feat(iota-core): certificate-less transaction flow (P-COOL)#11242
Draft
feat(iota-core): certificate-less transaction flow (P-COOL)#11242
Conversation
…s conflict resolution (#10379) This PR merges the `feat/consensus/transaction-certificate-removal` branch into `feat/consensus/transation-certificateless-flow-feature`, implementing an early Proof of Concept (PoC) for a certificateless transaction flow in IOTA consensus. **This is an early proof of concept with many missing features and limited testing.** This implementation demonstrates base functionality but is not production-ready. - ✅ Sending transactions from faucet - ✅ Sending transactions between nodes - ✅ Basic white flag conflict resolution for post-consensus owned object locking -⚠️ Conflicting transactions scenarios -⚠️ High-load/stress testing -⚠️ Full end-to-end validator scenarios -⚠️ Edge cases and error recovery paths This PR introduces a **white flag transaction flow** that bypasses pre-consensus certification and owned object locking. Instead, conflicts are resolved deterministically post-consensus using persistent locks. This represents a significant architectural shift in how IOTA handles transaction consensus. 1. **Transaction Exclusivity**: A transaction uses either white-flag flow OR certificate flow, never both (enforced by feature flags) 2. **Deterministic Conflict Resolution**: Conflicts are resolved in consensus order 3. **Persistent Lock Reuse**: Uses the same lock mechanism (`owned_object_locked_transactions` table) as certificate flow 4. **Atomic Conflict Detection**: If ANY owned input object is locked, the ENTIRE transaction is dropped 1. **White Flag Conflict Resolution** (`white_flag.rs`) - Post-consensus owned object locking and conflict resolution - Deterministic transaction ordering based on consensus sequence - Atomic conflict detection (all-or-nothing for owned objects) 2. **Transaction Driver** (`transaction_driver/` module) - `EffectsCertifier`: Manages effects certificate creation and validation - `TransactionSubmitter`: Handles transaction submission to validators - `RequestRetrier`: Retry logic with exponential backoff - `ReconfigObserver`: Monitors and handles epoch reconfigurations 3. **Validator Client Monitor** (`validator_client_monitor/` module) - Tracks validator client performance and availability - Collects metrics on submission success/failure rates - Provides feedback for validator selection 4. **Status Aggregator** (`status_aggregator.rs`) - Aggregates transaction status from multiple validators - Determines quorum for transaction effects 1. **Authority Per Epoch Store** (`authority_per_epoch_store.rs`) - Enhanced lock management for white flag transactions - Support for batch lock acquisition and release - Conflict tracking and resolution 2. **Consensus Handler** (`consensus_handler.rs`) - Integration with white flag conflict resolution - Pre-processing of consensus transactions - Support for UserTransactionV1 variant 3. **Authority Server** (`authority_server.rs`) - New gRPC endpoints for white flag submission - Transaction status queries - Enhanced validator communication 4. **Transaction Orchestrator** (`transaction_orchestrator.rs`) - Support for certificateless transaction submission - Integration with TransactionDriver - Improved pending transaction recovery 1. **Protocol Config** (`protocol-config`) - New feature flag: `white_flag_transaction_flow` - Environment variable overrides for feature flags - Configuration versioning support 2. **Node Configuration** (`node.rs`) - `ValidatorClientMonitorConfig`: Client monitoring settings - Feature flag configurations - Network endpoint configurations 1. **New Types** (`iota-types`) - `SubmitTxRequest`, `SubmitTxResult`: White flag submission types - `TransactionDriverTypes`: Effects and finalization types - Enhanced `ConsensusTransactionKind` with `UserTransactionV1` 2. **Error Handling** (`error.rs`, `transaction_driver/error.rs`) - New error variants for white flag flow - Transaction driver specific errors - Enhanced error context and debugging 1. **White Flag Tests** (`white_flag_tests.rs`) - Conflict resolution scenarios - Lock acquisition and release - Transaction ordering validation 2. **Unit Tests** (`authority_tests.rs`, `server_tests.rs`) - gRPC endpoint testing - Transaction submission validation - Status aggregation verification 3. **Validator Client Monitor Tests** (`validator_client_monitor/tests.rs`) - Client performance tracking - Metrics collection validation - New Prometheus metrics for: - Transaction driver operations - White flag conflict resolution - Validator client performance - Starfish DAG state and shard reconstruction - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (white flag conflict resolution, transaction driver) - [x] Manual testing with local validator setup - Transaction submission from faucet - Transaction submission between nodes - [ ] Conflicting transaction scenarios (not yet tested) - [ ] Production-scale stress testing (not yet performed) - [ ] Full integration testing across all validator scenarios (pending) Resolves #10017 - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [ ] I have checked that new and existing unit tests pass locally with my changes - [x] Protocol: White flag transaction flow feature flag, UserTransactionV1 consensus variant - [x] Nodes (Validators and Full nodes): Transaction driver, validator client monitor, new gRPC submission endpoints for post-consensus conflict resolution. - [ ] Indexer: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK: - [ ] REST API:
