* - standardise versions for all nym-sdk workspace dependencies
- prepend sqlx-pool-guard with 'nym-'
* Test remove nym-api from deps
* Add oneliner to client_pool doc comments
* Add note to commented out docs.rs link in sdk
* remove nym-api from script
* add publishing file
* bring non-binary / contract / tools into workspace version
* added more info to publishing.md
* make deps workspace version
* remove uploaded sphinx-types crate from script
* remove erroueously included ignore-defaults
* add zeroise to feature
* chore: Release
* add topology to batch
* more cargo versioning
* more cargo versioning - wasm utils
* more cargo versioning - wasm utils
* Add publish=false to manifest for cargo workspaces / crates.io
publishing exclusion
* remove script now switched to manifest based exclusion
* rename import based on rename of contracts-common dep
* Making workspace versions for publication + removing unnecessary crates
from publication
* Remove OOD info from publishing sdk guide
* rename contract imports + remove package
* temp commit: continuing with removal of path from cargo manifest and
replacing with workspace version import for publication
* continuing with cargo.toml updates
* dryrun only erroring on known version problem crates
* remove old published-crates file
* Minor comment change
* remove default features warning
* Additional info on workspace dep comment re publish list
* Add missing description to cargo.toml
* Fix missing feature flags
* Add missing descriptions
* Fix remaining path import
* Add workspace repo / homepage / documentation links to cargo.toml files
* remove workspace version from excluded crate
* Remove todo descriptions
* Minor comment change
* add homepage etc
* move from bls git import to nym_bls_fork crate
* Modify rest of imports from path to workspace import, excluding binaries
* add directory/homepage info
* fix cargo fmt
* add notes to gitignore
* better solution to contracts/ experiment
* wasm -> nym_wasm crate renaming
* fix fatfinger
* add metadata to ecash cargo.toml
* stub publishing guide
* fix misrevolved netlink- version
* Fixes and block publication of rebase re: LP
* first pass @ workflows
* Add KKT cryptographic primitives
Post-quantum Key Encapsulation Mechanism (KEM) Key Transfer protocol.
Enables efficient distribution of post-quantum KEM public keys.
Squashed from georgio/noise-psq branch.
* Implement LP registration protocol with KKT/PSQ integration
Initial implementation of the Lewes Protocol (LP) for gateway registration:
- Add nym-lp crate with Noise protocol handshake
- Add LP listener to gateway for handling registrations
- Add LP client for registration flow
- Integrate KKT for post-quantum KEM key exchange
- Integrate PSQ for post-quantum PSK derivation
- Add Ed25519 authentication throughout
- Add docker/localnet support for testing
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* Add LP telescoping with nested sessions and subsession support
Extends LP protocol with telescoping architecture for nested sessions:
- Add nested session support with KKpsk0 rekeying
- Add subsession support with collision detection
- Implement unified packet format with outer header
- Refactor gateway handlers for single-packet forwarding
- Add TTL-based state cleanup for stale sessions
- Add outer AEAD encryption layer
- Refactor registration client for packet-per-connection model
* Add gateway-probe localnet mode with WireGuard tunnel support
Adds localnet testing mode to gateway-probe for LP development:
- Add TestMode enum for different probe configurations
- Add --gateway-ip flag for direct gateway testing
- Implement two-hop WireGuard tunnel for localnet
- Add mock ecash support for testing without real credentials
- Add netstack Go bindings for userspace networking
- Restructure probe with mode and common modules
- Update README with localnet mode documentation
* Increase KCP fragment limit from u8 to u16
- Change frg field from u8 to u16 in packet header (25 bytes total)
- Update encode/decode to use get_u16_le/put_u16_le
- Update Segment struct frg field to u16
- Remove truncating cast in session.rs
- Max message size now ~91MB (65,535 fragments × MTU)
- Internal protocol only, no interop concerns
Nym uses KCP for reliability and multiplexing, not standard real-time
use cases. The u8 limit (255 fragments, ~355KB) was insufficient.
Addresses: nym-yih9
* Zeroize Ed25519 key material in to_x25519 conversion
Wrap hash and x25519_bytes in zeroize::Zeroizing to ensure private
key material is cleared from memory after use.
Closes: nym-k55g
* Return Result from KCP session input() for error detection
Change KcpSession::input() to return Result<(), KcpError> so callers
can detect invalid packets instead of silently ignoring them.
