rc.5#856
Merged
Merged
Conversation
* ci: faster tests - no need to build the runtime for these. Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: last way was no faster. Try debug Signed-off-by: Giles Cope <gilescope@gmail.com> * Apply suggestion from @gilescope --------- Signed-off-by: Giles Cope <gilescope@gmail.com>
* fix: historical paths for old qanet, preview Signed-off-by: Giles Cope <gilescope@gmail.com> * path through history - preprod data expansion (#697) * fix: intial changes Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: updated data / defs Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: remove outdated mappings Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: wrote custom indexer to get data. preview rpc nodes indexing currentl so that will come in a different commit Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: preview data Signed-off-by: Giles Cope <gilescope@gmail.com> * feat: add indexer db query tool and chain event query tool Signed-off-by: Giles Cope <gilescope@gmail.com> * feat: preprod needed slightly expanded set. This covers more than sufficient blocks but will work. Signed-off-by: Giles Cope <gilescope@gmail.com> * feat: if it ain't broke don't fix it. We know we can get to block 265948 ok so don't change anything below that. Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: blocks seem to be switched for this block now Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: outputs were not updated for some reason. Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com> * chore: add change file for historical UTXO ordering overrides Signed-off-by: Giles Cope <gilescope@gmail.com> * chore: update preprod utxo ordering config with latest (#773) Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: remove unused fn Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Oscar Bailey <79094698+ozgb@users.noreply.github.com>
Signed-off-by: Giles Cope <gilescope@gmail.com>
…786) * feat(ci): migrate image signing from Cosign/Sigstore to GitHub native attestations Replace Cosign keyless signing with GitHub's actions/attest-build-provenance and actions/attest-sbom actions, eliminating external Sigstore/Rekor dependencies. Re-enable SBOM attestation (previously disabled due to Rekor rejecting payloads). Add build provenance attestation for release binary assets. - Replace cosign sign with actions/attest-build-provenance for all images - Replace cosign attest with actions/attest-sbom for SBOM attestation - Add binary release asset attestation (tar.gz and SHA256SUMS) - Delete sign-image.sh, sign-binary.sh, sign-image.yml - Remove attest_sbom_with_retry and attest_sbom_to_multiarch from sbom-scan.sh - Rewrite verify-image.sh to use gh attestation verify - Support both GHCR orgs (midnight-ntwrk and midnightntwrk) JIRA: SRE-1910 * save * chore: add push trigger to test attestation workflow * fix(ci): use robust digest extraction for all image types The --format '{{.Manifest.Digest}}' template only works for manifest lists, not single-arch v2 manifests. Replace with --raw | sha256sum which computes the correct content-addressable digest for any manifest type. * fix: rewrite verify-binary.sh to use GitHub native attestations Replace cosign verify-blob with gh attestation verify. Add test job to test-attestation.yml to validate the script against an attested test binary. * docs: update security docs and release checklist for GitHub native attestations Replace all cosign/Sigstore references with GitHub native attestation commands (gh attestation verify). Remove .sig/.pem file references, Rekor/Fulcio architecture descriptions, and Sigstore outage procedures. Remove test-attestation.yml (validated, no longer needed). * chore: add PR link to change file * fix(deps): bump rollup to 4.59.0 to fix CVE path traversal Resolves GHSA-mw96-cpmx-2vgc (arbitrary file write via path traversal in rollup 4.0.0-4.58.0).