…low (#10632) # Description of change Introduces soft bundle transaction submission support in the certificate-less (p-cool / white flag) flow, achieving feature parity with the existing certificate-based flow. The key changes are: - **`SubmitTransactions` gRPC endpoint** (`authority_server.rs`): Added `handle_submit_transactions_impl` to handle both single-transaction and soft-bundle submissions. Validates signatures, performs overload checks, and routes to consensus via `ConsensusAdapter::submit_batch`. - **Soft bundle consensus integration** (`consensus_adapter.rs`, `white_flag.rs`): Extended consensus adapter and white flag handler to accept and process a batch of transactions as an atomic unit. Transactions in a bundle share the same gas sponsor and are submitted together or not at all. - **Error reporting** (`messages_grpc.rs`, `error.rs`): Introduced `SubmitTransactionResult` / `SubmitTransactionsResponse` with structured per-transaction results including validity status, overload indicators, and executed effects. - **Client-side support** (`authority_client.rs`, `safe_client.rs`, `test_authority_clients.rs`): Wired the new `submit_transactions` RPC into the validator client stack. - **`TransactionDriver` integration** (`transaction_submitter.rs`, `effects_certifier.rs`, `mod.rs`): The transaction driver now calls `submit_transactions` and processes the single `SubmitTransactionResult` response. ## Links to any relevant issues fixes #10368 ## How the change has been tested - [ ] Basic tests (linting, compilation, formatting, unit/integration tests) - [ ] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] I have checked that new and existing unit tests pass locally with my changes
…rtificate-less flow (#10633) Ensures the certificate-less (p-cool / white flag) transaction submission path performs the same validation as the certificate-based (`handle_transaction_impl`) path, and adds handling for edge cases introduced by the certificate-less flow. Key changes: - **`handle_transaction_deny_checks`** (`authority.rs`): Extracted deny/input/gas/coin/MoveAuthenticator checks from `handle_transaction_impl` into a reusable method on `AuthorityState`. Returns owned object refs without acquiring locks. - **`validate_owned_object_versions`** (`execution_cache.rs`, `object_locks.rs`, `passthrough_cache.rs`, `writeback_cache.rs`, `proxy_cache.rs`): New method added to `ExecutionCacheWrite` that validates owned object existence and version/digest match against live objects without acquiring any locks. - **Validation in white flag path** (`authority_server.rs`): Both the single-tx and soft-bundle paths of `handle_submit_transactions_impl` now call `handle_transaction_deny_checks` and `validate_owned_object_versions` after signature verification and before the reconfiguration lock — matching the gates in `handle_transaction_impl`. - **Already-executed check** (`authority_server.rs`): If `validate_owned_object_versions` fails, the handler checks via `try_get_executed_effects` whether the transaction was already successfully executed (duplicate submission). If so, returns the executed result instead of an error. - **Efficient executed-effects retrieval** (`authority_server.rs`): Replaced `get_signed_effects_and_maybe_resign` with `try_get_executed_effects` in the already-executed path to avoid unnecessary effect signing. Also populates `ExecutedData` with effects, events, input objects, and output objects so the `TransactionDriver` can skip a subsequent `get_full_effects` RPC. - **Epoch boundary bail-out** (`authority_server.rs`): Added early return when the validator is in the middle of an epoch change, preventing user certificates from being accepted into consensus unnecessarily. - **`SubmitTransactionsResponse` simplification** (`messages_grpc.rs`, `transaction_submitter.rs`): Replaced `results: Vec<SubmitTransactionResult>` with `result: SubmitTransactionResult` since the endpoint handles at most one logical outcome per call. - **Soft-bundle homogeneity validation** (`consensus_adapter.rs`): Added check that all transactions in a soft bundle share the same gas sponsor. - **Comprehensive unit tests** (`server_tests.rs`): ~480 lines of new unit tests covering invalid inputs, re-submissions, oversized payloads, gas price mismatches, epoch boundary rejections, and soft-bundle scenarios. fixes #10369 - [ ] Basic tests (linting, compilation, formatting, unit/integration tests) - [ ] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] I have checked that new and existing unit tests pass locally with my changes
