer.rs`
- `nock_observer.rs`
- `signing.rs`
- `posting.rs`

These modules introduce explicit planner inputs/actions and runner wrappers for deterministic tick planning.

### New port layer (`crates/bridge/src/ports.rs`)

Adds trait boundaries for runtime dependencies:

- `BaseContractPort`
- `BaseSourcePort`
- `NockSourcePort`
- `KernelStatePort`

This decouples loop logic from concrete transport/contract/runtime implementations.

### New loop policy layer (`crates/bridge/src/loop_policy.rs`)

Introduces typed policy structs and retry policy composition:

- `BaseObserverLoopPolicy`
- `NockObserverLoopPolicy`
- `SigningLoopPolicy`
- `PostingLoopPolicy`

Default values preserve prior operational timing/retry behavior.

### Runtime decomposition (`crates/bridge/src/runtime.rs`)

Key structural changes:

- separates runtime internals into channels/deps/state structs
- exposes typed injection helpers for chain events
- implements `KernelStatePort` for `BridgeRuntimeHandle`
- introduces context/state/control structs for signing and posting tick execution
- adds `signing_tick_once` / `posting_tick_once` and policy-aware loop entry points
- centralizes decision paths through `SigningPlanner` and `PostingPlanner`

### Observer integration updates

- `crates/bridge/src/ethereum.rs`: base observer loop now uses `BasePlanAction`
- `crates/bridge/src/nockchain.rs`: nock watcher loop now uses `NockPlanAction`
- both modules adopt policy-aware loop variants and port traits

### Service wiring cleanup

- `crates/bridge/src/ingress.rs`: service state split into dependency/node/control/peer state structs
- `crates/bridge/src/deposit_log.rs`: nonce-prefix validation generalized over `BaseContractPort`

## Behavioral/Telemetry Adjustments

### Stop-path instrumentation

- `crates/bridge/src/metrics.rs`
- `crates/bridge/src/stop.rs`

Adds counters:

- `bridge.stop.local.requests`
- `bridge.stop.local.triggered`
- `bridge.stop.local.duplicate`

and corresponding structured logging in local-stop flow.

### TUI transaction deduplication

- `crates/bridge/src/tui/types.rs`

`TransactionState::push` now deduplicates replayed identical events while preserving distinct events that share a tx hash but differ in event identity fields.

## Test Additions

### Bridge runtime/loop coverage

- `crates/bridge/tests/core_runner_integration.rs`
- `crates/bridge/tests/harness/in_memory_ports.rs`
- `crates/bridge/tests/loop_policy_shell_tests.rs`
- `crates/bridge/tests/loop_tick_tests.rs`

New suites cover:

- observer planner decisions and replay transcripts
- emit/peek/fetch error and recovery paths
- posting failover decisioning
- signing tick progression, epoch guardrails, and local-stop triggers
- policy-level loop behavior under stopped-state conditions

### Req-res gen1 CBOR conformance

- `crates/nockchain-libp2p-io/testdata/req_res_gen1_cbor_vectors.json`
- `crates/nockchain-libp2p-io/testdata/README.md`
- `crates/nockchain-libp2p-io/src/cbor_tests.rs`
- `crates/nockchain-libp2p-io/Cargo.toml`

Adds schema/version checks, roundtrip assertions, and invalid decode vectors for req-res gen1 request/response CBOR.

## Contracts and Deployment Artifacts

- `crates/bridge/contracts/DEPLOYMENT.md`
- `crates/bridge/contracts/.env.template`
- removed `crates/bridge/contracts/tenderly.env.example`
- updated `crates/bridge/.gitignore` for generated contract artifacts

Documentation and template updates align deployment workflow around generated Tenderly virtual testnet environment outputs.

## Compatibility Notes

- Bridge runtime defaults remain aligned with previous loop intervals and retry behavior.
- Req-res conformance additions are test/fixture-level for gen1 wire compatibility verification.
- Nous is added as a draft protocol specification document.
Co-authored-by: litlep-nibbyt <9344275+litlep-nibbyt@users.noreply.github.com>
* wallet: add version 6

* wallet: make version 6 compile
… constants (#31)

* Project import generated by Copybara.