* feat: fork-aware toolkit pipeline (Phase 1) Introduce version-agnostic block handling so the toolkit can replay blocks from a chain that started on ledger 7 and forked to ledger 8, building correct context state across the version boundary. Core changes: - Add RawBlockData/RawTransaction types that store transactions as raw serialized bytes with a spec_version field, deferring deserialization until the ledger version is known. - Add ForkAwareLedgerContext enum wrapping ledger 7/8 LedgerContext, with update_from_block() that deserializes using the correct version's types and auto-forks via fork_context_7_to_8 when transitioning. - Remove S, P, D generic parameters from the entire fetch pipeline: FetchStorage, ComputeTask, FetchTask, fetch_all now all operate on RawBlockData. - Make SourceTransactions non-generic, holding Vec<RawBlockData> with version-aware network_id extraction. - Replace all inline LedgerContext construction + update_from_block loops with a shared build_fork_aware_context helper, used by both builders and command files. Phase 1 assumes the chain always ends at ledger 8 for transaction building. Pure ledger 7 transaction building is deferred to Phase 2. * refactor: non-generic toolkit pipeline with externalized context building Remove S, P generic parameters from Sender, SendTxs, and TxGenerator by introducing SerializedTx/BuiltTransactions types that pre-serialize transactions in the builder. Externalize context building from individual builders to TxGenerator::build_txs via relevant_wallet_seeds(). * refactor: module parameterisation, error handling, and dead code cleanup - Restructure builders into common/ + version wrappers (ledger_8.rs, ledger_7.rs) using ledger_helpers_local module alias for explicit version-specific imports - build_fork_aware_context and build_context_with_cache now return Result<_, ContextNotLedger8Error> instead of panicking - Update all callers to propagate errors with ? - Delete unused fork_aware_block_data.rs * feat: ledger 7 builder dispatch with version-aware transaction building Builders now dispatch to the correct ledger version at construction time via Builder::to_versioned_builder(). Cross-version type conversion uses raw bytes for hash types, bech32 for addresses, and try_from for seeds. Version-local tx serialization replaces the ledger-8-bound DeserializedTransactionsWithContext. contract_custom is excluded from ledger 7 as EncodedOutputInfo only implements ledger 8 BuildOutput. * refactor: add explicit ledger 8 import to builder mod.rs * chore: cargo fmt * fix: output format for serialized txs * refactor: remove all typed tx code in SourceTransactions * fix: toolkit exits if there are no finalized blocks after genesis * test: add single-tx example + integration test * fix: contract-address file-format fix; add toolkit-e2e.rs * fix: rebuild local-env images on docker compose up Pass --build to docker compose up so that locally-built images (e.g. contract-compiler) are rebuilt when their Dockerfile changes, preventing stale images from being reused. * fix: derive network id from tx data only local-env uses a different chain network id to the network id encoded in the ledger transactions - this is non-standard, but the toolkit should not break because of this. * fix: serialized tx now differentiates between midnight/system tx * feat: migrate remaining commands to fork module for multi-ledger-version support Move version-dependent logic from command files into fork/common/commands/, compiled against both ledger_7 and ledger_8 types via the existing #[path] pattern. Context-building commands (contract_state, show_wallet, dust_balance, generate_intent, generate_sample_intent) dispatch based on ForkAwareLedgerContext::version(). Deserialization commands (show_transaction, contract_address, get_tx_from_context) use try-both dispatch: attempt ledger_8 first, fall back to ledger_7. * refactor: move fork/commands under commands/fork and remove fork module The top-level fork/ module mixed concerns (commands, builders, transactions) under a single umbrella. Move version-specific command implementations into commands/fork/ where they colocate with the dispatch logic, and consolidate the shared from_serde_tx into the existing tx_generator builders via a transactions.rs module. The duplicate fork/builders/ is removed since tx_generator/builder/builders/ already provides the same functionality. * refactor: remove dead code * fix: compile warnings * chore: cargo fmt * docs: update readme * fix: genesis generation toolkit fixes * fix(toolkit): show-transaction now reads new file format * chore: rebuild genesis * test: re-enable test * fix: remove superfluous get-tx-from-context command * test: fix tests to use new tx format * chore: add missing file * fix: update chainspec init to work with new genesis block format * chore: cargo fmt * chore: add change file * test: fix toolkit.db contention + speed up toolkit e2e tests * fix: correctly load txs in chain_spec/mod.rs * feat: use hex serialization in tx files * chore: fix compile warnings * chore: update genesis files to new format (data unchanged) * docs: tweak panic message * fix: off-by-one error * refactor: simplification * chore: remove dead code * refactor: simplification * refactor: derive standard PartialEq/Eq for RawBlockData Replace the manual PartialEq/Eq/Ord/PartialOrd impls that only compared tblock_secs with derived PartialEq/Eq. The single sort call site now uses sort_by_key instead. * refactor: use combinator for ledger context dispatch * fix: grant attestations:write permission in CI workflow The reusable sbom-scan-image workflow requires attestations:write, but the caller workflow did not include it in top-level permissions. * test: fix toolkit-multi-dest-e2e
* feat(ci): migrate image signing from Cosign/Sigstore to GitHub native attestations
Replace Cosign keyless signing with GitHub's actions/attest-build-provenance
and actions/attest-sbom actions, eliminating external Sigstore/Rekor dependencies.
