* switch from yarn to pnpm
* Remove full-nym-wasm (#6796)
* Remove nym-browser-extension (#6798)
* Remove nym-browser-extension
* remove unused from makefile
* Remove Node tester (#6800)
* Remove dom-utils (#6801)
* gh-actions: remove pnpm version
* nuke dist and pkg
* add missing dependency
* set node version to 24 and pnpm version to 11
* upgrade lock file from pnpm version 9 to 11
* pnpm add approved builds
* yarn -> pnpm
* upgrade jest version
* yarn -> pnpm
* Remove unused cfg; clippy!
* pnpm: when dev mode is on, unfreeze the lock file
* pnpm approve more scripts
* pnpm syntax error
* add `pnpm i`
* disable eslint temporarily while switching to biome in later PR
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
Co-authored-by: mfahampshire <maxhampshire@pm.me>
* Squashing the mix stress testing branch (#6575)
reduced chain watcher per block log severity
update network monitors contract semver to 1.0.0
fix build issues
fix mixnet client dropping initial packet on egress reconnection
adjusted logs for network monitor agent
changed default testing interval to 2h
refresh NM contract information
explicit return type for batch submission
for mixnet listener task to get scheduled before beginning connectivity test
make sure to always use canonical ip for network monitor noise keys
feat: NMv3: make agents decide egress port (#6746)
add config v12->v13 config migration for nym nodes
fix formatting in wallet types
simplified client config creation
remove other swagger redirect
removed swagger redirect on /swagger/ route
log version info on startup
add workflows, contract address, and dockerfile
bugfix: use correct endpoints when setting up orchestrator (#6733)
clippy
adjust DEFAULT_MIN_STRESS_TESTED_NODES ratio
expose route with new performance metrics
fixes and additional docs
use stress testing scores
stub for usage of stress testing scores
stub traits
added new fields to nym-api config controlling usage of stress test data
guard against duplicate packets
prevent usage of chain_authorisation_check_max_attempts with value of 0
make sure duplicate results cant be inserted into the db
submit test results from orchestrator on an interval
docs and fixes
nym-api side of handling result submission
stubs for submitting results
NM orchestrator verifying nym-api result submission permissions
NM orchestrator to update announced key on startup
allow NM orchestrator to announce its identity key to the contract
stubs within nym-api for accepting NMv3 results
added additional metrics
docs
bugfixes + making sure to only assign mixnode testruns
fixed node refresher to only retrieve mixnodes and add additional metrics
topology metrics
defined basic prometheus metrics
authorised endpoint for returning prometheus data
create initial stub for prometheus metrics
post rebasing fixes
adjusted routes
missing implementation for storage getters
a lot of new stubs and db accessors
stubs for results endpoints
update utoipa tags for agent rountes
shared auth between metrics and results
moved stale results eviction into the interval.tick branch
refactor and comments
create background process to evict stale data
include sphinx packet delay as part of the stats
fix mock construction
add median to the calculated latency distribution
remove unused imports
cleanup
performing testrun and submitting the results
assigning testruns to requesting agents
basic stub for http server for the NMv3 orchestrator
chore: rename existing 'NetworkMonitorAgent' to 'NodeStressTester'
make sure to use canonical ips within the noise config
fixed contract tests
cargo fmt
additional comments and unit tests
contract and nym-node support of NM agents being run on the same host
basic unit tests
refactoring
make agents retrieve mix port assignment from the orchestrator
provide sensible defaults to CLI arguments
stub the initial structure for the agent
chore: remove redundant import
missed tick behaviour
removed redundant mutex
removed redundant try_get_client
reuse existing constant for default nymnode port
add node refresher for periodic scraping of bonded nym-node details