FolderOrigin-RevId: /home/gitlab-runner/builds/Izlke1EJS/0/zorpcorp/nada

* Update sync-to-nockchain.yml

---------

Co-authored-by: bitemyapp <bitemyapp@users.noreply.github.com>
Co-authored-by: ~litlep-nibbyt <9344275+litlep-nibbyt@users.noreply.github.com>
… support in rust (#33)

Detailed Changes

Wallet / CLI

Added Rust-side create-tx planning to nockchain-wallet before dispatching the existing kernel command.
Made create-tx --names optional; omitting it now enables automatic note selection.
Made create-tx --fee optional; when omitted, the planner computes the fee.
Added planner-aware fee override behavior, including explicit low-fee override handling.
Kept manual note selection mode, with parity checks to ensure the planner selects exactly the user-requested notes.
Added ascending/descending note selection support to the CLI and test coverage for the default/override behavior.
Updated wallet docs to describe auto-selection and planner-computed fees.
Added extensive wallet tests for parsing, signer selection, refund handling, planner constants, fakenet behavior, and lock matching.

New wallet-tx-builder crate

Added a new workspace crate for transaction planning.
Added normalized snapshot collection with height/block-id consistency checks and duplicate-note detection.
Added deterministic candidate ordering and planner-side selection policies.
Added typed decoding and construction for %lock, %bridge, and %bridge-w note-data payloads.
Added lock resolution logic for simple PKH and coinbase-style PKH+timelock spends.
Added seed-word and witness-word estimation, including pre-/post-Bythos fee behavior.
Added fee computation with Bythos witness divisor handling and minimum-fee enforcement.
Added checked-in planner fixtures and tests for note-data decoding and fee logic.

nockchain-types / tx-engine

Moved blockchain constants and fakenet defaults into nockchain-types as shared protocol/runtime data.
Added a canonical FirstName wrapper and first-name derivation from lock roots.
Added handwritten v1 hashable support for lock primitives, spend conditions, list/mary hashables, and first-name derivation.
Expanded v1 locks from simple spend conditions to tagged lock trees (%2, %4, %8, %16), including flattening, leaf counting, and consensus hashing.
Replaced bespoke z-map/z-set encode/decode logic across v0/v1 types with typed ZMap/ZSet usage.
Canonicalized PKH and HAX hash collections through typed constructors so duplicate and out-of-order inputs normalize cleanly.
Added a raw-tx word-count oracle jam fixture and expanded fixture regeneration documentation.
Extended v1 raw-tx tests to assert seed words, witness words, tx word count, minimum fee, and paid fee from the checked-in fixture.

Math / serde / hashing

Added OwnedBasedNoun, an allocator-free owned noun representation for based atoms plus direct noun hashing support.
Added reusable owned ZTree infrastructure and public ZMap / ZSet types with deterministic ordering, deduplication, encode/decode, and hash folding.
Defined ZMap duplicate-key behavior as last-write-wins and ZSet behavior as insertion-order-independent deduplication.
Fixed Belt noun encoding to always allocate atoms instead of assuming direct immediates.
Extended noun-serde-derive to support numeric enum tags like #[noun(tag = 2)].
Added support for per-variant #[noun(untagged)] decoding/encoding paths.
Added duplicate-tag validation in the derive macros.
Added derive tests for lock-tree-style tagged unions and mixed numeric/string tags.

gRPC / conversion

Added protobuf-to-Rust conversion for v1 raw transactions.
Updated gRPC lock decoding to canonicalize PKH/HAX hash collections before constructing tx-engine values.
Added conversion tests covering canonicalization through lock primitives, spend conditions, and full raw transactions.
Added a proto note that NoteData is still blob-only and may later expose typed decoded data.