Re-enable SBOM attestation (previously disabled due to Rekor rejecting payloads).
Add build provenance attestation for release binary assets.
- Replace cosign sign with actions/attest-build-provenance for all images
- Replace cosign attest with actions/attest-sbom for SBOM attestation
- Add binary release asset attestation (tar.gz and SHA256SUMS)
- Delete sign-image.sh, sign-binary.sh, sign-image.yml
- Remove attest_sbom_with_retry and attest_sbom_to_multiarch from sbom-scan.sh
- Rewrite verify-image.sh to use gh attestation verify
- Support both GHCR orgs (midnight-ntwrk and midnightntwrk)
JIRA: SRE-1910
* save
* chore: add push trigger to test attestation workflow
* fix(ci): use robust digest extraction for all image types
The --format '{{.Manifest.Digest}}' template only works for manifest
lists, not single-arch v2 manifests. Replace with --raw | sha256sum
which computes the correct content-addressable digest for any manifest
type.
* fix: rewrite verify-binary.sh to use GitHub native attestations
Replace cosign verify-blob with gh attestation verify. Add test job
to test-attestation.yml to validate the script against an attested
test binary.
* docs: update security docs and release checklist for GitHub native attestations
Replace all cosign/Sigstore references with GitHub native attestation
commands (gh attestation verify). Remove .sig/.pem file references,
Rekor/Fulcio architecture descriptions, and Sigstore outage procedures.
Remove test-attestation.yml (validated, no longer needed).
* chore: add PR link to change file
* fix(deps): bump rollup to 4.59.0 to fix CVE path traversal
Resolves GHSA-mw96-cpmx-2vgc (arbitrary file write via path traversal
in rollup 4.0.0-4.58.0).
* fix(ci): exclude syft file cataloger to fix SBOM attestation size limit
Syft v1.20.0+ enables a file cataloger by default that lists every file
in the container, bloating the SBOM from ~1.4MB to ~24MB. This exceeds
the 16MB hard limit in actions/attest-sbom, causing "predicate file
exceeds maximum allowed size" errors.
Adding --select-catalogers '-file' to exclude file metadata that isn't
needed for vulnerability scanning.
Includes a temporary test workflow to validate the fix against the same
midnight-node image that failed.
* chore(ci): measure SBOM size to investigate 16MB attestation limit
* fix(ci): pull image via docker before syft scan
* fix(ci): use MidnightCI credentials for GHCR login
* fix(ci): trim SBOM relationships before attestation to fit 16MB limit
The midnight-node image produces a 19MB+ SBOM even without file
cataloger entries, exceeding the actions/attest-sbom 16MB hard limit.
Strip SPDX relationships before attesting while preserving the full
SBOM as a build artifact.
* fix(ci): minify trimmed SBOM JSON to increase headroom under 16MB limit
* chore(ci): remove temporary SBOM test workflow
* fix npm audit issues * fix npm audit for local env * fix: correct PR link in change file
Co-authored-by: Squirrel <giles.cope@shielded.io>
* chore: initialize work package for PM-20204 Audit finding Issue M: Node can panic on startup due to unwrap() calls in genesis state decoding (node/src/command.rs). Co-authored-by: Cursor <cursoragent@cursor.com> * fix: replace unwrap() panics in genesis state decoding with error propagation Extract `decode_genesis_state` function from `run_node` to replace three chained unwrap() calls that panic when chain spec properties contain missing, non-string, or malformed hex genesis_state values. - Return typed sc_cli::Error::Input with descriptive messages - Add 256 MiB upper bound validation on decoded genesis state size - Add 7 unit tests covering all error paths and boundary conditions Resolves: PM-20204 (Least Authority audit Issue M) Co-authored-by: Cursor <cursoragent@cursor.com> * chore: add change file for PM-20204 genesis state decode fix Co-authored-by: Cursor <cursoragent@cursor.com> * test: remove memory-heavy size boundary tests Drop decode_genesis_state_oversized and decode_genesis_state_at_size_limit tests that each allocated ~512 MiB to verify a trivial integer comparison. The size guard remains in the implementation; the five remaining tests cover all three error paths, the happy path, and the empty-input edge case. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: contracts deployment in local-env; fixes CI * fix: local-env pc-chain-config
Document the 16MB actions/attest-sbom predicate limit and the trimming strategy (strip relationships + minify JSON) in the image signing overview and operational runbook.