- NodeRefresher periodically queries the mixnet contract for all bonded
nodes and probes each node's HTTP API for host information, sphinx keys,
noise keys, and key rotation IDs
- Extract NymNodeApiClientRetriever into nym-node-requests with port
probing, identity verification, and host information signature checking
- Add clone_query_client on NyxdClient so the refresher can hold its own
query client without locking the signing client
- Batch upsert for nym_node rows (single transaction instead of per-row)
- Reuse the new helpers in nym-api's node_describe_cache
ensure assignment of testrun begins an IMMEDIATE tx
construction of the orchestrator struct
initial set of cli args
make sure to not assign testable nodes too often
very initial database structure and cli
fixed construction of RoutableNetworkMonitors
remove redundant constructor for NoiseNode
forbid 0-nonsense config values
add type safety for test route construction
moved lioness and arrayref to workspace deps
fixed dockerfile build
always use canonical addresses in RoutableNetworkMonitors
fixed old contract formatting issues
removed redundant into() call
network monitor agent fixes
additional logs
config unit tests
more docs
standalone stress testing invocation
further refactoring and changes
refactor testing loop and return valid test result upon completion
initial sending/receiving test loop
generating reusable sphinx headers
additional structure for receiving ingress packets
initial scaffolding for NMv3 agent
added validation of x25519 noise key
removed unstable call to 'is_multiple_of'
remove calls to from_octets as they're unavailable in pre 1.91
additional docs/comments
propagating noise information about NM for mixnet routing
pass full socket address of the agent into the contract storage
feat: store noise keys alongside ip addresses within the contract
removed redundant comment
ensure NM packets can only go to NM
PR review comments
added additional docs
allow NM to replay packets + fix replay prometheus metrics
propagate information about nm agent to connection handler
updated nym-node config migration
feat: introduced nym-node websocket subscription for keeping updated list of NM agents
allow admin to also revoke monitor agents
remove agents upon orchestrator removal
fixed schema generation and regenerated the contract schema
removed rustc restriction on contracts-common
added client methods for interacting with the contract
added unit tests for contract methods
implemented logic of the network monitors contract
create initial structure for network monitors contract
start mix stress testing topic branch
* make nym-node default to the new blockstream rpc/ws node cluster
* reduced mixnet-client log severity
* set network monitors contract address for mainnet
* start node families topic branch
* start node families topic branch
* initialise node families contract
* define contract storage
* registering new family in storage
* accepting family invitation
* add_pending_invitation
* revoke_pending_invitation
* remove_family_member
* reject_pending_invitation
* disband_family
* added unit tests for the storage methods
* added restriction on uniquness of family names
* update rustc version for node families contract common
* clippy
* basic queries by id
* query_families_paged
* change family membership storage and expose query for all members of a family
* queries for pending invitations
* queries for past invitations
* queries for past data per node
* queries for past family members
* query_past_members_for_node_paged
* queries for family by name and by owner
* fixup family name normalisation
* fixed incorrect lower bound for queries for past data
* implement contract and storage initialisation
* stubbing tx messages that are to be exposed by the contract
* handler for updating config
* removed partial fee return
* wip: create family
* move mixnet contract interaction traits to shared location
* store original family name alongside the normalised variant
* prevent family creation if owner has a node in another family
* try_disband_family
* try_invite_to_family + shared helpers