Wallet Hoon / runtime integration

Changed wallet %fakenet handling to carry full blockchain constants instead of only patching the coinbase timelock.
Added machine-readable wallet peeks for %blockchain-constants, %signing-keys, and %tracked-locks.
Updated wallet utility code to count seed words against the wallet’s bound tx-engine instance.
Aligned Hoon first-name helpers with the Rust planner for simple and coinbase lock handling.

Node / integration updates

Updated nockchain to consume shared fakenet blockchain constants from nockchain-types.
Added wallet-tx-builder as a wallet dependency and nockchain-types as a zkvm-jetpack dependency so shared hashing/helpers can be reused by jets and wallet code.

---------

Co-authored-by: bitemyapp <bitemyapp@users.noreply.github.com>
Co-authored-by: litlep-nibbyt <9344275+litlep-nibbyt@users.noreply.github.com>
Add planner-backed legacy v0 wallet flows: new migrate-v0-notes command, manual create-tx support for all-v0 note sets, configurable note-selection ordering, signer pubkey lookup, and stricter rejection of mixed v0/v1 manual selections.

Extend wallet-tx-builder with explicit planning modes, v0-only candidate handling, legacy lock/timelock admission checks, v0 witness/fee estimation, and broader planner test coverage for migration and fee behavior.

Improve NockApp state/bootstrap ergonomics with --no-save, --bootstrap-from-chkjam, and a new nockapp-chkjam-to-state-jam utility for converting checkpoint files into --state-jam inputs.

Harden runtime behavior with better serf startup error propagation, clearer checkpoint kernel-hash mismatch reporting/metrics, quieter default OpenTelemetry logs, and safer shutdown/save behavior.

Add shared kernel workspace plumbing, an open prover benchmark test, small supporting fixes in nockvm, noun-serde, and math utilities, CI/workspace dependency updates, and restore the tx-engine architecture docs.

---------
Co-authored-by: litlep-nibbyt <9344275+litlep-nibbyt@users.noreply.github.com>
* Allow peeking block range without PoW (nockchain#108)

* wallet: support v0 note migration and chkjam bootstrap tooling

Add planner-backed legacy v0 wallet flows: new migrate-v0-notes command, manual create-tx support for all-v0 note sets, configurable note-selection ordering, signer pubkey lookup, and stricter rejection of mixed v0/v1 manual selections.

Extend wallet-tx-builder with explicit planning modes, v0-only candidate handling, legacy lock/timelock admission checks, v0 witness/fee estimation, and broader planner test coverage for migration and fee behavior.

Improve NockApp state/bootstrap ergonomics with --no-save, --bootstrap-from-chkjam, and a new nockapp-chkjam-to-state-jam utility for converting checkpoint files into --state-jam inputs.

Harden runtime behavior with better serf startup error propagation, clearer checkpoint kernel-hash mismatch reporting/metrics, quieter default OpenTelemetry logs, and safer shutdown/save behavior.

Add shared kernel workspace plumbing, an open prover benchmark test, small supporting fixes in nockvm, noun-serde, and math utilities, CI/workspace dependency updates, and restore the tx-engine architecture docs.

---------
Co-authored-by: litlep-nibbyt <9344275+litlep-nibbyt@users.noreply.github.com>