…update (#805) Bumps the npm_and_yarn group with 1 update in the /ui directory: [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 1 update in the /ui/tests directory: [minimatch](https://github.com/isaacs/minimatch). Updates `minimatch` from 3.1.3 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.3...v3.1.5) Updates `minimatch` from 5.1.7 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.3...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Squirrel <giles.cope@shielded.io>
* feat: add wasm files to releases * ci: wasm assets for releases * fix: code scanning report * fix: ci audit * fix: remove unnecessary push and add one to appear on actions * fix: remove unnecessary push * fix: add again push * fix: remove unnecessary push 2 * Apply suggestion from @gilescope * nit: node rather than client --------- Co-authored-by: Squirrel <giles.cope@shielded.io>
* chore: remove Default impl for WalletSeed Remove the all-zero Default implementation for WalletSeed. The one internal placeholder usage in RewardsInfo is replaced with an explicit initializer. * fmt * add changes file
* chore: remove dead code Signed-off-by: Giles Cope <gilescope@gmail.com> * fix: remove dead code Signed-off-by: Giles Cope <gilescope@gmail.com> * chore: fmt Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com>
* chore: initialize branch for PM-19901 guards on NextCardanoPosition Co-authored-by: Cursor <cursoragent@cursor.com> * fix: add error variants for CardanoPosition guard failures Add CardanoPositionRegression and CardanoPositionExcessiveJump to the pallet Error enum, preparing for monotonicity and window-bound guards on NextCardanoPosition updates in process_tokens. Refs: PM-19901 Co-authored-by: Cursor <cursoragent@cursor.com> * fix: add monotonicity and window-bound guards to process_tokens Read the previous NextCardanoPosition before updating and enforce: 1. Strict monotonicity via PartialOrd (block_number, tx_index_in_block) 2. Forward bound via CardanoBlockWindowSize (default 1000 blocks) Guards use ensure! consistent with existing InherentAlreadyExecuted pattern. On failure, Substrate rolls back all storage mutations and rejects the block (Mandatory dispatch). Refs: PM-19901 Co-authored-by: Cursor <cursoragent@cursor.com> * fix: add unit tests for CardanoPosition guard validation Add 9 tests covering monotonicity and window-bound guards: - Regression: lower block_number, equal position, same-block lower tx_index - Acceptance: same-block higher tx_index, within-window jump, normal advance - Boundaries: default (zero) position, exact window boundary, exceeding window - All existing tests pass without modification Refs: PM-19901 Co-authored-by: Cursor <cursoragent@cursor.com> * fix: add change file for NextCardanoPosition guards Document the monotonicity and window-bound guard addition for the release changelog, addressing audit issue R (PM-19901). Refs: PM-19901 Co-authored-by: Cursor <cursoragent@cursor.com> * fix: improve guard tests with shared helper and additional coverage - Extract establish_position() helper to reduce boilerplate across 8 guard tests - Add position_guard_works_with_utxos_present test validating guards fire correctly when UTXOs are also present in the dispatch - Add position_guards_hold_across_multiple_advances test verifying guards remain effective after 4 sequential position advances Refs: PM-19901 Co-authored-by: Cursor <cursoragent@cursor.com> * rebuild metadata, fix formatting ,fix: relax guards per review — allow equal positions, warn-only for window bound Signed-off-by: Giles Cope <gilescope@gmail.com> * Apply suggestions from code review * Apply suggestion from @gilescope * Apply suggestion from @gilescope * Apply suggestion from @gilescope --------- Signed-off-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Squirrel <giles.cope@shielded.io>
* chore: clean up verbose logging in toolkit and ledger helpers Remove unnecessary println and dbg! calls from execute_js, contract builder, and transaction build paths. * chore: add PR link to change file * chore; fmt Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Giles Cope <gilescope@gmail.com>
* chore: generate chain-spec for perfnet * Apply suggestion from @gilescope * Apply suggestion from @gilescope --------- Co-authored-by: Squirrel <giles.cope@shielded.io>
…ns ttl (#791) Co-authored-by: Squirrel <giles.cope@shielded.io>
* chore: initialize branch for PM-19905 Race condition fix in update_from_tx (Least Authority Issue AJ) Co-authored-by: Cursor <cursoragent@cursor.com> * chore: initialize branch for PM-19905 Race condition fix in update_from_tx (Least Authority Issue AJ) Co-authored-by: Cursor <cursoragent@cursor.com> * fix: hold ledger_state mutex for full RMW in update_from_tx Closes the read-modify-write race window (Audit Issue AJ) by acquiring the ledger_state lock at method entry and holding it through the write-back, instead of clone-and-release via tx_context(). Lock ordering (ledger_state → wallets) is preserved and consistent with update_from_block. Refs: PM-19905 * test: add concurrency test for ledger_state mutex serialization Exercises the same ledger_state mutex that update_from_tx now holds for its full RMW cycle. Spawns 8 threads doing non-atomic read-yield-write under with_ledger_state, verifying no lost updates. Runs across all three ledger versions via compile-time versioning. Covers: PR767-TC-02 (no lost updates), PR767-TC-03 (no deadlock) Refs: PM-19905 * chore: add change file for PM-19905 Made-with: Cursor --------- Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: clean up motion removal and member ordering in governance pallets Ensure motions are always removed from storage when closed, even if dispatch fails, to prevent stale entries. Sort authority pairs by AccountId before unzipping into parallel vectors so member associations stay correctly aligned. * change file * unused comment * change file * Apply suggestion from @mpskowron Co-authored-by: mpskowron <michal.skowron@iohk.io> * fix: ensure that failed motion does not prevent cleanup Signed-off-by: Giles Cope <gilescope@gmail.com> * chore: fmt Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Squirrel <giles.cope@shielded.io> Co-authored-by: mpskowron <michal.skowron@iohk.io> Co-authored-by: Giles Cope <gilescope@gmail.com>
* feat: Bump ledgers Signed-off-by: Giles Cope <gilescope@gmail.com> * chore: change log Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com>
* feat: 2026 happened Signed-off-by: Giles Cope <gilescope@gmail.com> * feat: 2026 happened Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com>
* feat: pallet_throttle * chore: add change file * chore: add change file 2 * fix: make clippy happy * fix: make clippy happy 2 * fix: benchmarks * fix: benchmarks 2 * chore: rebuild metadata * fix: ci audit * fix: npm audit * fix: update metadata Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Squirrel <giles.cope@shielded.io>
* update scanner action to latest version Signed-off-by: Giles Cope <gilescope@gmail.com> * update scanner action to latest version Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com>
* Add optional `output_onchain_state` argument to `CircuitArgs` and map it into the command args in `execute_circuit` * Update Toolkit `README.md` to include example of chaining state for batched circuit calls * Update `toolkit-tokens-minter-e2e.sh` to chain on-chain states between `generate-intent` calls * Update `compact-js-*` packages to `2.4.2` * Add change file --------- Co-authored-by: Squirrel <giles.cope@shielded.io>
…203] (#768) * fix(node): unify genesis state source for offline subcommands [PM-20203] All offline subcommands (check-block, export-blocks, export-state, import-blocks, revert, partner-chains, and benchmark sub-arms) now derive StorageInit.genesis_state from chain_spec.properties() via genesis_state_from_chain_spec(), instead of hardcoding UndeployedNetwork.genesis_state(). This ensures subcommands use the correct genesis state for the active chain specification. Changes: - Add genesis_state_from_properties() and thin wrapper genesis_state_from_chain_spec() to extract hex-encoded genesis state from chain spec properties with descriptive error handling - Add verify_genesis_consistency() for blake2_256 hash comparison between chain spec and compiled-in genesis - Move StorageInit creation from function scope into 7 match arm closures (10 call sites) where config.chain_spec is available - Remove unused MidnightNetwork trait import - Add 6 unit tests covering valid extraction, missing key, non-string value, invalid hex, hash match, and hash mismatch Made-with: Cursor * refactor(node): extract StorageInit construction into helper function Add storage_init_from_chain_spec() to eliminate 10 repeated StorageInit struct literals across subcommand match arms. Add doc comments to all new functions. Made-with: Cursor * chore(node): suppress dead_code warning and add change file [PM-20203] Add #[allow(dead_code)] to verify_genesis_consistency (not yet wired into a runtime call site). Add change file for CI. * fix: address review comments Signed-off-by: Giles Cope <gilescope@gmail.com> * chore: fmt Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Giles Cope <gilescope@gmail.com>
* feat(cnight-observation): add frame-benchmarking dependency and runtime-benchmarks feature
Add frame-benchmarking as an optional dependency and configure the
runtime-benchmarks feature flag to enable benchmark compilation for
the cnight-observation pallet. Follows the pattern established by
pallet-federated-authority-observation.
Ticket: PM-19778
Co-authored-by: Cursor <cursoragent@cursor.com>
* feat(cnight-observation): add WeightInfo trait and placeholder weights
Define the WeightInfo trait with fn process_tokens(n: u32) -> Weight
for the cnight-observation pallet. Includes SubstrateWeight<T>
placeholder impl with conservative estimates (to be replaced by
benchmark output) and impl WeightInfo for () returning zero weight
for tests and mocks.
Refs: PM-19778
* feat(cnight-observation): add weight infrastructure to process_tokens
- Add pallet constants UTXO_PER_TX_OVERESTIMATE (64) and
MAX_UTXO_COUNT (12,800) matching mainchain follower buffer bounds
- Add WeightInfo associated type to Config trait
- Add TooManyUtxos error variant with dynamic UTXO count guard
- Change weight annotation from (0, Mandatory) to
(T::WeightInfo::process_tokens(MAX_UTXO_COUNT), Mandatory)
- Change return type to DispatchResultWithPostInfo with actual-weight
correction via PostDispatchInfo { pays_fee: Pays::No }
- Wire weights and benchmarking modules
Refs: PM-19778
* feat(cnight-observation): add WeightInfo to mock configs
Add `type WeightInfo = ();` to both mock runtime Config impls
(mock.rs and mock_with_capture.rs), satisfying the new associated
type added to the pallet's Config trait.
Refs: PM-19778
* feat(runtime): wire cnight-observation WeightInfo and benchmark registration
Add `type WeightInfo = ();` to the runtime's pallet_cnight_observation
Config impl and register the pallet in `define_benchmarks!` so the
benchmark CLI discovers its extrinsics.
Refs: PM-19778
* feat(cnight-observation): implement process_tokens benchmark
FRAME v2 benchmark for process_tokens using Registration UTXOs as
the benchmark input type. Registration handlers exercise the
storage-dominant path (2R + 1W + events per UTXO) without requiring
LedgerApi, making them suitable for deterministic benchmarking.
- Linear<0, MAX_UTXO_COUNT> parameter (0..12,800 UTXOs)
- RawOrigin::None for inherent dispatch
- Synthetic UTXOs with unique CardanoRewardAddressBytes
- impl_benchmark_test_suite with mock_with_capture runtime
Refs: PM-19778
* fix(cnight-observation): fix doctest and benchmark test suite compat
- Mark shell command in weights.rs doc comment as ```text to prevent
doctest from parsing it as Rust code
- Remove impl_benchmark_test_suite! from benchmarking.rs — the
external mock crate cannot propagate runtime-benchmarks feature
without a circular dependency; benchmark smoke tests run via the
runtime crate instead
Refs: PM-19778
* test(cnight-observation): add UTXO guard and PostDispatchInfo validation tests
Add validation_tests.rs covering PM-19778 code review findings M1/M2:
- TC-01: TooManyUtxos rejection when UTXO count exceeds capacity bound
- TC-02: Exact boundary acceptance at capacity limit
- TC-06b: PostDispatchInfo returns actual_weight and Pays::No
* style(cnight-observation): apply rustfmt to validation tests
* chore: add change file for PM-19778
* fix(cnight-observation): resolve clippy identity_op in validation tests
Use capacity=2 instead of 1 to avoid `1u32 * UTXO_PER_TX_OVERESTIMATE`
which clippy flags as identity_op (no-op multiplication by 1).
Made-with: Cursor
* chore: rebuild metadata
* fix: make runtime use non-zero weights
Signed-off-by: Giles Cope <gilescope@gmail.com>
* chore: fmt
Signed-off-by: Giles Cope <gilescope@gmail.com>
* chore: update metadata
Signed-off-by: Giles Cope <gilescope@gmail.com>
---------
Signed-off-by: Giles Cope <gilescope@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Giles Cope <gilescope@gmail.com>
…M-20218) (#762) * chore: initialize work package for PM-20218 Audit finding Issue I: UtxoOwners persist inconsistently in handle_create and handle_redemption_create. Co-authored-by: Cursor <cursoragent@cursor.com> * test(cnight-observation): verify UtxoOwners not written on event construction failure Add negative test for handle_create: when construct_cnight_generates_dust_event fails due to an invalid DustPublicKey (bytes exceeding Fr field modulus), UtxoOwners storage must not be written and no SystemTransactionApplied event should be emitted. Ref: PM-20218 Made-with: Cursor * chore: fix cargo fmt formatting in cnight-observation tests Made-with: Cursor * test(cnight-observation): add spend-without-create guard test and change file Add test verifying that AssetSpend for a UTXO without prior AssetCreate does not emit a Destroy event. Add change file for audit test coverage. Made-with: Cursor * Ensure it's not failing for wrong reasons. * chore: fmt Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Squirrel <giles.cope@shielded.io> Co-authored-by: Giles Cope <gilescope@gmail.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...bbbca2d) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.22.2 to 0.23.0. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@28d7154...17ae174) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.23.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* test(toolkit): add hard-fork e2e test using testcontainers Verify that a new node can boot from a chain-spec generated by an older node version and accept transactions. Generates the chain-spec from a configurable fork-from node image (default 0.21.0), starts the latest node with it, and runs single-tx before and after a placeholder runtime upgrade step. * feat(toolkit): add runtime-upgrade command Add a `runtime-upgrade` toolkit command that performs a runtime upgrade through federated governance. It authorizes the upgrade via root-call, then applies it, accepting governance keys as CLI arguments so it works on real networks (unlike the upgrader binary which hardcodes dev keys). Wire up the new command in the hardfork e2e test to exercise the full upgrade flow: extract WASM, authorize, apply, and verify post-upgrade. * docs(toolkit): add runtime-upgrade to README * docs: add change file * chore: forward NODE_IMAGE to test-toolkit Earthly target Accept NODE_IMAGE and FORK_FROM_NODE_IMAGE as optional build args in +test-toolkit and conditionally forward them to the test container. When not provided, the test-images.docker-compose.yml defaults apply. * ci: pass NODE_IMAGE to test-toolkit in CI Make test-toolkit depend on the run job so the freshly-built node image is available in GHCR. Add Docker login and pass NODE_IMAGE as a build arg to earthly. In the Earthfile, conditionally --pull the image into the DinD daemon so testcontainers can use it for the hardfork e2e test. * ci: fix secret usage to read-only * chore: pre-pull NODE_IMAGE in test-toolkit Earthly target The DinD daemon doesn't inherit Docker auth, so testcontainers can't pull private GHCR images at runtime. Use Earthly's --pull directive to pre-pull NODE_IMAGE into DinD when provided. Without NODE_IMAGE, testcontainers pulls the public default images itself. * docs: add PR to change file * test: add explainer to test-image.docker-compose.yml * fix: use with_copy_to instead of bind mount in hardfork e2e test Bind mounts fail in DinD because the tempdir exists inside the test container but not on the Docker host. with_copy_to sends data via the Docker API, which works regardless of filesystem sharing. Also adds kics-scan disable for the test-images docker-compose file since it is never run directly.
* feat: 2026 happened Signed-off-by: Giles Cope <gilescope@gmail.com> * feat: 2026 happened Signed-off-by: Giles Cope <gilescope@gmail.com> * chore: drop year from copyright notices Signed-off-by: Giles Cope <gilescope@gmail.com> --------- Signed-off-by: Giles Cope <gilescope@gmail.com>
* fix: sync issue against 0.21.0 * docs: add PR to change file
Signed-off-by: Giles Cope <gilescope@gmail.com>
Contributor
|
KICS version: v2.1.19
|
) * revert tagged serialization for contract addresses and coin public * change file * remove remaining tag arguments for coin publics and contract addresses * comment out ephemeral env test in ci * remove --tagged --------- Co-authored-by: Squirrel <giles.cope@shielded.io> Signed-off-by: Giles Cope <gilescope@gmail.com>
justinfrevert
approved these changes
Mar 3, 2026
Fentonhaslam
approved these changes
Mar 3, 2026
Contributor
|
/bot rebuild-metadata |
Contributor
|
✅ Metadata rebuild complete! Changes have been committed. |
gilescope
pushed a commit
that referenced
this pull request
Apr 8, 2026
m2ux
added a commit
that referenced
this pull request
Apr 23, 2026
m2ux
added a commit
that referenced
this pull request
Apr 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
update to midnight-node rc.5
Don't squash merge.
#856