- Add ConvMismatch error variant for conversation ID mismatches
- Update driver to propagate errors from session.input()
- Update all test and example callers
Closes: nym-n0kk
* Fix Zeroizing deref in ed25519 to_x25519 conversion
The from_bytes() function expects &[u8], need to deref the Zeroizing
wrapper to get the inner array.
* Add semaphore-based connection limiting for LP packet forwarding
Limits concurrent outbound connections when forwarding LP packets to
prevent file descriptor exhaustion under high load.
Key changes:
- Add max_concurrent_forwards config (default 1000)
- Add forward_semaphore to LpHandlerState
- Acquire semaphore permit before connecting in handle_forward_packet
- Return "Gateway at forward capacity" error when at limit
This provides load signaling so clients can choose another gateway
when the current one is overloaded.
Design note: Connection pooling was considered but provides minimal
benefit since telescope setup is one-time and targets are distributed
across many different gateways. See AIDEV-NOTE in LpHandlerState for
full analysis.
Closes: nym-xi3m
* Return error on session unavailable in handle_subsession_packet
Replace .session().ok() with proper error handling to fail fast when
session is Closed or Processing after state machine processing.
Previously, the code silently continued with outer_key = None, which
could cause protocol errors downstream.
Closes: nym-8de0
* Use explicit bincode Options helper in nested_session
Add bincode_options() helper that returns DefaultOptions with explicit
big_endian and varint_encoding configuration. This future-proofs against
bincode 1.x/2.x default changes and makes serialization format explicit.
Updated all 4 bincode usages in nested_session.rs to use the helper.
* Deduplicate outer_key lookup pattern in nested_session.rs
Extract common state_machine.session().ok().and_then(...) pattern into
two helper methods:
- get_send_key() for encryption (outer_aead_key_for_sending)
- get_recv_key() for decryption (outer_aead_key)
Updated 6 call sites to use the helpers, reducing verbosity.
* Add LpConfig struct and AIDEV-NOTE documentation for KKT+PSQ
- Create config.rs with LpConfig struct (kem_algorithm, psk_ttl, enable_kkt)
- Export LpConfig from lib.rs
- Add AIDEV-NOTE to psk.rs explaining:
- Why PSQ is embedded in Noise (single round-trip, PSK binding)
- KEM migration path (X25519 → MlKem768 → XWing)
- Add AIDEV-NOTE to state_machine.rs explaining protocol flow:
- KKTExchange → Handshaking → Transport state transitions
- PSK derivation formula (ECDH || PSQ || salt)
* Add forward_timeout to LP client config
Add forward_timeout (30s default) to LpConfig and wrap send_forward_packet's
connect_send_receive call with tokio::time::timeout, matching the pattern
used by register() with registration_timeout.
This prevents indefinite hangs when forwarding packets through entry gateway.
* Add negotiated_version field to LpSession
Add AtomicU8 field to store the protocol version from handshake packet
headers. Includes getter and setter methods for future version negotiation
and compatibility checks.
- negotiated_version() returns current version (defaults to 1)
- set_negotiated_version() allows setting during handshake
- Subsessions inherit version 1 (can be enhanced to inherit parent's)
* Change MessageType from u16 to u32
Breaking wire protocol change: MessageType field increased from 2 bytes
to 4 bytes in LP packets. This future-proofs the message type space and
aligns with other u32 fields.
Changes:
- message.rs: #[repr(u32)], from_u32(), to_u32()
- error.rs: InvalidMessageType(u32)
- codec.rs: All serialization/deserialization updated to 4-byte msg_type
- Cleartext parsing: inner_bytes[4..8], content at [8..]
- AEAD parsing: decrypted[4..8], content at [8..]
- Serialization: 4 bytes for message type
* Various smaller fixes
* Refactor LP to stream-oriented TCP processing
Gateway (handler.rs):
- Add bound_receiver_idx field for session-affine connections
- Convert handle() from single-packet to loop with EOF detection
- Add validate_or_set_binding() for receiver_idx validation
- Set binding in handle_client_hello after collision check
- Centralize emit_lifecycle_metrics in main loop only
- Add is_connection_closed() helper for graceful EOF
Client (client.rs):
- Add stream field for persistent TCP connection
- Add ensure_connected(), send_packet(), receive_packet(), close() methods
- Modify perform_handshake_inner() to use persistent stream
- Modify register_with_credential() to use persistent stream
- Modify send_forward_packet() to use persistent stream
- Keep connect_send_receive() for reference (marked dead_code)
This reduces handshake overhead from ~5 TCP connections to 1.