---------

Co-authored-by: Auri <0x60@pm.me>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: litlep-nibbyt <9344275+litlep-nibbyt@users.noreply.github.com>
- Add kernel-side batched tx creation for v0 migration across active local master/child signers, update wallet peeks/tests/docs and improve legacy migration testing setup. 
- Add `op-alloy` patches to open-cargo.toml to avoid NetworkWallet multiple implementation compile error until new crate is officially published
- ASERT
- 2.5 minute blocks
- Protocol lock fund
- New emissions schedule that retains the 2^32 nock hardcap
… for checkpoint and exported state jam files so corrupt bincode length fields return actionable errors instead of panicking. Apply the decoder to V0/V1/V2 checkpoints and state jams, improve operator-facing recovery messages, and add regression coverage for corrupt checkpoint/state-jam variants. Also report Serf init NockStack exhaustion directly with phase, checkpoint/kernel context, and --stack-size guidance instead of surfacing a dropped oneshot error.
# Conflicts:
#	.github/workflows/sync-to-nockchain.yml
#	Cargo.lock
#	Cargo.toml
#	Makefile
#	PROTOCOL.md
#	crates/bridge/.gitignore
#	crates/bridge/build.rs
#	crates/bridge/contracts/.env.template
#	crates/bridge/contracts/DEPLOYMENT.md
#	crates/bridge/src/deposit_log.rs
#	crates/bridge/src/ethereum.rs
#	crates/bridge/src/ingress.rs
#	crates/bridge/src/lib.rs
#	crates/bridge/src/main.rs
#	crates/bridge/src/metrics.rs
#	crates/bridge/src/nockchain.rs
#	crates/bridge/src/runtime.rs
#	crates/bridge/src/stop.rs
#	crates/bridge/src/tui/types.rs
#	crates/kernels/Cargo.toml
#	crates/nockapp/src/kernel/boot.rs
#	crates/nockapp/src/nockapp/mod.rs
#	crates/nockapp/src/nockapp/save.rs
#	crates/nockchain-api/src/main.rs
#	crates/nockchain-libp2p-io/Cargo.toml
#	crates/nockchain-math/Cargo.toml
#	crates/nockchain-math/src/zoon/common.rs
#	crates/nockchain-math/src/zoon/zmap.rs
#	crates/nockchain-types/Cargo.toml
#	crates/nockchain-types/jams/README.md
#	crates/nockchain-types/src/lib.rs
#	crates/nockchain-types/src/tx_engine/common/mod.rs
#	crates/nockchain-types/src/tx_engine/v0/note.rs
#	crates/nockchain-types/src/tx_engine/v0/tx.rs
#	crates/nockchain-types/src/tx_engine/v1/note.rs
#	crates/nockchain-types/src/tx_engine/v1/tx.rs
#	crates/nockchain-wallet/README.md
#	crates/nockchain-wallet/src/command.rs
#	crates/nockchain-wallet/src/main.rs
#	crates/nockchain-wallet/src/recipient.rs
#	crates/nockchain/Cargo.toml
#	crates/nockchain/src/config.rs
#	crates/nockchain/src/lib.rs
#	crates/nockchain/src/main.rs
#	crates/nockchain/src/setup.rs
#	crates/nockvm/rust/nockvm/src/mem.rs
#	crates/noun-serde-derive/src/lib.rs
#	crates/zkvm-jetpack/src/jets/tip5_jets.rs
#	hoon/apps/dumbnet/inner.hoon
#	hoon/apps/wallet/lib/types.hoon
#	hoon/apps/wallet/lib/utils.hoon
#	hoon/apps/wallet/wallet.hoon
#	hoon/common/tx-engine-1.hoon
#	hoon/common/tx-engine.hoon
Cherry-pick of ecbb87f from swpsco/master. Pins checkpointed digests at
heights 65,499 and 65,500 (anchor + first ASERT block) and replaces the
+find-anchor-min-ts walk with the hardcoded
asert-anchor-min-timestamp.blockchain-constants. Required for the post-
Phase-2 jam to validate the canonical chain at the activation boundary.
The `a4ced58 Merge branch 'master' into nockpool/hoon-7may26` resolution
left two identical-signature `++ lock-merkle-proof-full` cores in
`hoon/common/tx-engine-1.hoon`. The duplicate has been latent because the
committed `assets/dumb.jam` was last rebuilt on `7359882` (Mar 12 2026,
pre-merge); rebuilding the kernel against the post-merge hoon fails with
`duplicate arm: +lock-merkle-proof-full`.