# Description of change Three fixes identified during PR #10379 review: **Make `SubmitTxResult::Executed` details non-optional** Remove `Option` from the `details` field — the `Executed` variant is only constructed for already-executed transactions where details are always available. `WaitForEffectsResponse::Executed` keeps `Option` (justified by `include_details` flag and ping responses). **Propagate storage errors as fatal in post-consensus validation** Align with the certificate flow where DB errors halt processing via `?`. Storage/epoch errors (RocksDB failures, epoch store closed) now return `Err` immediately instead of being downgraded to per-transaction drops. Add `IotaError::is_storage_or_epoch_error()` to classify errors by variant. Guaranteed-storage sites use `?` directly; mixed sites (`handle_transaction_deny_checks`) use the classifier. **Include randomness transactions in white-flag conflict resolution** When white-flag is enabled, keep all user transactions (regular and randomness) in a single list during categorization to preserve consensus DAG ordering. After `validate_and_resolve_conflicts`, partition back into separate lists for downstream processing. Non-white-flag flow is unchanged. ## Links to any relevant issues Fixes #10761 Fixes #10763 Fixes #10764 ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes - `cargo test -p iota-core -- server_tests post_consensus_validation authority_tests::test_consensus_commit_prologue_generation` — all pass - `test_consensus_commit_prologue_generation` parameterized with rstest to run with/without white-flag + UserTransactionV1
…ponse (#10812) # Description of change Wire real in-flight metrics into `ValidatorHealthResponse`, replacing hardcoded zeros with live data from existing subsystems: - `num_inflight_execution_transactions` — from `TransactionManager::inflight_queue_len()` (pending + executing certificates) - `num_inflight_consensus_transactions` — from `ConsensusAdapter::num_inflight_transactions()` (AtomicU64 managed by InflightDropGuard) - `last_locally_built_checkpoint` — from `CheckpointStore::get_latest_locally_computed_checkpoint()` ## Links to any relevant issues Fixes #10743 ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes ### Release Notes - [ ] Protocol: - [x] Nodes (Validators and Full nodes): `ValidatorHealthResponse` now returns real in-flight transaction counts, last committed leader round, and last locally built checkpoint sequence number - [ ] Indexer: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK: - [ ] REST API:
…dary coordination (#10615) # Description of change This PR implements a PoC version of certificate-less epoch boundary coordination. <details> <summary>Background on epoch boundary coordination with certificates</summary> - Each validator tracks which certificates it has submitted to consensus, but they have not been sequenced by consensus yet - `pending_consensus_certificates`. - Certificates are the unit of work that a validator must drain before an epoch can close. The epoch change process has the following phases: 1. **Reconfig state `AcceptAllCerts`** - All certificates are accepted and tracked in `pending_consensus_certificates`. - Every time a checkpoint is created, its timestamp is compared against `next_reconfiguration_timestamp_ms = epoch_start_timestamp_ms + epoch_duration_ms`. - If the timestamp exceeds this threshold, `close_epoch()` is called - the reconfig state moves to `RejectUserCerts`. 2. **Reconfig state `RejectUserCerts`** - New certificates are rejected; pending ones must be processed by consensus. - The `pending_consensus_certificates` set must be drained; only then `EndOfEpoch` is sent to consensus. - When `2f+1` stake worth of `EndOfPublish` is collected, the reconfig state transitions to `RejectAllCerts`. 3. **Reconfig state `RejectAllCerts`** - New user and consensus certificates are rejected. - At this point, the exact set of transactions in the epoch is determined. - Only previously deferred transactions remain to be processed. - Once all deferred transactions have been processed, the state transitions to `RejectAllTx`. 