* try_revoke_family_invitation
* accept_family_invitation
* stub method for node unbonding
* try_reject_family_invitation
* unit tests for family name normalisation
* try_leave_family
* try_kick_from_family
* fix outdated comments and add paid fee event attribute
* feat: NMv3: leave family upon node unbonding
* NF contract handling of unbonding
* lints
* init node families contract when creating performance contract tester
* clippy
* avoid self-dep in the contract dev deps
* introduced client traits for interacting with the node families contract
* add node families contract to cache refresher
* added query for all node family members (globally) and started scaffolding nym-api caches
* docs and cache -> api conversion
* calculating average node age based on individual timestamps
* wire up node families cache
* http stubs
* filled in the implementation
* route tests + extracting shared code
* review fixes
* feat: expose family information for all dvpn gateway endpoints within NS API
* expose family information for explorer v3 route
* clippy
* review comments and optimise db family update
* feat: Node Families: expose stake information inside DVpnGateway
* chore: update lock files after rebase
* chore: sort workspace members
* explicitly require providing node families contract address for mixnet contract migration
* fix missing node families contract address env export
* dont swallow cache overwrite failures in fixture
* pin network-defaults rustc version due to contracts dep
* further version pinning
* chore: update mixnet contract schema
* version fix
* try to publish core crates first
* bump version ci
* fix to yaml
* Slight modifications to ordering, remove core-crates and rely on ordering as test + sed tweak
* crates release: bump version to 1.21.0 (#6744)
Co-authored-by: Nym bot <nym-bot@users.noreply.github.com>
Co-authored-by: mfahampshire <maxhampshire@pm.me>
* Remove unnecessary verification step becase of dryrun (doubled)
* Revert some changes to develop
* Add preflight to its own workflow
* Clippy
* Update crate publishing file
* Clippy
---------
Co-authored-by: benedettadavico <benedettadavico@users.noreply.github.com>
Co-authored-by: mfahampshire <maxhampshire@pm.me>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Nym bot <nym-bot@users.noreply.github.com>
- Fix CI yarn lint after ESLint 9 switched to flat config by default while the repo still uses legacy .eslintrc / eslintConfig. Add Yarn resolutions for eslint@8.57.1 and a single @typescript-eslint@5.62.0 line so parser and typescript-estree stay in sync
The 1800s minimum TTL defeated CDN failover mechanisms (e.g. Fastly
publishes 30–60s A-record TTLs specifically to signal when edge nodes
are removed). Dead IPs were cached for up to 30 minutes with no
way for the client to recover without a restart.
- Drop DEFAULT_POSITIVE_LOOKUP_CACHE_TTL from 1800s to 60s so that
CDN-signalled failovers take effect within a minute
- Shuffle resolved IPs on each lookup so retries cycle through all
available edge nodes rather than hitting the same dead address
- Add invalidate_preresolve_entry / invalidate_preresolve_for API
for callers that want targeted per-host cache eviction on hard
connection failures
* Add mixtcp crate
Components:
- NymIprDevice: smoltcp::phy::Device impl using channel-based I/O
- NymIprBridge: async task bridging the device to IpMixStream
- create_device(): helper to set up the complete stack
* - Cleanup
- Add graceful shutdown
- Declutter logging - move a lot of bridge info! -> trace!
- Move rustls, nym-bin-common, bytes to dev-dependencies
- Extract TlsOverTcp to mod.rs
- Make timing more granular
- Update readme
* Add UDP example
* Add UDP example to readme
* rename mixtcp -> smolmix
* Add Tunnel API with TcpStream and UdpSocket over tokio-smoltcp
* Re-export Tunnel API and add init_logging convenience function
* Remove raw smoltcp path, flatten tunnel module
* Clean up bridge, device, and tunnel code
* Consolidate architecture docs, tidy examples and README
- Add src/ARCHITECTURE.md as single source of truth for architecture
- Include in docs.rs via doc = include_str!
- Strip duplicated diagrams from tunnel.rs, device.rs, README
- Extract tls_connector() helper in HTTPS example to match websocket example
- Use consistent 'smolmix' casing in README
* Update smolmix imports for ipr_wrapper API
- stream_wrapper::{IpMixStream, NetworkEnvironment} → ipr_wrapper::
- connect_tunnel() → check_connected()
- disconnect_stream() → disconnect()
- allocated_ips() returns &IpPair directly (no Option)
* Add Tunnel::new_with_ipr, re-export IpPair/Recipient, tidy examples
- Add Tunnel::new_with_ipr() for targeting a specific exit node
- Re-export IpPair and Recipient so users don't need direct deps
- Add DNS leak warning to WebSocket example
- Await hyper connection task in HTTPS example
* Restructure smolmix into multi-crate workspace
- Move core tunnel code to smolmix/core/- Rewrite examples for each crate with clearnet/mixnet comparisons
* Add workspace README with architecture overview
* Update nym-sdk README module descriptions
- Replace stale stream_wrapper description with ipr_wrapper + mixnet::stream
- Remove TODO comment
* Remove companion crates, scope to smolmix-core
* Comment out additional components on -core branch README.md
* Cargo.lock fix for compilation issue
* Downgrade accidentally bumped dependencies in Cargo lock + change
smolmix dependencies to import from workspace
* Fix workspace deps + move nym-bin-common to dev-deps
* PR review changes + fix Sink delegation
* Fix borked merge + update README.md
* Fix up stale docs + rewrite examples to use proper imports and timing
logs
* Update readmes + architecture file
* Impl Drop for BridgeShutdownHandle + update comment
* WIP
* NS agent calls probe as lib
* Clippy: ns agent
* Fix submit_v2 on API
* Adjust dockerfile, deployment details for the new flow
* Bump package versions
* PR feedback
* Fix CI
* Final version
* Replace MixnetStream with LP framing
- Replace custom header with LpFrameHeader
- Added sequence number for message ordering
* IPR: support LP Stream-framed client connections
- Detect and route LP Stream frames in mixnet_listener
- Wrap inline responses in LP Stream frames
- Thread stream_id to ConnectedClientHandler for TUN responses
* sdk: add ipr_wrapper module with IpMixStream
- IpMixStream wraps MixnetStream for IPR tunnel over mixnet
- LP Stream framing handled automatically by MixnetStream
- Gateway discovery, connect handshake, IP packet send/receive
* sdk: remove superseded stream_wrapper module
* Trim obvious comments, add architecture.md stub
* sdk: add missing deps and fix warnings
* Cut down architecture diagram until finished with rest of the code, leaving stubs
* sdk: refactor IpMixStream, extract shared helpers
- Extract gateway discovery and connect response parsing
- Add recv() to MixnetStream, remove 64KB read buffer
- Simplify IpMixStream constructor
* Fix SphinxStream renames missed during rebase
* Add IpPacketResponse::from_bytes() for stream-based deserialization
* Clean up ip_packet_client: delete stale connect.rs, take raw bytes not ReconstructedMessage
* Clippy
* Delete unused ip_packet_client modules
- Remove helpers.rs (ICMP utilities moved to example)
- Remove error.rs (errors consolidated into sdk/error.rs)
- Remove README.md
- Update module root to only export discovery + listener
* Simplify listener, IpMixStream, and network_env
- Collapse IprListener struct into standalone handle_ipr_response()
- Move check_ipr_message_version() into listener.rs
- Remove IpMixStream test module (moved to example)
- Remove parse_network() and commented-out Sandbox arms
- Return Result from find_workspace_root() instead of panicking
- Add IprTunnelDisconnected and WorkspaceRootNotFound error variants
* Refactor IPR stream handling and document seq conventions
- Inline stream_id tracking (remove current_stream_id field)
- Re-export encode_stream_frame from clients module
- Document seq=0 reservation for inline control responses
- Document data-path counter starting at 1 with skip-on-wrap
* Add ipr_tunnel example for integration testing
- ICMP ping through IPR with --gateway flag for targeting specific exits
- Move pnet_packet from dependencies to dev-dependencies
* Add message reordering to stream router
- Buffer out-of-order messages per-stream using BTreeMap
- Drain contiguous sequences individually to preserve message boundaries
- Drop duplicate/old sequence numbers with a warning
- Remove dead_code allow on StreamFrame::sequence_num
* Clean up comments and fill architecture.md
- Remove separator line comments
- Update stale comments about ordering not being implemented
- Remove collapsible_if allows, use let-else instead
- Fill in architecture.md data flow and connection lifecycle
* Simplify ipr_tunnel example to minimal smoke test
- Single ping instead of multi-ping loop
- Remove identifier and PING_COUNT
- Collapse ICMP helpers into single build_icmp_ping function
* Add dual-stack IPv6 ping and rename gateway → ipr
- Rename --gateway flag to --ipr and new_with_gateway() to new_with_ipr()
- Add ICMPv6 ping to ipr_tunnel example for dual-stack smoke test
- Tighten echo reply validation (protocol field check, diagnostic output)
- Document IP allocation (subnets, static vs dynamic, client keying) in architecture.md
- Promote LP Stream Open handshake log to INFO
* Tweak subnet comment in docs
* Don't stop IPR listener on decode failure
- Change break to continue so garbage packets can't kill the listener
- Remaining valid packets in the bundle are still processed
* Fix license headers and use workspace dep for pnet_packet
- Switch GPL-3.0 to Apache-2.0 on all SDK library files
- Add missing license headers to 7 files
- Use workspace version for pnet_packet dependency
* Document IP pool isolation from WG/LP dVPN pool
- IPR uses 10.0.0.0/16 on nymtun, WG uses 10.1.0.0/16 on nymwg
- Reference constants.rs as source of truth
* Remove network_env.rs and simplify IpMixStream API
- Default to mainnet via setup_env(None) instead of requiring env param
- Remove NetworkEnvironment enum and workspace root detection
- Remove WorkspaceRootNotFound error variant
- Update ipr_tunnel example to match new signatures
* Use weighted random selection for IPR gateway discovery
- Replace max_by_key with choose_weighted biased by performance score
- Prevents all clients converging on a single highest-performing IPR
* Cap stream reorder buffer to prevent unbounded memory growth
- Add MAX_REORDER_BUFFER (256) to limit per-stream pending messages:
- buffer overflows = skip ahead to lowest buffered seq and drain
- protects against malicious senders that deliberately skip sequence numbers
* Extract shared IPR response helpers into nym-ip-packet-requests
- Add response_helpers module with version check, connect response
parsing, and control response dispatch
- SDK ip_packet_client now delegates to shared module
- Monorepo nym-ip-packet-client uses shared version check and
connect response parsing
- Fix doc comment attributing fork to nym-vpn-client
* Extract ICMP test helpers into nym-ip-packet-requests
- Add icmp_utils module behind test-utils feature flag
- Move build_icmp_ping, build_icmpv6_ping, is_echo_reply_v4/v6 from
example
- Update ipr_tunnel example to use shared helpers
* Add protocol v9 LP-framed transport marker
- Add v9 module (re-exports v8, VERSION=9)
- Accept v9 requests and responses in IPR
- Switch SDK IpMixStream to send v9
* Log protocol version in dynamic connect requests
* Remove KCP from IPR and fix unwrap_or_default in SDK
- Remove all KCP session management from ip-packet-router (replaced by
LP Stream framing)
- Drop nym-kcp dependency and KcpError variant from IPR
- Replace unwrap_or_default with ok_or(Error::NoNymAPIUrl) in
IpMixStream::new()
* Add v9 protocol wrapper constructors and enforce version/transport
consistency
- Add v9::new_connect_request(), new_data_request(),
new_ip_packet_response() to centralise version stamping
- Replace manual protocol.version overrides in SDK and IPR with v9
wrapper calls
- Bump nym-ip-packet-client current re-export from v8 to v9
- Enforce LP Stream frames must carry v9+ payloads, non-stream must be
v8 or lower
* Filter IPR exit nodes by minimum v9-compatible release version
- Define MIN_RELEASE_VERSION (1.30.0) in ip-packet-requests/v9 alongside protocol constants
- Add semver-based filtering in SDK gateway discovery to skip nodes below v9 threshold
- Add semver dependency to ip-packet-requests and nym-sdk
* Use numeric version comparison for transport/version enforcement
- Compare version as u8 instead of enum equality so future v10+ is handled correctly
- Remove unused `use super::*` import left over from KCP test removal
* Add LpFrameKind::Stream variant with StreamFrameAttributes
- Define LP wire format for stream multiplexing
- Handle new variant in entry gateway match arm
* Replace MixnetStream with LP framing
- Replace custom header with LpFrameHeader
- Added sequence number for message ordering
* Revert accidental vergen bump
* Revert accidental bumps
* Rename Stream to SphinxStream and split match arms in client_handler
* Add LpFrameAttributes type alias for [u8; 14]