Keep the upstream `nockchain` (master-side) version with the
"stub lmp axis must be 1" slog and drop the pre-merge nockpool variant.
This matches the arm shipped in nockchain master.
The committed `assets/*.jam` were last regenerated by `7359882 Bump deps
(#49)` on 2026-03-12 — pre-dating the Phase 2 / Aletheia hoon merged in
`a4ced58` (2026-05-07). Operators downstream of this pin (notably
nockpool) link the stale jam via `include_bytes!`, so their running
kernel lacks the asert-phase=65500 logic, the 80/20 fund split, and the
checkpointed digests for heights 65,499 / 65,500. Symptom: nodes accept
a non-canonical block at 65501 and then stall, unable to validate any
canonical post-65500 block.

Rebuild every jam from current hoon (Phase 2 + finalization fix +
+lock-merkle-proof-full dedupe). Sizes (bytes):

  dumb.jam:    19,744,272  (was 19,714,248)
  miner.jam:   19,216,496  (was 19,218,896)
  wal.jam:     20,044,128  (was 20,019,544)
  verifier.jam:18,408,344  (unchanged: no relevant hoon changed)
  peek.jam:    19,273,264  (new in this branch)
  bridge.jam:  19,440,784  (new in this branch)
  approver.jam:19,254,384  (new — added in 2498ef9)
Rebuild every kernel jam from current hoon on push/PR and fail if the
committed `assets/*.jam` differ. Prevents another stale-jam regression
where the hoon source has moved on but the compiled kernel did not — the
exact trap that hid the duplicate +lock-merkle-proof-full arm and let
the pre-Aletheia kernel ship to operators after the May 7 master merge.

Run target: all branches matching `nockpool/**` (where committed jams
live) plus master, scoped via paths filter to hoon/, assets/, hoonc, and
the Makefile.
The previous workflow rebuilt all kernel jams in CI and failed if they
differed byte-for-byte from the committed ones. That cannot pass
reliably: hoonc output is not reproducible — HashMap iteration order
leaks into the jam bytes, so the same source compiled under the same
toolchain on different runs produces different bytes. Empirically
verified: my locally-built jams (committed in 1db91af) and CI's rebuild
diverged under identical rust-toolchain.toml-pinned nightly-2025-11-26
/ rustc 1.93.0-nightly (80d8f292d).

Replacement: a single git-log check. Find the most recent commit
touching `assets/*.jam`, then look for any `hoon/**` files modified in
commits after that. If any exist, fail with a hint pointing at
`make build-hoon-all`. Deterministic, runs in seconds, no compile cost,
and catches the actual failure mode we hit — at 5703d68 this check
would have flagged 23 hoon files stale since the March 12 jam.

To override (e.g., comment-only hoon edits), include any `assets/*.jam`
in the same commit. Explicit acknowledgement, not silent.
…GES. MUY MUTANDO (#38)

Co-authored-by: bitemyapp <bitemyapp@users.noreply.github.com>
…cklist

Introduce h-zoon, a family of deterministic treap containers (h-map / h-set)
keyed by tip5 digest-shaped keys, migrate the dumbnet consensus core onto
them via a new kernel-state-9, and add a public gRPC API IP blocklist.

h-zoon containers
- New hoon/common/h-zoon.hoon: h-map / h-set treaps that compare existing
  digest limbs instead of re-hashing keys. They use %hmap / %hset tagged
  empty leaves so the type system enforces a hard boundary from legacy
  z-map / z-set nouns; callers cross it only through zh-* / hz-* helpers.
- hoon/common/zoon.hoon: z-map / z-set gain a %ztree tagged empty leaf for
  the matching boundary, with related ordering helper updates.
- New hoon/common/h-zoon-test.hoon: compile-time checks that the
  hashed-key container boundaries hold.

kernel-state-9 migration
- types.hoon: add kernel-state-9 with consensus/admin/mining/derived-state-9,
  moving the consensus core maps and sets onto h-zoon containers while
  preserving the post-phase-2 constants shape.
- inner.hoon: add the state-8-to-9 migration arm.
- consensus.hoon, derived.hoon, miner.hoon and the tx-engine / wallet hoon
  switch their container ops from z-by / z-in to h-by / h-in.