4. **Reconfig state `RejectAllTx`** - The commit round is labeled as final. - The pending checkpoint is labeled as last in the epoch. - Epoch is finalized. </details> ### Certificate-less epoch boundary coordination The process to close the epoch in the certificate-less flow stays almost the same as with certificates. The **fundamental difference** is that, in the white flag flow, there are no certificates, so there is nothing to track in `pending_consensus_certificates`. We do not track `UserTransactionV1` because there is no pre-consensus "promise" (like there is with certificates) that the transaction will be executed by the end of the epoch. Thus, validators can send `EndOfPublish` immediately once the reconfig state is `RejectUserCerts`. This PR implements this as a PoC version. ### Summary of changes: - Behavior of `insert_pending_consensus_transactions`: - Keep tracking transactions that will be submitted to consensus in the persistent `pending_consensus_transactions` table, but track `pending_consensus_certificates` only if the white flag flow is disabled. - Behavior of `remove_pending_consensus_transactions`: - Keep removing processed-by-consensus transactions from the persistent `pending_consensus_transactions` table, but remove from `pending_consensus_certificates` only if the white flag flow is disabled. - Behavior of `revert_uncommitted_epoch_transactions`: - Revert uncommitted locally executed pending consensus certificates that were not included in the epoch only if the white flag flow is disabled. For the certificate-less mode, we revert nothing because owned-object transactions are not executed pre-consensus in this mode. - Condition to send `EndOfPublish`: - Send immediately once the reconfig state is `RejectUserCerts`. - The `is_user_tx` flag is explicitly set based on the white flag flow: a user transaction is `CertifiedTransaction` in certificate mode and `UserTransactionV1` in certificate-less mode. - Explicit handling of the `pending_consensus_certificates` set based on the `enable_white_flag_flow` protocol config feature flag wherever the set appears. - _This is done for clarity and optimization_: `pending_consensus_certificates` is always empty if `enable_white_flag_flow` is enabled, so we avoid minor overheads such as reading the empty set and counting elements in it. - `AuthorityPerEpochStore` is initialized with empty `pending_consensus_certificates` if the white flag flow is enabled - this avoids unnecessary iteration over `pending_consensus_transactions`. - Added the `num_rejected_tx_in_epoch_boundary` metric to be used in `submit_transaction_impl` to count the number of rejected user transactions. - New function `handle_scheduling_result` that simply gathers the code that handles `SchedulingResult`, so the function can be used for both `CertifiedTransaction` and `UserTransactionV1`. ### Multiple fixes not directly related to this PR: - Applied the same fix as in #10578, considering that `pending_consensus_certificates` is always empty in the white flag mode. - Fixed `load_and_process_deferred_transactions_for_randomness` to also match over white-flag transactions, which are also user transactions that might be deferred due to randomness unavailable; without this fix, the function would panic. - Fixed `load_initial_object_debts` to also account for white-flag user transactions; otherwise, object debts would not be loaded in the white-flag mode. - Fixed `await_consensus_or_checkpoint` to construct a list of transaction digests for the white-flag transactions as well; otherwise the list would be empty in the white-flag mode, leading to potential hanging or unnecessary re-submissions. ## Links to any relevant issues Closes #10376. ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [ ] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] I have checked that new and existing unit tests pass locally with my changes --------- Signed-off-by: Roman Overko <roman.overko@iota.org> Co-authored-by: Piotr Macek <4007944+piotrm50@users.noreply.github.com>
…tion wait-for-effects (#10814) # Description of change Changed `SubmitTransactionsResponse` to return `Vec<SubmitTransactionResult>` and `WaitForEffectsResponse` to return `Vec<WaitForEffectResponse>`, one entry per transaction. Both handlers process requests in parallel via `join_all` through dedicated single-item methods. Removed soft-bundle code as part of deprecation. ## Note PR #10810 was merged into this PR, it defines protobuf wrappers for validator wire format. ## Links to any relevant issues closes #10748, #10719 ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [ ] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes --------- Co-authored-by: Piotr Macek <4007944+piotrm50@users.noreply.github.com>
…datorPeer services, and conversion layer (#10924) Introduces `.proto` file definitions, build infrastructure, and a conversion layer for two new gRPC services in `iota-network`: - **`ValidatorV2`** (`iota.validator.v2`) — streaming-first transaction submission API replacing the request-response pattern. - **`ValidatorPeer`** (`iota.validator.peer`) — authenticated validator-to-validator service for read-only queries (initially `GetCheckpoint`) - Closes #10917 - Parent epic: #10747 - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes
…orize error retryability (#10813) # Description of change Fix two issues found during the validator error flow audit: - **Race condition in `dropped_tx_notify_read`:** Drop notifications fired before `wait_for_effects` registers were lost, causing 30s hangs instead of immediate rejection. The fix persists dropped transactions to a new `dropped_transactions` DB table and checks it after registration, mirroring the existing `notify_read_running_root` pattern. - **Uncategorized `IotaError` variants in `is_retryable()`:** `FailedToSubmitToConsensus` was incorrectly non-retryable (falling through catch-all). Signature errors, `TransactionExpired`, and aggregation errors now have explicit categorization, eliminating unnecessary WATCHOUT log noise. ## Links to any relevant issues Refs #10744, #10375 ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes Two new tests added in `authority_per_epoch_store_tests.rs`: - `test_notify_read_dropped_digests_returns_persisted_error` — verifies the race condition fix (late registration returns immediately from DB) - `test_notify_read_dropped_digests_waits_for_notification` — verifies the normal notification path still works
…ore authority_client and authority_server into per-service modules (#10954) Splits the monolithic authority_server.rs and authority_client.rs into module directories with separate files per gRPC service (validator, validator_peer, validator_v2). Shared infrastructure (server handle, metrics, traffic control, client struct, connection helpers) lives in mod.rs, while each service's trait impl gets its own file. closes #10945. - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [ ] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes
…tionV1 (#11097) # Description of change Adds a feature-flag check for `UserTransactionV1` in `validate_transactions()` (consensus block verification) to prevent consensus forks during the protocol upgrade window. Without this check, during the upgrade window when between f+1 and 2f+1 validators have upgraded code but the protocol version hasn't bumped yet, a malicious validator could craft a block containing `UserTransactionV1`. Upgraded validators would accept it (BCS deserializes fine), while non-upgraded validators would reject it (unknown BCS variant), causing a consensus fork. The fix mirrors the existing pattern used for `MisbehaviorReport`: - Check `enable_white_flag_flow()` before signature verification - Return `UnsupportedFeature` error when the flag is disabled Also extends the `validate_transactions_feature_gating` test with a properly signed `UserTransactionV1` variant, ensuring the test remains valid regardless of whether the feature flag is enabled on the current network. ## Links to any relevant issues Closes #11061 ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes
) # Description of change Implements the server-side ValidatorV2 gRPC service for the certificate-less (P-COOL) transaction flow. ### What's new - **`SubmitTx` RPC** — accepts up to 256 transactions, streams `TxStatusUpdate` per tx (Submitted, Executed, Rejected, Expired) - **`GetTxStatus` RPC** — queries finality status for previously submitted transactions with optional execution details - **`NotifyCapabilities` RPC** — accepts signed capability notifications from non-committee validators (moved from ValidatorPeer to the public ValidatorV2 service) - **Proto + conversions** — `validator_v2.proto` with full proto ↔ domain round-trip conversions - **Refactored authority server** — replaced `handle_with_decoration!` macro with typed `pre_handle`/`post_handle_unary`/`post_handle_stream` methods ### Key design decisions - White-flag-only flow: no certificate APIs referenced - Per-tx errors return `TxStatusUpdate::Rejected` (TODOs added for remaining `Err(Status)` inconsistencies) - Traffic weight is per-request not per-tx (TODO to scale with batch size) ## Links to any relevant issues Closes #10974. ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [x] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes
… and ValidatorPeer endpoints (#11150) ## Summary Implements `ValidatorV2API` and `ValidatorPeerAPI` client traits and migrates all white-flag-path callers from V1 endpoints to V2/Peer. The transaction driver now uses `submit_tx` and `get_tx_status` streaming RPCs instead of `handle_submit_transactions` and `handle_wait_for_effects`, with client IP forwarding preserved via gRPC metadata. V2 and Peer gRPC servers are registered alongside the existing V1 server. The V1 server handlers remain registered but are now dead code on the client side. The QuorumDriver (non-white-flag) path. Closes #11144 ## Test plan - [x] `cargo clippy` passes clean for iota-core, iota-network, iota-tool - [x] 19 proto conversion round-trip tests - [x] 54 iota-core tests (server_tests, transaction_tests, validator_tx_finalizer) - [x] 6 new client IP forwarding tests verifying `insert_metadata` -> `get_client_ip_addr` round-trip