Drive-by: Fix log::info! -> info! in wireguard peer_controller.rs
* Add persistent exit stream for entry→exit forwarding
Entry gateway now maintains a persistent TCP connection to the exit
gateway per client session, reusing it for all forward requests from
that client. This reduces TCP handshake overhead significantly.
Key changes:
- Add exit_stream: Option<(TcpStream, SocketAddr)> to LpConnectionHandler
- Modify handle_forward_packet() to open on first forward, reuse after
- Clear exit_stream on connection errors (auto-reconnect on next forward)
- Semaphore only acquired for connection opens, not reuse (sequential access)
* Fix code review issues for stream-oriented LP
- Add 30s timeout to exit stream I/O operations (nym-df31)
Prevents handler from hanging on unresponsive exit gateway
- Return error on forward target address mismatch (nym-zegu)
Previously warned and proceeded, which could mask bugs
- Close client stream on handshake error paths (nym-scvm)
Prevents state machine inconsistency on timeout or failure
* Add LP registration idempotency and retry logic
Make LP registration resilient to network failures that could waste
credentials. When registration succeeds on the gateway but the response
is lost (e.g., network drop), clients can retry with the same WG key
and get the cached result instead of spending another credential.
Gateway-side:
- Add check_existing_registration() helper that looks up WG peer and
returns cached GatewayData if already registered
- Add idempotency check in process_registration() dVPN branch
- Only return cached response if bandwidth > 0 (ensures registration
was actually completed, not just peer created)
- Track idempotent registrations with lp_registration_dvpn_idempotent metric
Client-side:
- Add register_with_retry() to LpRegistrationClient that acquires
credential once and retries handshake+registration on failure
- Add handshake_and_register_with_retry() to NestedLpSession for
exit gateway registration via forwarding
- Add exponential backoff with jitter between retry attempts
- Verify outer session validity before nested session retry
Both retry methods clear state machine before retry to ensure fresh
handshake, and reuse the same credential across all attempts.
* Add no-mix-acks feature flag to nym-sphinx-framing
When enabled, mix nodes skip ack extraction and forwarding entirely.
The full payload (including ack portion) is returned as the message.
Closes: nym-3wrr
* Create nym-lp-speedtest crate scaffold
- Created tools/nym-lp-speedtest/ with Cargo.toml
- Added main.rs with CLI argument parsing
- Created stub modules: client.rs, speedtest.rs, topology.rs
- Added to workspace members
- Verified compilation with cargo check
* Implement topology fetching for nym-lp-speedtest
- Add topology.rs with NymTopology integration
- Fetch mix nodes and gateways from nym-api
- Build GatewayInfo with LP addresses (port 41264)
- Provide random_route_to_gateway() for Sphinx routing
- Add required Cargo.toml dependencies
* Implement LP+Sphinx+KCP client with SURB support
- Add send_data() and send_data_with_surbs() methods for mixnet data
- Integrate KCP reliable delivery with Sphinx packet construction
- Add x25519 encryption keypair for SURB reply mechanism
- Wire up main.rs to test LP handshake and data path
- Add NymRouteProvider support in topology for SURB construction
- Refactor send_data() to delegate to send_data_with_surbs(0) (DRY)
The client can now:
- Perform LP handshake with gateways
- Send data through the mixnet wrapped in KCP + Sphinx packets
- Attach SURBs for bidirectional communication
- Return encryption keys for decrypting replies
* Rename nym-lp-speedtest to nym-lp-client and fix KCP bug
- Rename crate from nym-lp-speedtest to nym-lp-client
- Fix KCP bug: add driver.update() call before fetch_outgoing()
Without update(), KCP never moves segments from snd_queue to snd_buf
- Update CLI name, about string, and user agent to match new name
* Add LP mixnet mode registration with nym address return
- Extend RegistrationMode::Mixnet to include client_ed25519_pubkey
and client_x25519_pubkey for nym address construction
- Add LpGatewayData struct containing gateway_identity and
gateway_sphinx_key for SURB reply routing
- Add lp_gateway_data field to LpRegistrationResponse for mixnet mode
- Implement success_mixnet() constructor for mixnet registrations
- Update gateway registration to insert clients into ActiveClientsStore
for SURB reply delivery, matching the websocket flow
* Implement LP data handler on UDP:51264
- Add LpDataHandler for UDP data plane (port 51264)
- Decrypt LP layer and forward Sphinx packets to mixnet
- Add outbound_mix_sender to LpHandlerState
- Integrate data handler spawn into LpListener::run()
- Add metrics for data packets received/forwarded/errors
Implements nym-yzzm
* Fix replay protection vulnerability in LP data handler
Use state machine process_input() instead of manual decryption to ensure
proper replay protection:
- Counter check against receiving window
- Counter marking after successful decryption
Also handle subsession actions gracefully (SendPacket ignored on UDP,
clients should use TCP control plane for rekeying).
Security fix for nym-yzzm implementation.
* feat(ipr): add KcpSessionManager for LP client KCP handling
- Add fetch_incoming() and recv() methods to KcpDriver for retrieving
reassembled messages
- Create KcpSessionManager in ip-packet-router that manages KCP sessions
keyed by conv_id (first 4 bytes of KCP packet header)
- Store ReplySurbs per session for sending anonymous replies
- Implement session timeout (5 min) and max sessions limit (10000)
- Add comprehensive tests for session lifecycle and KCP roundtrip
* feat(ipr): integrate KcpSessionManager into MixnetListener
- Add KcpSessionManager field to MixnetListener struct
- Add is_kcp_message() helper to detect KCP-wrapped payloads
- Add on_kcp_message() to process LP client KCP messages
- Refactor on_reconstructed_message() to route KCP vs regular IPR
- Add KCP tick timer (100ms) for session updates and cleanup
- Initialize KcpSessionManager in IpPacketRouter::run_service_provider()
KCP messages are detected by checking byte 4 for valid KCP commands
(81-84), which doesn't conflict with IPR protocol version bytes (6-8)
at position 0.
Closes: nym-96zl
* fix(ipr): prevent KCP detection false positives on IPR messages
Add secondary check in is_kcp_message() to exclude messages that match
IPR protocol header pattern (version 6-8 at byte 0, ServiceProviderType
0-2 at byte 1). This prevents false positives where IPR messages with
byte 4 in range 81-84 would be incorrectly routed to KCP processing.
Added 4 unit tests to validate the detection logic.
Closes: nym-6f3x
* fix(ipr): wrap KCP client responses in KCP before SURB reply
- Modify on_kcp_message to handle responses directly instead of returning them
- Add handle_kcp_response method that wraps response in KCP and sends via mixnet
- Ensures KCP clients receive KCP-wrapped responses for proper reassembly
Closes: nym-7oh2
* fix(ipr): send KCP protocol packets in tick instead of just logging
- Add get_sender_tag() and fetch_outgoing_for_conv() to KcpSessionManager
- Change handle_kcp_tick() to actually send ACKs/retransmissions via mixnet
- Reduce KCP tick interval from 100ms to 10ms for better responsiveness
This fixes the KCP reliability protocol which was broken because
protocol packets (ACKs, retransmissions) were generated but never sent.
* feat(lp-client): wrap payload in IpPacketRequest before KCP
- Add nym-ip-packet-requests and bytes dependencies
- Wrap payload in IpPacketRequest::new_data_request() before sending to KCP
- Add LP_DATA_PORT constant (51264) and lp_data_address field to GatewayInfo
This ensures IPR can properly parse incoming messages as DataRequest.
LP framing (wrapping Sphinx in LP before sending) is a separate task.
* feat(lp-client): add LP session management and UDP data plane support
- Add wrap_data() and session_id() to LpRegistrationClient for LP packet
creation after handshake
- Add init_lp_session() and close_lp_session() to SpeedtestClient for
managing LP sessions
- Extract prepare_sphinx_fragments() helper to reduce code duplication
between send_data_with_surbs() and send_data_via_lp()
- Add send_data_via_lp() for sending Sphinx packets through LP's UDP
data plane (port 51264)
The LP session is kept alive after TCP handshake closes, allowing
subsequent wrap_data() calls for UDP transmission without re-handshaking.
* random formatting
* replaced all instances of bincode::serialize and bincode::deserialize with explicit lp_bincode_serialiser() within the LP
* additional formatting
* removed source of possible panic from nym-kkt
invalid KEM mapping will now return an Err rather than panicking
* integration test for LP entry registration
This includes creation of mocks of various gateway-related components, such as the PeerController
* changed ClientHelloData serialisation
the old variant using bincode did not produce constant-length output in some cases
* Fixed generation of receiver index
removes the possible clash with the boostrap id
* Integration test for nested LP registration
- move `LpTransport` trait definition to shared `nym-lp-transport` crate
- make transport layer within `LpConnectionHandler` generic with respect to the forwarding target. it must, however, use the same type as the incoming client connection
- extracted explicit `LpConnectionHandler::establish_exit_stream` to more easily modify it in the future to fully protect the channel and disallow using untrusted egress points
- fix additional log-string interpolation nits
* resolved clippy issues pointed out by clippy 1.91
* added LP discovery into self-described endpoint:
- removed changes to the node bonding within the contract
- introduced '/api/v1/lewes-protocol' route within nym-node http api
- added 'lewes_protocol' field to 'NymNodeData' inside of NymNodeDescription
- refactored LpConfig to allow separate bind and announce addresses and used more strict typing
* chore: allow unwrap/expect within kkt benchmarking code
* chore: downgraded sha2 dep for cosmwasm compatibility
* clippy
* marking simd calls as unsafe
* fixed calls to '_mm_testz_si128'
* additional clippy fixes
---------
Co-authored-by: Georgio Nicolas <me@georgio.xyz>
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* added new dkg execute methods for ownership transfer and announce address update
* cherry-pick TestableNymContract for the dkg contract from #5091
* tests
* schema fixes
* removed old queued migrations
* squashing work on using cancellation in nym crates
making nym-task wasm compilable
removed sending of status messages
replaced TaskManager with ShutdownManager in the validator rewarder
additional helpers for ShutdownManager
simplified ShutdownToken by removing the name field
TaskClient => ShutdownToken within all client tasks
wip: remove TaskHandle
* track all long-living client tasks
* add task tracking for most top level tasks within nym-node
* improved default builder
* split up cancellation module
* module documentation and unit tests
* nym node fixes and naming consistency
* wasm fixes
* assert_eq => assert
* wasm fixes and made 'run_until_shutdown' take reference instead of ownership
* linux-specific fixes to IpPacketRouter
* post rebasing fixes for signing monitor
* add ShutdownManager constructor to build it from an external token
* applying PR review suggestions
* moved storage and deposits buffer to the common lib
* move more of the state into the shared lib
* extracted the rest of the features into the shared lib
* fixed test imports
* clippy
* define storage item for holding historical DKG state
* make all epoch storage operations go through proxy functions
* make each saving action also apply to the historical item
* removed usage of update_epoch function
* test correct save heights
* exposed query for the epoch state at specified height
* regenerated contract schema
* restored default cw-plus behaviour as in hindsight it makes more sense
* initialised basic structure for the performance contract
* shared code for contract testing
* unified common testing methods between performance and nym pool contracts
* impl of ExecuteMsg for the contract
* impl of QueryMsg for the contract
* setting initial authorised NMs during instantiation
* additional tests and fixes
* ibid
* scaffolding for client traits
* completed client traits
* clippy
* naive add performance contract to testnet manager
* placeholder values for the performance contract address
* introduced admin messages to purge old measurements from the storage
* introduced check ensuring performance data is only added to bonded nodes
* wip
* wip: wrap node's sphinx key with a manager
* wip: choosing correct key for packet processing
* further propagation of key rotation information
* attaching key rotation information to reply surbs
* added basic key rotation information to mixnet contract
* wip: introducing cached queries for key rotation info from nym api
* unified nym-api contract cache refreshing
* finish packet decoding
* multi api client + retrieving rotation id
* rotating sphinx key files
* logic for migrating config file
* wip: putting new sphinx keys to self described endpoints
* processing loop of KeyRotationController
* fixed sphinx key loading
* rotating bloomfilters
* wired up KeyRotationController
* flushing bloomfilters to disk and loading
* most of nym-node changes
* post rebase fixes
* fixes due to backwards compatible hostkeys
* split http state.rs file
* dont use deprecated fields
* fixed backwards compatible deserialisation of host information
* split up node describe cache
* added a dedicated CacheRefresher listener to perform full refresh outside the set interval
* controlling announced sphinx keys within nym-api
* retrieving rotation id when pulling topology
* split nym-nodes http handlers
* v2 nym-api endpoints to retrieve nodes with additional metadata information
* bug fixes...
* additional bugfixes and guards against stuck epoch
* testnet manager: set first nym-api as the rewarder
* fixed host information deserialisation
* fixed panic during first key rotation
* post rebase fixes
* clippy
* more guards against stuck epochs
* added helper method to reset node's sphinx key
* instantiate mixnet contract with custom key rotation validity
* additional bugfixes and debugging nym-api deadlock
* passing shutdown to nym apis client
* remove dead test
* post rebasing fixes
* missing MixnetQueryClient variants
* remove usage of deprecated methods in sdk example
* fix: incorrect method signature
* post rebasing fixes
* attempt to retrieve key rotation id before doing any config migration work
* ignore tests relying on networking behaviour
* allow networking failures in certain tests
* squashed nym-pool commits
initialised nym-pool contract and updated all bls12_381 to make it possible
create scaffolding for tests
ability to control the contract admin
introducing contract grants
grant type validation
basic grant operations + stubs for other messages
added queries
use transaction stubs
added expiration information to grant queries
setting initial grant state based on the current environment
allowance logic for attempting to spend part of a grant
implemented all remaining transactions
made public api for coin locking perform validation
tests for locked tokens storage
nympool storage tests
added messages for changing granter set
tests and fixes for sufficient tokens when inserting grants
tests for initial state + more bugfixes
queries tests
additional tests for transactions and fixes
post rebase fixes
updated contract dependencies
removed redundant wasm constructor
dont ask me why this suddenly became an issue - no clue
removed redundant wasm constructor
dont ask me why this suddenly became an issue - no clue
* missing schema + added nym_pool to the main Makefile
* updated contracts to cosmwasm2.2 and fixed build issues
* removed old coconut contract code + additional dkg fixes
* replace deprecated to_binary and from_binary functions
* mixnet contract tests compiling
some are failing due to incorrect addresses
* made other contract tests compile
* fixed remaining tests
* allow usage of manually dispatching contract replies
* nym-api test fixes
* removed old toolchain from contracts CI
* linter fixes
* regenerated contract schema
* fixed easy_addr
* further license fixes
* post rebase fixes + update to 2.2.2
* change ci runner
* minor CI adjustments
* change wallet CI to use node 20
* more CI changes...
* run cosmwasm-check against release contracts
* test ci changes
* wip...
* added config-score related parameters to the mixnet contract
* weaved in described_cache into NodeStatusCacheRefresher
* adding config score annotation
* using new updated performance for updating rewarded set
* using new values for rewarding
* clippy
* updated contract schema
* wallet fixes
* fixed wasm build
WIP; rebasing
Another branch squash
Squashing the v3 branch
changing min pledge amounts
logic for adding new nymnode into the contract
converting mixnode/gateway bonding into nym-node bonding
logic for migrating gateways into nymnodes
ibid for mixnodes
further nym-node work + fixed most existing unit tests
forbid nymnode migration with pending cost params changes
preassign nodeid for gateways
changing role assignment and epoch progression
changing role assignment and epoch progression
optional custom http port
logic for unbonding a nym-node
updating Delegation struct
logic for increasing pledge of either mixnode or nymnode
logic for decreasing pledge of either mixnode or a nym node
logic for changing cost params of either mixnode or a nym node
wip
initialise nymnodes storage
fixing transaction tests
fixed naive family tests
reward-compatibility related works
resolving delegation events
introduced rewarded set metadata
another iteration of restoring old tests
updated rewarding part of nym-api
parking the branch
unparking the branch
wip
purged families
added 'ExitGateway' role
passing explicit work factor for rewarding function
remove legacy layers storage
wip: node description queries
added announced ports to self-described api
step1 in gruelling journey of adding node_id to gateways
ensure epoch work never goes above 1.0
changed active set to contain role distribution
[theoretically] sending rewarding messages for the new rewarded set
[theoretically] assigning new rewarded set
reimplementing more nym-api features
remove legacy types
re-implement legacy network monitor
restoring further routes + minor refactor of NodeStatusCache
skimmed routes now return legacy nodes alongside nym-nodes
seemingly restored all functionalities in nym-api
removing more legacy things from the contract
initial contract cleanup
added nym-api endpoints to return generic annotations regardless of type
updated simulator to use new rewarding parameters
more contract cleanup
made existing mixnet contract tests compile
extra validation of nym-node bonding parameters
fixed additional compilation issues
fixed nym-api v3 database migration failure
added additional nym-node contract queries
updated the schema
made additional delegation/rewards queries compatible with both legacy mixnodes and nym-nodes
fixing existing unit tests in mixnet contract
wip
resolved first batch of 500 compiler errors
re-deprecating routes
making wallet's rust backend compile
fixed non-determinism in contract + nym-api build
fixes to the build
populating cotracts-cache with nym-nodes data
more missing nymnodes queries
temp mixnet contract methods + restored result submission in nym-api
allow deprecated routes
submitting correct results for mixnode results
removed deprecated re-export of AxumAppState and removed smurf naming
moved axum modules into support::http
cleaning up nym-api warnings
determine entry gateways before exits
exposed transaction to update nym-node config
missing memo for updating node config
new routes
added routes to swagger and fixed relative paths
fixed some macro derivations
added nym-node commands to nym-cli
add offline ecash library
minor changes in coconut benchmarks
add ecash smart contract
change contract traits from coconut to ecash
first wave of andrew's suggestion
first wave of andrew's suggestion
second wave of andrew's suggestion for ecash lib
andrew's suggestion for ecash contract
licensing commit
safety comments for most unwraps
more unwrap handling
change chrono crate for time
latest cargo lock
error revamp
small visibility fix
small fix
remove indexedmap from contract + some tweaks
add cw2 version in ecash contract
remove envryption key from contract
change types from coconut to ecash types
adapt api model for credential issuance
adapt issued credential storage on API
add signatures cache on API
change API routes for new blind signing
modify issued_credential table
add issuance logic client-side
credential and signature storage client side
utils for credential issuance
first wave of fix
some of andrew's suggestions
remove encryption key from deposit
freepass issuance client side
freepass issuance API side
andrew's suggested fixes
other suggested fix
adapt change from PR below
allow offline verification flag
credential spending models
credential spending models for client
credential preperation for the client
credential preperation for the client
credential storage for spending on client
bloom filter for API
spent credential storage on validators
API route for spending online and offline ecash
API routes in the client lib
credential storage on gateway
ecash verifier to replace coconut verifier
accept credentials on gateway
bandwidth expiration for gateways
client ask for more bandwidth if it runs out
credential import
adapt nym validator rewarder and sdk
fix tests api tests and add constants
cargo fmt and lock and small test fix
cargo fmt and lock and small test fix
cargo lock
move stuff where they belong in ecash and static parameters
move some constants, error handling and phase out time crate
error revamp part 2
secret key by ref instead of clone
change l in wallet and v visibility
rework payinfo
rework monster tuples
fix expiration date signature cloning
minor fixes
final bits and bobs fixes
final bits and bobs fixes
rename l accessor to tickets_spent
wave of fixes
second wave of fixes
change hash domain value
removed benchmark flag
remove useless stringification in storage
nuke Bandwidth voucher
change timestamps to offsetdatetime
key name change
post-rebase fixes
update nym-connect 'time' dep due to broken semver
upload ecash contract to the build server
make wasm zknym-lib compile
but it won't work properly just yet
make wasm zknym-lib compile
but it won't work properly just yet
fix typo in ecash contract deps
make sure to use 0.1.0 sphinx packet
optimise pairings in 'check_vk_pairing'
derive serde for ecash types
simplified g1 tuple byte conversion
further optimise the pairing
unified signature type + renamed nym-api coconut module to ecash
using bincode serialiser for more complex binary types
using multimiller loop instead of rayon for verifying coin indices signatures
batching signature verification wherever possible
feature-locked rayon
clippy
refactor ecash contract a bit + introduce deposit storage
reworked find_proposal_id
various minor fixed
add offline_zk_nyms to nym-node everywhere
add missing #query
change test value to fit new serialization
optimised deposits storage
removed duplicate decompression code
using deposit_id instead of transaction hash
removed freepasses
split up ecash handling
unified shared state
fixed deposit_id parsing
log recovered deposit id
removed online verification
add detailed build info to ecash contract
fixed deserialisation of deposit amount received from nyxd queries
changed deposit to only persist attached pubkey
first iteration of split of verification and redemption
basic tool for setting up new network
expanded the tool with the option to bypass DKG
rename + init network without DKG
setting up locally running apis
ecash key migration
more local functionalities
wip fixing sql schemas
gateway immediately submitting redemption proposal
and getting it passed if valid
most of the gateway logic for split redemption with error recovery
fixed gateway not persisting ecash signers
simplify creation of compatible client
create properly serialised ecash key from the beginning
rebuild missing tickets and proposals on startup
stop ticket issuance during DKG transition
fixing build issues
split out ecash storage on nym-api side
master-verification-key route
caching all the signatures and keys
implemented aggregated routes for nym-apis
swagger UI for ecash endpoints
added explicit annotation for index and expiration signatures
revamped client ticketbook storage
save all recovery information in the same underlying storage
wrapper for bloomfilter
being more aggressive with marking tickets as used
ensure client has correct signatures before making deposit
fix deserialisation of AggregatedExpirationDateSignatureResponse + add ticketbook table
split nym-api ecash routes handlers into multiple files
fixed deserialisation of encoded expiration date
add tt_gamma1 to challenge and change naming for paper consistency
rotating double spending bloomfilter
nym-api test fixes + make sure to insert initial BF params
fixed ecash benchmark code
updated contract schema
updated CI to not upload gateway/mixnode binaries
ticket bandwidth revocation
added default deserialisation for zk nym config
post-rebase fixes
* Squashing all the changes
initial router
started expanding the API
initial empty openapi/swagger
populated build-info endpoint
wip: populating rest of swagger
missing swagger data + using closure capture for immutable state
running the api as a proper task in gateway 'run'
fixing some version/feature clashes
refactored routes structures
initial host information endpoint
expanded on gateway-related endpoints
signing host information
moved all models to separate crate
unified http api client
routes unification + node api client
new generic cache and refresher
nym-api caching node self described information
removed old cache type
temporarily wired up NymContractCache to NodeDescriptionProvider
caching self reported host info
clients using self-described gateway information
fixed request timeouts for wasm
fixed wasm builds
post rebase fixes
cargo fmt
brought in wg routes into nym-node router
added ErrorResponse for wireguard routes
basic swagger support for wg endpoints
turns out swagger can be happy with strongly typed requests
output type support for wg routes
using concrete error type for nym node request error
fixed the registration test
landing page configurability
increased configurability
fixed build and lints of other crates
added default user-agent to http-api-client
reduced severity of gateway details lookup failure
changed default http port from 80 to 8080
nym-api using new default port for queries
added health endpoint
nym-api trying multiple ports for the client
using camelcase for node status
corrected health endpoint description
restored and revamped 'force_tls' flag to filter all gateways that support the wss protocol
fixed 'pub_key' path param in open api schema
derived Debug on 'NymNodeDescription'
ensuring valid public ips
added init and run flags to set hostname and public ips
fixed listening address being pushed to public ip
fixed the positional local flag
logging remote ip address of the request
updated helper function to query for described gateways
enabled tls in gateway client
removed hack-opts from mix fetch
additional changes after rebasing against origin/develop
* clippy
* wasm-related target locking
* more clippy, but this time in tests
* Feature/ephemera compile (#3437)
* Include ephemera node code in repo
* Upgrade deps
* Bump minor version of cosmwasm-std
* Include ephemera in nym-api dep and downgrade rusqlite
* Fix clippy and ephemera docs code
* More clippy on ephemera
---------
Co-authored-by: Andrus Salumets <andrus@nymtech.net>
* Start ephemera components in nym-api (#3475)
* Start ephemera components in nym-api
* Pass nyxd client and use common metric structures
* Swap url endpoint with contract for sending rewarding messages
* Fix build after rebase
* Perform ephemera rewards computation before normal nym-api ones
* Remove contract mock from ephemera
* Take raw rewards from network monitor
* Remove ephemera old reward version
* Use nym shutdown procedure in ephemera
* Temporary fix for some warnings
* Umock contract membership of ephemera (#3574)
* Pass nyxd client to members provider
* Basic ephemera contract
* Add register peer tx
* Add query all peers
* Nyxd ephemera client
* Add registration of ephemera peer
* Replace epoch http api with actual contract
* Merge ephemera config into nym-api config
* Load cluster from contract
* Guard nym-outfox out of cosmwasm builds (#3650)
* Feature/fixes while testing (#3668)
* Commit local peer before querying contract
* Default to anyonline
* Remove string from template
* Fix avg computing
* Use updated qa env
* Fix clippy
* Add unit tests for ephemera contract
* Upload ephemera contract in CI
* Add group check for peer signup
* Peer registration unit test
* Start ephemera only on monitoring
* Remove old MixnodeToReward struct
* Move all ephemera config to its file
* Skip with serde ephemera config
* Fix default value in args
* Feature/add ephemera flag (#3727)
* Replace unwrap with error handling
* Add ephemera enable flag
* Fix template
* Add json schema to ephemera contract (#3735)
* Update lock files
* Update changelog
---------
Co-authored-by: Andrus Salumets <andrus@nymtech.net>
* Validate nym address
* wip: check client_id match
* wip: now compiles
* Fix first set of tests
* Another set of fixed tests
* Fix rebase issues
* rustfmt
* register tests updated
* integration tests now working
* Remove commented out code and unused imports
* Tidy up
* Fix error
* Update schema
* Fix example
* Add assertion in test
* update nym-cli to be able to register names
* Remove left-over dbg