Rust jets
- zoon_jets.rs / hot.rs: implement and register the seven h-zoon gate jets
  (gor-hip, mor-hip, zh-molt, zh-silt, zh-milt, zh-balmilt, zh-jult) plus
  the h-by / h-in container arm jets. zh-balmilt carries a balance
  state-migration fast path that exploits persistent z-map structure and
  parent-block sharing to avoid re-walking near-identical balance
  snapshots, falling back to generic conversion on any irregular input.
- New tests: h_zoon_jet_oracle.rs differential-tests each jet against the
  Hoon oracle; h_zoon_checkpoint_migration.rs exercises the kernel-state-8
  to -9 checkpoint migration. Adds the blake3 dev-dependency.

gRPC public API IP blocklist
- New ip_blocklist.rs: a tonic interceptor that rejects blocked client IPs
  (the real client read from x-forwarded-for behind the load balancer).
  The blocklist is the union of a compiled-in default set and the
  NOCKCHAIN_API_IP_BLOCKLIST env var, read once at startup; server.rs /
  mod.rs / metrics.rs wire the layer in.

Operational changes
- Downgrade high-volume pma-copy, durability-sync, snapshot-verify and
  poke-lifecycle logs from info! to debug! across nockapp and nockvm.
- nockchain main.rs: bump the default NockStack size from Medium to Large.

FolderOrigin-RevId: /home/gitlab-runner/builds/Izlke1EJS/3/zorpcorp/nada

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three independent workstreams plus a consensus hot-path fix, imported
together.

PMA dynamic growth
- nockvm pma.rs / mem.rs / noun.rs: the persistent memory arena can now
  grow its committed capacity within a larger virtual reservation
  instead of being fixed at boot. A new GrowableFileMapping reserves
  address space up front and extends the file/mapping on demand
  (grow_to_fit, grow_to_capacity, ensure_free_words).
- Crash safety: a checksummed V2 trailer plus growth- and
  migration-journals make every resize recoverable. A partial growth
  failure "poisons" the arena so a corrupt mapping is never used, and
  legacy pre-V2 metadata is migrated on open. open_with_min /
  open_with_min_and_reserved open existing arenas without truncating
  them or shrinking the reservation.
- nockapp boot.rs / form.rs: new PmaSize type and a --pma-initial-size
  CLI option decoupled from --stack-size, with the initial size floored
  to the kernel jam size. Checksummed PmaPersistMetadataV4 plus PMA-slab
  selection, pre-event capacity reservation, and a pre-persist hook used
  by crash tests.
- A new pma_regressions suite (test modules across nockapp/ and nockvm/:
  boot resize, checkpoint bootstrap sizing, event preflight growth,
  resize-failure boundaries, failed-preserve recovery, replay
  boundaries, stale-checkpoint refusal, sqlite boundary recovery,
  upgrade-from-65a, multi-resize bootstrap, resize exhaustion) plus a
  pma_growth benchmark.

libp2p IP-level connection hygiene
- New ip_block.rs: an expiry-aware IP exclusion store. The peer-id block
  list cannot stop a host that cycles fresh peer IDs on a single IP, so
  this adds an application-level choke point that denies excluded IPs
  before transport work and an IpFilteredKad wrapper that drops
  Kademlia-owned dial candidates pointing at excluded IPs.
- New config.rs centralizes libp2p tuning (Kademlia, connection limits,
  request/response thresholds, PeerExclusionConfig) with env overrides.
  driver.rs / p2p_state.rs / behaviour.rs / metrics.rs wire exclusion
  outcomes, KAD same-IP cardinality observation, and address pruning.

Bridge operator tooling
- 18 new shell scripts under crates/bridge/scripts and
  crates/bridge/contracts/scripts: Tenderly virtual-testnet deployment
  and block advancement, contract verification, multi-bridge (5 signing
  nodes in zellij), run-node / run-bridge / combined orchestration, a
  wallet helper, and environment profiles (base-sepolia, virtual-testnet,
  test-bridge-keys). No Rust or consensus code is affected.