…ints, types and tests (#11205) Remove the V1 white-flag endpoints, request/response types, proto service methods, and associated tests from the validator stack now that their V2 replacements are fully in place. - **V1 gRPC service methods** (`SubmitTransactionsV1`, `WaitForEffectsV1`, `ValidatorHealthV1`) from the `Validator` service definition in `iota-network/build.rs`. - **V1 server handlers** (`handle_submit_transactions_impl`, `handle_wait_for_effects_impl`, `handle_validator_health_impl`) and all supporting helper functions from `authority_server/validator.rs`. - **V1 client trait methods** (`handle_submit_transactions`, `handle_wait_for_effects`, `handle_validator_health`) from `AuthorityAPI` in `authority_client/validator.rs`, `safe_client.rs`, and `test_authority_clients.rs`. - **V1 domain types** (`SubmitTransactionsRequest`, `SubmitTransactionResult`, `WaitForEffectsRequest`, `WaitForEffectsResponse`, `ValidatorHealthRequest`, `ValidatorHealthResponse`, and all `Raw*` prost wrappers/conversions) from `iota-types/messages_grpc.rs` and `iota-network/convert/validator_v2.rs`. - **V1-specific error variant** (`FullNodeCantHandleSubmitTransactions`) from `iota-types/error.rs`. - **V1 server tests** (submit transactions, wait-for-effects, validator health, and ping tests) from `unit_tests/server_tests.rs`, replaced with V2 equivalents. - **V1 call sites** in `transaction_driver`, `transaction_orchestrator`, and `validator_tx_finalizer` migrated to use V2 APIs (`submit_tx`, `get_tx_status`, `health_check`). fixes #11204 - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [ ] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes
|
The latest updates on your projects. Learn more about Vercel for GitHub. 6 Skipped Deployments
|
…#11245) # Description of change PR #11150 switched the aggregator to call `notify_capabilities_v2` (ValidatorV2 endpoint) instead of the V1 `handle_capability_notification_v1`, but the test mock implementations in `test_authority_clients.rs` were left as `unimplemented!()`. This caused all `send_capability_notification_*` tests to panic. This PR implements `notify_capabilities_v2` in the two mock types exercised by those tests: - **`LocalAuthorityClient`** — mirrors its V1 logic: verifies authority capabilities via the epoch store and records them. - **`MockAuthorityApi`** — mirrors its V1 logic: respects the configurable delay and returns `handle_capability_notification_result`. ## Links to any relevant issues fixes #11244. ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [ ] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes
# Description of change In white-flag (certificate-less) mode, every `UserTransactionV1` completing in `RejectUserCerts` state triggered an `EndOfPublish` submission from `submit_and_wait_inner`, because `pending_consensus_certificates_count()` is always 0. This produced N duplicate `EndOfPublish` messages where N is the number of in-flight user transactions at epoch transition. The `submit_and_wait_inner` EndOfPublish logic exists for the certificate drain scenario — detecting when the last pending certificate completes. In white-flag mode there's nothing to drain, so `close_epoch` is the correct and sufficient sender. This change skips the EndOfPublish check in `submit_and_wait_inner` for white-flag mode entirely. The certificate-mode drain logic is preserved but annotated with a TODO for removal when the certificate flow is cleaned up. ## Links to any relevant issues Fixes #10925 ## How the change has been tested - [x] Basic tests (linting, compilation, formatting, unit/integration tests) - [x] Patch-specific tests (correctness, functionality coverage) - [ ] I have added tests that prove my fix is effective or that my feature works - [x] I have checked that new and existing unit tests pass locally with my changes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Umbrella PR tracking the certificate-less transaction flow (P-COOL) feature work. Draft — not intended to merge yet.
Scope
This branch aggregates multiple sub-PRs implementing the certificate-less flow architecture, including:
iota-coreauthority_client/server into per-service modules (refactor(iota-core, iota-e2e-tests, iota-tool): [P-COOL] split iota-core authority_client and authority_server into per-service modules #10954)Rename
The internal identifier rename (#10767) is tracked separately in #11240 to keep the feature branch's rebase surface small during active development. Will be applied before final merge.
Not ready for review
Feature is under active development. Sub-PRs land into this branch first; this PR is for visibility / CI only.