Consensus hot path (consensus.hoon)
- drop-dropable-txs hoists the loop-invariant heaviest-balance name set
  out of the per-tx spent-fold, turning it from
  O(|excluded-txs| * |balance|) into O(|balance| + |excluded-txs|).
- garbage-collect GCs excluded-txs on a shorter window than pending
  blocks (min(retain, 4), 4 when admin configures never-drop) so
  |excluded-txs| stays bounded.
- get-cur-balance tolerates a missing balance for a genesis-height
  heaviest block instead of crashing.

CI
- .gitlab-ci.yml: skip the redundant build-kernels / cargo-test jobs on
  the post-merge `open` push (they already ran as a required check on
  the MR) so sync-to-staging is not delayed ~2h.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The cherry-picked aletheia finalization (2a5f010) brought in the
asert-anchor-min-timestamp constant but left a stale gate in the
+lock-merkle-proof-full check arm that canonical nockchain (ecbb87f)
had removed:

  ?.  =(1 axis.form)
    ~>  %slog.[0 'stub lmp axis must be 1']
    %.n

This gate rejected any Bythos-era spend whose lock-merkle-proof had
axis != 1 — which is permitted post-Bythos (activation height 54,000)
and required by some canonical chain blocks. Net effect: every operator
running the previous PR-51 tip rejected at least one validly-signed
canonical block between heights 54,000 and 65,500 and got wedged short
of the Aletheia activation. Symptom: node tip rolls back from its old
pre-rebuild value (e.g. 65,501) to whatever height the first
axis-!=1-spend appears at (e.g. 63,449), then refuses to advance; all
%template peeks crash with [%mean 'need'] because the kernel cannot
build a candidate on top of an orphan tip.

Drop the gate. Now byte-identical to ecbb87f's lock-merkle-proof-full
check body. Jams rebuilt from this hoon (sizes -~330 bytes each except
verifier which doesn't include tx-engine-1).
Brings in:
- 334b8fc Persistent memory arena first public release
- 1cbd470 h-zoon digest-keyed containers, kernel-state-9 migration, gRPC IP blocklist
- 0787a54 PMA dynamic growth, libp2p IP-level exclusion, bridge operator tooling

Conflict resolution: took master ('theirs') for all 9 conflicts in
inner.hoon / consensus.hoon / miner.hoon / types.hoon — they were all
'master added new code, nockpool branch still on old' (h-zoon container
switch + state-8-to-9 migration). The nockpool-specific peeks
%commitment-at and %template were re-applied on top of master, with
z-by -> h-by on the lookups touching state-9 h-zoon containers
(blocks.c.k, targets.c.k); heaviest-chain.d.k stays z-by because
derived-state-9 is an alias for derived-state-8.

Deleted hoon/apps/dumbnet/lib/pending.hoon — was dead code in our
branch; nothing imported it, pending-blocks lives directly on
consensus-state. Master never had this file.

Mempool / template-peek behavior unchanged from operator perspective;
this is purely a structural migration of the underlying containers.
Jam sizes grew ~100kb each from the kernel-state-9 migration code and
h-zoon container plumbing. verifier.jam barely changed (+1.6k) because
the verifier kernel doesn't touch consensus containers.

  dumb.jam:     19,856,312 (was 19,743,952)
  miner.jam:    19,309,872 (was 19,216,168)
  wal.jam:      20,140,128 (was 20,043,776)
  peek.jam:     19,366,632 (was 19,272,936)
  bridge.jam:   19,540,216 (was 19,440,456)
  verifier.jam: 18,409,936 (was 18,408,344)
  approver.jam: 19,347,736 (was 19,254,056)

Build clean: nockpool %template and %commitment-at peeks compiled
against h-zoon-backed blocks.c.k and targets.c.k without changes
beyond the targeted z-by -> h-by substitution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants