* wip
* batch processing of forward packets
* tmp: additional metrics for remote node
* fixed incorrect prometheus metric registration
* unified runtime metrics
* unify mixnet client metrics
* packet forwarding cleanup
* add batching for emptying the delay queue
* cleanup client io loop
* feat(nym-node): reap idle mixnet connections (ingress + egress)
Close mixnet connections that sit with no traffic past a configurable idle period (mixnet.debug.connection_idle_timeout, default 5min, 0 disables) to bound lingering tokio tasks/sockets.
Ingress handle_stream is read-only, so a silently-gone peer (NAT drop, crash without FIN, half-open) never triggers FIN/RST and the task would block on .next() forever; a new idle select arm closes it (the post-loop replay flush still runs, so nothing is stranded). Egress run_io_loop gets the symmetric arm keyed on last_send; on close EvictOnDrop clears the cache entry and the next packet transparently reconnects.
Adds a cumulative nym_node_network_idle_closed_ingress_mixnet_connections counter; egress reaping is observed via the existing active-egress gauge plus an exit_reason=idle_timeout log.
* downgrade sysinfo
* refactor(nym-node): split PacketForwarder into router + delay-queue tasks
Split the single PacketForwarder task into two concurrently-scheduled tasks connected by a bounded handoff channel, so intake and delayed-release no longer block each other.
PacketRouter (router.rs) is the intake task: sole consumer of the ingress channel, it applies the routing filter and either forwards zero/already-elapsed-delay packets directly or hands delayed ones to the delay task. Its per-packet work is sub-µs, so new packets no longer wait behind delayed-release processing (collapses the ForwarderQueue tail).
DelayForwarder (delay.rs) owns the NonExhaustiveDelayQueue exclusively (it can't be shared by reference). Its run loop services BOTH branches on every wakeup - draining pending inserts first to bring the queue current, then flushing everything now due - so the biased select can't let releases and inserts starve each other, and a freshly-arrived-but-already-due packet releases in the same pass (marginally improving DelayQueueOverrun).
The mixnet client is shared as Arc<C>; handoff-channel overflow is dropped as an egress drop rather than blocking, keeping intake decoupled from release.
* feat(nym-node): bound egress flush with a write timeout
Cap how long a single egress batch flush may block on a congested peer socket (mixnet.debug.connection_write_timeout, default 500ms, 0 disables), so a slow peer can no longer back this connection's egress queue up into the multi-second range - the root of the EgressQueue and SocketWrite tails.
A single timeout is treated as transient congestion: the un-fed tail of the batch is abandoned but the connection is retained. This is sound because NoiseStream::poll_write encrypts and buffers each frame synchronously, so a cancelled flush leaves the noise transport nonce-consistent and a later flush resumes the byte stream in order - so a momentary spike costs no re-handshake. Only MAX_CONSECUTIVE_WRITE_TIMEOUTS (3) timeouts in a row, i.e. a persistently congested peer, tears the connection down (it reconnects on the next packet); a successful flush resets the counter.
Buffer-size tuning (maximum_connection_buffer_size) deliberately left for live data.
* revert PacketForwarder split in favour of a single task that clears both channels on wake
* First sweep packages + some minor tweaking
* Second sweep
* Regenerate lockfile + package.json mods
* Regenerate lockfile again
* Fix CI
* Fix CI again
* All building properly
* unblock
* Tweak examples
* Comments + readme + fix rotten unit test
* First pass docs
* Big pass
* Massive pass on new docs
* Update integrations.md w mobile
* Partial overhaul review
* new playground + big pass
* new fix lychee err
* IPR notice tweak
- Account loading now dedupes in-flight requests per network instead of sharing one global promise across all networks.
- Regression tests cover same-network reuse and cross-network isolation.
- Transaction success is now checked through a shared helper that validates hash, gas usage, and response payloads, not hash presence alone.
- Node settings error helper renamed to match its broader scope.
- Balance refresh now owns the loading flag so nested balance and vesting fetches do not race each other.
- Unbond modal removes the non-null assertion on compounded rewards.
- Unbond totals no longer default malformed amounts to zero; a warning appears when exact totals cannot be calculated.
- Hostname updates no longer treat an empty transaction hash as success.
- Sign-in navigation is gated on successful account load with regression tests.
- Account loading is deduplicated so sign-in no longer fires two concurrent network switches.
- Main window boot relies on the network effect only; rust state init no longer double-loads the account.
- NYM price cache clears on sign-out.
- Wallet no longer forces fullscreen on launch - auth and main windows keep the same size and position when switching.
- Sign-in and balance loading feel smoother, with less layout jump on the home screen.
- Saving a node hostname shows the transaction fee upfront, warns when funds are low, and surfaces clear errors on failure.
- Operator unbond confirmation shows pledge plus compounded operator rewards (delegator stake stays separate).
- Add `historical_node_identity` to `DelegationWithEverything` and populate via `lookup_historical_node_identity` in `delegate.rs` so search works after unbond.
- `searchDelegations` searches `historical_node_identity` and guards null/empty `node_identity` with optional chaining.
- Acceptance tests: historical identity search, bonded-unbonding vs synthetic branch semantics, empty-identity search safety.
- Fix linting
- In `delegate.rs`, add `delegation_node_identity` and `delegation_mixnode_is_unbonding` so missing node details emit `unbonded:{mix_id}` with `mixnode_is_unbonding: true` instead of an empty `node_identity`.
- Add `delegationListVisibility.ts` (`shouldHideDelegationFromList`, `filterVisibleDelegations`, `searchDelegations`) and wire `DelegationList.tsx` to the shared helpers.
- Update `useSortDelegations.tsx` to pin fully unbonded delegations to the top via `isFullyUnbondedDelegation`.
- In `UndelegateModal.tsx`, display `Node unbonded (mix N)` instead of raw `unbonded:{mix_id}` on the confirm screen.
- Add jest tests
- Add Rust unit test
InviteToFamily previously rejected any second invitation for a (family, node)
pair with PendingInvitationAlreadyExists, even once the existing invitation had
expired and was left inert in the pending map. Now a still-valid invitation still
blocks a duplicate, but an expired one is archived under the new terminal status
FamilyInvitationStatus::Expired and superseded by the fresh invitation.
Regenerated the contract JSON schema and updated the openspec capability.
cosmwasm-crypto 2.2.2 targets ed25519-zebra 4.0.3 (default-features = false) and
uses its `batch` module, but the lockfile had resolved to 4.2.0, which gates
`batch` behind the `alloc` feature. That left cosmwasm-crypto - and therefore the
whole contracts workspace - failing to compile. Pin back to 4.0.3 so it builds.
* Keep peer in wg table when updating psk
* Fix unit test
* update handle_update_peer_psk_request
---------
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* First sweep packages + some minor tweaking
* Second sweep
* Regenerate lockfile + package.json mods
* Regenerate lockfile again
* Fix CI
* Fix CI again
* All building properly
* unblock
* Tweak examples
* Comments + readme + fix rotten unit test
request_ports_check_testrun skipped the lock_testrun_assignment() guard and
has_enough_ticketbooks() pre-check that request_testrun performs, so two
concurrent ports-check requests could race on ticket materials and a depleted
cache left the run InProgress until stale-refresh. Mirror the probe path.
Switch from runtime sqlx::query_scalar to the checked query_scalar! macro
(consistent with the rest of the file), returning i64 instead of an always-Some
Option and dropping the unwrap_or_default() at the call site. Regenerates the
.sqlx cache, adding the new query and pruning accumulated orphans.
The 20260415 migration cast last_probe_result::jsonb guarded only by a
btrim non-empty check, so any row with non-JSON text aborted the whole
migration. Add the same last_probe_result ~ '^[\[{]' guard the follow-up
20260519133000 migration uses, directly to both UPDATEs here.
* add additional information upon stress testing data submission failure
* split stress testing result submission into batches of maximum size
* enable 'float_roundtrip' serde_json feature to ensure consistent float serialisation
* fixed race condition in mixnet listener creation notification
* reduced log severity for retrieving self-described node information
* chore: bump up version number
add no-log to anywhere
add support for not registered nodes
...
address comments
remove unregistered nodes
testing port checks
add support for not registered nodes
...
address comments
test port check in probe results
migration update
probe arg fix
bump NS versions
cleanup and remove unannounced node option
bugsfixes
Remove in-prove
remove in-probe test, it isn't needed.
add multiple target host options
cleanup
change default target, and use batch only for portquiz
Revert "change default target, and use batch only for portquiz"
This reverts commit 8b38969964e7808b9c4e50a920ee5bc51438c7bf.
ded line
bugfixes
batch fix
batch limits
force ipv4
* release notes
* add operators info
* node version stubs
* bump scraped stats and add a thehosting warning url
* add new explorer feat point
* fix header character to fix linkchecker error
* fix header character to fix linkchecker error
* fix header character to fix linkchecker error
* syntax fix
* bump up node version
* ignore pnpm - in the right branch tihs time
---------
Co-authored-by: mfahampshire <maxhampshire@pm.me>
* switch from yarn to pnpm
* Remove full-nym-wasm (#6796)
* Remove nym-browser-extension (#6798)
* Remove nym-browser-extension
* remove unused from makefile
* Remove Node tester (#6800)
* Remove dom-utils (#6801)
* gh-actions: remove pnpm version
* nuke dist and pkg
* add missing dependency
* set node version to 24 and pnpm version to 11
* upgrade lock file from pnpm version 9 to 11
* pnpm add approved builds
* yarn -> pnpm
* upgrade jest version
* yarn -> pnpm
* Remove unused cfg; clippy!
* pnpm: when dev mode is on, unfreeze the lock file
* pnpm approve more scripts
* pnpm syntax error
* add `pnpm i`
* disable eslint temporarily while switching to biome in later PR
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
Co-authored-by: mfahampshire <maxhampshire@pm.me>
* added unit tests for MemoryEcachTicketbookManager
* bugfix: propagate socks5 proxy errors instead of panicking
* introduce guard against providing too short verification keyduring signature validation
* add checked overflow checks for icmp packet construction
* fix kcp loggin
* forbid construction of illegal sphninx fragments
* fix division by zero in packet statistics calculations
* experiment: add openspec details for node families contract
* add openspec for the ecash contract
* fix(ecash): correct latest_deposit off-by-one
DepositStorage::latest_deposit() returned the counter value, but the
counter holds the *next* free id (after next_id() saves counter+1). The
GetLatestDeposit handler then tried try_load_by_id(counter), which
always returned None — meaning the query yielded { deposit: None }
both on a fresh contract and after every successful deposit.
Fix: return counter.checked_sub(1) so latest_deposit() yields the most
recently assigned id (or None on a fresh contract). The
getting_latest_deposit unit test is updated to assert Some(0) and
Some(1) after one and two next_id() calls respectively.
No downstream consumer was relying on the buggy semantics
(validator-client exposes the query as a passthrough trait method that
nothing currently calls).
* experiment: add openspec details for ecash contract
Reverse-engineered openspec change `ecash-contract-spec` documenting
the existing CosmWasm contract at `contracts/ecash/`. Mirrors the
node-families workflow: docs-only deliverable, no migration, no
dependency changes. Archived as
openspec/changes/archive/2026-05-21-ecash-contract-spec/ and promoted
to openspec/specs/ecash-contract/spec.md as the canonical reference.
The spec captures 25 normative requirements with 64 scenarios covering
instantiation, migration, deposit submission (default + reduced tier),
RequestRedemption + redemption-proposal reply, legacy RedeemTickets
(dead code retained), stubbed blacklist surface, the ticketbook-size
invariant tripwire, the full query surface, and the public storage /
event / error surface.
Key documented points the source-of-truth phrasing pins down:
- The contract stores claimed ed25519 pubkeys opaquely; ownership is
enforced off-chain by nym-api signers via `validate_deposit`.
- Per-signer-local de-duplication via `state.already_issued`; no
on-chain "issued" state.
- Raw 32-byte deposit storage under the `"deposit"` namespace; deposit
ids are sequential `u32` starting at 0.
- Statistics invariant: default_count + sum(custom_count) = total.
- `cw_controllers::Admin` is used as a generic address-equality helper
for the `multisig` slot (the wrapper's full admin semantics are not
exercised on that slot).
- `RedeemTickets` is dead code retained on the public surface; flagged
as a candidate for removal.
Stubbed-blacklist final disposition is the only Open Question left for
the redesign change owner.
* docs(ecash): add rustdoc derived from archived ecash-contract spec
Drop short doc-comments on the ecash contract surface — handlers,
storage slots, message variants, error variants, event constants,
shared types — derived from the canonical spec at
openspec/specs/ecash-contract/spec.md (archived 2026-05-21).
Coverage:
- contracts/ecash/src/*.rs: crate-root summary, both DepositStorage
and DepositStatsStorage with their invariants called out, every
#[sv::msg(...)] handler in contract/mod.rs, reply id constants,
Config + invariants snapshot, migration entry point.
- common/cosmwasm-smart-contracts/ecash-contract/src/*.rs: every
ExecuteMsg / QueryMsg variant, every reachable EcashContractError
variant (with unreachable-but-preserved variants flagged), every
event constant, every response type, Deposit + DepositId.
Explicitly out of scope (separate concerns):
- Removing event_attributes::BANDWIDTH_PROPOSAL_ID (dead constant,
documented as such for now).
- Removing ExecuteMsg::RedeemTickets (dead handler, documented as such;
removal is a breaking-schema change).
- contracts/ecash/Cargo.toml version bump (docs-only).
No behaviour change; all 38 contract tests pass and cargo doc emits
no warnings on the touched crates.
* Squashing the mix stress testing branch (#6575)
reduced chain watcher per block log severity
update network monitors contract semver to 1.0.0
fix build issues
fix mixnet client dropping initial packet on egress reconnection
adjusted logs for network monitor agent
changed default testing interval to 2h
refresh NM contract information
explicit return type for batch submission
for mixnet listener task to get scheduled before beginning connectivity test
make sure to always use canonical ip for network monitor noise keys
feat: NMv3: make agents decide egress port (#6746)
add config v12->v13 config migration for nym nodes
fix formatting in wallet types
simplified client config creation
remove other swagger redirect
removed swagger redirect on /swagger/ route
log version info on startup
add workflows, contract address, and dockerfile
bugfix: use correct endpoints when setting up orchestrator (#6733)
clippy
adjust DEFAULT_MIN_STRESS_TESTED_NODES ratio
expose route with new performance metrics
fixes and additional docs
use stress testing scores
stub for usage of stress testing scores
stub traits
added new fields to nym-api config controlling usage of stress test data
guard against duplicate packets
prevent usage of chain_authorisation_check_max_attempts with value of 0
make sure duplicate results cant be inserted into the db
submit test results from orchestrator on an interval
docs and fixes
nym-api side of handling result submission
stubs for submitting results
NM orchestrator verifying nym-api result submission permissions
NM orchestrator to update announced key on startup
allow NM orchestrator to announce its identity key to the contract
stubs within nym-api for accepting NMv3 results
added additional metrics
docs
bugfixes + making sure to only assign mixnode testruns
fixed node refresher to only retrieve mixnodes and add additional metrics
topology metrics
defined basic prometheus metrics
authorised endpoint for returning prometheus data
create initial stub for prometheus metrics
post rebasing fixes
adjusted routes
missing implementation for storage getters
a lot of new stubs and db accessors
stubs for results endpoints
update utoipa tags for agent rountes
shared auth between metrics and results
moved stale results eviction into the interval.tick branch
refactor and comments
create background process to evict stale data
include sphinx packet delay as part of the stats
fix mock construction
add median to the calculated latency distribution
remove unused imports
cleanup
performing testrun and submitting the results
assigning testruns to requesting agents
basic stub for http server for the NMv3 orchestrator
chore: rename existing 'NetworkMonitorAgent' to 'NodeStressTester'
make sure to use canonical ips within the noise config
fixed contract tests
cargo fmt
additional comments and unit tests
contract and nym-node support of NM agents being run on the same host
basic unit tests
refactoring
make agents retrieve mix port assignment from the orchestrator
provide sensible defaults to CLI arguments
stub the initial structure for the agent
chore: remove redundant import
missed tick behaviour
removed redundant mutex
removed redundant try_get_client
reuse existing constant for default nymnode port
add node refresher for periodic scraping of bonded nym-node details
- NodeRefresher periodically queries the mixnet contract for all bonded
nodes and probes each node's HTTP API for host information, sphinx keys,
noise keys, and key rotation IDs
- Extract NymNodeApiClientRetriever into nym-node-requests with port
probing, identity verification, and host information signature checking
- Add clone_query_client on NyxdClient so the refresher can hold its own
query client without locking the signing client
- Batch upsert for nym_node rows (single transaction instead of per-row)
- Reuse the new helpers in nym-api's node_describe_cache
ensure assignment of testrun begins an IMMEDIATE tx
construction of the orchestrator struct
initial set of cli args
make sure to not assign testable nodes too often
very initial database structure and cli
fixed construction of RoutableNetworkMonitors
remove redundant constructor for NoiseNode
forbid 0-nonsense config values
add type safety for test route construction
moved lioness and arrayref to workspace deps
fixed dockerfile build
always use canonical addresses in RoutableNetworkMonitors
fixed old contract formatting issues
removed redundant into() call
network monitor agent fixes
additional logs
config unit tests
more docs
standalone stress testing invocation
further refactoring and changes
refactor testing loop and return valid test result upon completion
initial sending/receiving test loop
generating reusable sphinx headers
additional structure for receiving ingress packets
initial scaffolding for NMv3 agent
added validation of x25519 noise key
removed unstable call to 'is_multiple_of'
remove calls to from_octets as they're unavailable in pre 1.91
additional docs/comments
propagating noise information about NM for mixnet routing
pass full socket address of the agent into the contract storage
feat: store noise keys alongside ip addresses within the contract
removed redundant comment
ensure NM packets can only go to NM
PR review comments
added additional docs
allow NM to replay packets + fix replay prometheus metrics
propagate information about nm agent to connection handler
updated nym-node config migration
feat: introduced nym-node websocket subscription for keeping updated list of NM agents
allow admin to also revoke monitor agents
remove agents upon orchestrator removal
fixed schema generation and regenerated the contract schema
removed rustc restriction on contracts-common
added client methods for interacting with the contract
added unit tests for contract methods
implemented logic of the network monitors contract
create initial structure for network monitors contract
start mix stress testing topic branch
* make nym-node default to the new blockstream rpc/ws node cluster
* reduced mixnet-client log severity
* set network monitors contract address for mainnet
On Windows, the database can become corrupted if the client is killed
while it is running. This is fixed by ensuring the database file is
properly closed.
VerificationKeyAuth::to_bytes() and SecretKeyAuth::to_bytes() used
usize::to_le_bytes() to serialize vector lengths, producing 4 bytes on
32-bit and 8 bytes on 64-bit. Since from_bytes() always reads 8 bytes
(u64), this caused ZK proof challenge hash mismatches when a 32-bit
client's proof was verified by a 64-bit gateway, resulting in
"the provided ticket failed to get verified" on all 32-bit platforms.
* start node families topic branch
* start node families topic branch
* initialise node families contract
* define contract storage
* registering new family in storage
* accepting family invitation
* add_pending_invitation
* revoke_pending_invitation
* remove_family_member
* reject_pending_invitation
* disband_family
* added unit tests for the storage methods
* added restriction on uniquness of family names
* update rustc version for node families contract common
* clippy
* basic queries by id
* query_families_paged
* change family membership storage and expose query for all members of a family
* queries for pending invitations
* queries for past invitations
* queries for past data per node
* queries for past family members
* query_past_members_for_node_paged
* queries for family by name and by owner
* fixup family name normalisation
* fixed incorrect lower bound for queries for past data
* implement contract and storage initialisation
* stubbing tx messages that are to be exposed by the contract
* handler for updating config
* removed partial fee return
* wip: create family
* move mixnet contract interaction traits to shared location
* store original family name alongside the normalised variant
* prevent family creation if owner has a node in another family
* try_disband_family
* try_invite_to_family + shared helpers
* try_revoke_family_invitation
* accept_family_invitation
* stub method for node unbonding
* try_reject_family_invitation
* unit tests for family name normalisation
* try_leave_family
* try_kick_from_family
* fix outdated comments and add paid fee event attribute
* feat: NMv3: leave family upon node unbonding
* NF contract handling of unbonding
* lints
* init node families contract when creating performance contract tester
* clippy
* avoid self-dep in the contract dev deps
* introduced client traits for interacting with the node families contract
* add node families contract to cache refresher
* added query for all node family members (globally) and started scaffolding nym-api caches
* docs and cache -> api conversion
* calculating average node age based on individual timestamps
* wire up node families cache
* http stubs
* filled in the implementation
* route tests + extracting shared code
* review fixes
* feat: expose family information for all dvpn gateway endpoints within NS API
* expose family information for explorer v3 route
* clippy
* review comments and optimise db family update
* feat: Node Families: expose stake information inside DVpnGateway
* chore: update lock files after rebase
* chore: sort workspace members
* explicitly require providing node families contract address for mixnet contract migration
* fix missing node families contract address env export
* dont swallow cache overwrite failures in fixture
* pin network-defaults rustc version due to contracts dep
* further version pinning
* chore: update mixnet contract schema
* version fix
* try to publish core crates first
* bump version ci
* fix to yaml
* Slight modifications to ordering, remove core-crates and rely on ordering as test + sed tweak
* crates release: bump version to 1.21.0 (#6744)
Co-authored-by: Nym bot <nym-bot@users.noreply.github.com>
Co-authored-by: mfahampshire <maxhampshire@pm.me>
* Remove unnecessary verification step becase of dryrun (doubled)
* Revert some changes to develop
* Add preflight to its own workflow
* Clippy
* Update crate publishing file
* Clippy
---------
Co-authored-by: benedettadavico <benedettadavico@users.noreply.github.com>
Co-authored-by: mfahampshire <maxhampshire@pm.me>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Nym bot <nym-bot@users.noreply.github.com>
- Fix CI yarn lint after ESLint 9 switched to flat config by default while the repo still uses legacy .eslintrc / eslintConfig. Add Yarn resolutions for eslint@8.57.1 and a single @typescript-eslint@5.62.0 line so parser and typescript-estree stay in sync
- Fix CI yarn lint after ESLint 9 switched to flat config by default while the repo still uses legacy .eslintrc / eslintConfig. Add Yarn resolutions for eslint@8.57.1 and a single @typescript-eslint@5.62.0 line so parser and typescript-estree stay in sync
* network-tunnel-manager: make SSH port configurable
* Rename SSH_PORT to HOST_SSH_PORT.
* setup: plumb HOST_SSH_PORT through env and CLI
* setup-env-vars: persist HOST_SSH_PORT in env.sh
---------
Co-authored-by: p17o <p17o>
* Handle separate IPv4 and IPv6 uplink interfaces in network-tunnel-manager
* check_forward_chain() now checks IPv6 and is less brittle overall; missing IPv6 uplink detection now degrades to a loud warning plus partial IPv4-only setup rather than hard-failing early
* fix typos; fix UDP port 4443 being configured but not tested
---------
Co-authored-by: p17o <p17o>
Dependabot bumped eslint to ^9 across the lint-scoped TS packages but did
not migrate the legacy .eslintrc.* configs, breaking CI lint on develop.
Behavior preserved: yarn lint passes locally with the same effective rule
coverage as the pre-bump setup. Pre-existing warnings in nym-wallet and
mui-theme are unchanged. Orphan .eslintrc files in sdk/typescript outside
the lerna lint scope are left untouched.
The 1800s minimum TTL defeated CDN failover mechanisms (e.g. Fastly
publishes 30–60s A-record TTLs specifically to signal when edge nodes
are removed). Dead IPs were cached for up to 30 minutes with no
way for the client to recover without a restart.
- Drop DEFAULT_POSITIVE_LOOKUP_CACHE_TTL from 1800s to 60s so that
CDN-signalled failovers take effect within a minute
- Shuffle resolved IPs on each lookup so retries cycle through all
available edge nodes rather than hitting the same dead address
- Add invalidate_preresolve_entry / invalidate_preresolve_for API
for callers that want targeted per-host cache eviction on hard
connection failures
- Tauri was injecting nonces/hashes into style-src, which disables
'unsafe-inline' and blocked Emotion/MUI runtime <style> tags.
- Grant core:window:allow-maximize so frontend maximize() passes ACL.
- Add node-status and explorer helpers plus chart mappers; Jest coverage
- NodeOperatorInsights on BondedNymNode; optional API moniker/location
- Shared MUI Emotion cache (speedy: false) and CacheProvider wiring
- SendInputModal: amount/recipient validation timing; memoized fee check
- AuthLayout refresh; NodeTable overflow-x; Bonding error title typo fix
This rolls together desktop wallet hardening, UX polish, and operational fixes we have been carrying in the branch. The goal is safer defaults, less noisy background behaviour.
Security
- Tighten the Tauri CSP for production and keep connect-src aligned with real needs.
- Add a safe URL opener path (allowlisted schemes / validation) so user-influenced links do not become an open redirect surface.
- Replace unwrap usage in mixnet account flows with proper errors and propagation.
- Add an internal threat-model note so future changes keep the same assumptions explicit.
Clipboard and desktop
- Add a window-level Tauri clipboard hook for normal inputs, with clear exclusions for
currency fields, auth-sensitive paste, and opt-in replace-paste fields.
- Wire an Edit menu (cut, copy, paste, select all) where it helps, and keep behaviour
consistent with the hook.
- Deduplicate clipboard field props and satisfy ESLint on optional paste handlers.
Updater and vesting operations
- Treat legacy static updater JSON (missing per-platform signatures) as a soft failure with a clear warning, instead of erroring the version check IPC
- Cut vesting polling spam when the chain has no vesting account for the address, and map vesting "no account" to a dedicated BackendError for stable handling on the client.
- Move high-frequency vesting query logs to debug and keep removed-query stubs at warn.
Icons and first-run chrome
- Regenerate macOS/Windows icon assets from a padded 1024 master so dock and switcher visual weight matches other apps; add a small script to regenerate from app-icon-source.png.
- Default the app to dark mode, paint the HTML shell and webview background in the same dark base colour
Housekeeping
- Mock app context defaults to dark for consistency with the new baseline.
Validation run locally where relevant: Rust check, TypeScript check, ESLint, and icon
regeneration script smoke run.
- Remove storybook and old webdriver tests too
* Add mixtcp crate
Components:
- NymIprDevice: smoltcp::phy::Device impl using channel-based I/O
- NymIprBridge: async task bridging the device to IpMixStream
- create_device(): helper to set up the complete stack
* - Cleanup
- Add graceful shutdown
- Declutter logging - move a lot of bridge info! -> trace!
- Move rustls, nym-bin-common, bytes to dev-dependencies
- Extract TlsOverTcp to mod.rs
- Make timing more granular
- Update readme
* Add UDP example
* Add UDP example to readme
* rename mixtcp -> smolmix
* Add Tunnel API with TcpStream and UdpSocket over tokio-smoltcp
* Re-export Tunnel API and add init_logging convenience function
* Remove raw smoltcp path, flatten tunnel module
* Clean up bridge, device, and tunnel code
* Consolidate architecture docs, tidy examples and README
- Add src/ARCHITECTURE.md as single source of truth for architecture
- Include in docs.rs via doc = include_str!
- Strip duplicated diagrams from tunnel.rs, device.rs, README
- Extract tls_connector() helper in HTTPS example to match websocket example
- Use consistent 'smolmix' casing in README
* Update smolmix imports for ipr_wrapper API
- stream_wrapper::{IpMixStream, NetworkEnvironment} → ipr_wrapper::
- connect_tunnel() → check_connected()
- disconnect_stream() → disconnect()
- allocated_ips() returns &IpPair directly (no Option)
* Add Tunnel::new_with_ipr, re-export IpPair/Recipient, tidy examples
- Add Tunnel::new_with_ipr() for targeting a specific exit node
- Re-export IpPair and Recipient so users don't need direct deps
- Add DNS leak warning to WebSocket example
- Await hyper connection task in HTTPS example
* Restructure smolmix into multi-crate workspace
- Move core tunnel code to smolmix/core/- Rewrite examples for each crate with clearnet/mixnet comparisons
* Add workspace README with architecture overview
* Update nym-sdk README module descriptions
- Replace stale stream_wrapper description with ipr_wrapper + mixnet::stream
- Remove TODO comment
* Remove companion crates, scope to smolmix-core
* Comment out additional components on -core branch README.md
* Cargo.lock fix for compilation issue
* Downgrade accidentally bumped dependencies in Cargo lock + change
smolmix dependencies to import from workspace
* Fix workspace deps + move nym-bin-common to dev-deps
* PR review changes + fix Sink delegation
* Fix borked merge + update README.md
* Fix up stale docs + rewrite examples to use proper imports and timing
logs
* Update readmes + architecture file
* Impl Drop for BridgeShutdownHandle + update comment
* Improve SDK rustdoc and add ARCHITECTURE.md files
- Rewrite lib.rs module docs with quick-start example and module overview
- Add stream example and include_str! ARCHITECTURE.md to mixnet module
- Add ARCHITECTURE.md for mixnet, client_pool, and stream modules
- Add rustdoc to MixnetClientBuilder, MixnetClientSender, MixnetMessageSender
- Add cancel safety and drop behavior annotations to async methods
- Add TcpProxy deprecation notice pointing to stream module
* Fix rustdoc errors and add stepwise comments to remaining examples
Rustdoc fixes:
- Add missing .unwrap() on connect_new example
- Replace broken turbofish intra-doc link in MixnetClientBuilder
- Fix NymProxyServer::new args in tcp_proxy example
- Wrap BandwidthImporter example in scoped block to fix borrow-then-move
- Change misleading "5-hop routing" to "multi-hop routing"
- Fix copy-paste "forget me" in send_remember_me error message
- Fix wrong cargo run command in stream_simple_read_write
- Fix DecayWrapper description
* Cut down doc comment length
* Trimmed down SDK ARCHITECTURE files
* Slim Rust SDK docs and rename opener to dialer
- Merge tour page into SDK landing page, delete tour.mdx
- Trim all three tutorials: cut boilerplate, duplicated code, and misplaced content
- Make FFI page evergreen with Go and C++ snippets, link to repo examples
- Rename "opener" to "dialer" in stream docs, source ARCHITECTURE.md, and rustdoc
- Add reply-to-open arrow in stream mermaid diagram
- Replace remaining Unicode dashes in mermaid flowchart
* - elevate streams in rustdoc: examples on lib.rs, MixnetClient, open_stream, listener
- add stream quick reference to mixnet ARCHITECTURE.md
- add stream types to key types list in ARCHITECTURE.md
- add docs.rs links for AsyncRead/AsyncWrite and stream submodule
- tcp_proxy: replace bold deprecation with warning box
* - replace individual example doc pages with GitHub-linked tables
- add step-by-step inline comments to all SDK example source files
- add doc comments to examples missing them (simple, surb_reply, builder, etc.)
- expand mixnet tutorial with persistent identity and split_sender sections
- add tcpproxy tutorial
- rename "API Reference" to "TypeDoc Reference" in TS SDK sidebar
- rename "Misc" to "Extras" in developer sidebar, move VPN CLI up
- remove echo server from tools
- update message-queue callout to reference actual modules
- fix mixnet/examples redirect collision
* Add missing mut to example code
* Update ARCHITECTURE.md with LP Framing + stream examples with sequencing
* Update doc comment in utils.rs
* Standardise commenting style across Rust SDK examples
* Fix inline doc examples and trim re-export boilerplate
* Update sdk/rust/nym-sdk/examples/bandwidth.rs
Co-authored-by: Simon Wicky <simon@nymtech.net>
* Fix review comments
---------
Co-authored-by: Simon Wicky <simon@nymtech.net>
* Diatixisify!
* First pass at Typedoc generation for TS SDK
* Remove overview pages
* Fix typos and remove codebase references from docs
Fix typos across network and developer docs: Quorum, available,
cryptosystem, transaction, proportional, Standalone. Remove TODO
placeholder from dVPN protocol page. Strip GitHub source links
from network docs to decouple documentation from repo structure.
* Expand thin landing pages across network and developer docs
- Add intro content to network overview, infrastructure, and reference landing pages
- Expand developer index with "where to start" guide
- Add usage instructions and explanations to all five TS playground pages
- Expand WebSocket client page with setup and message format examples
* Restructure Rust SDK developer docs
- Delete redundant mixnet example, message-helpers, and message-types subpages
- Delete client-pool architecture and example subpages (content folded into landing)
- Delete tcpproxy troubleshooting (folded into landing page)
- Add deprecation notices to TcpProxy pages, pointing to Stream module
- Add stream module docs: landing page, architecture, tutorial, and 4 example pages
- Add mixnet and client-pool tutorials
- Add SDK tour page
- Update navigation and landing pages with docs.rs links
* Restructure TS SDK developer docs
- Merge overview, installation, and getting started into TS SDK landing page
- Fold FAQ content into bundling/troubleshooting section
- Delete redundant overview, installation, start, and FAQ pages
- Update internal links in browsers.mdx and native.mdx
- Update navigation and example page imports
* Flatten and expand APIs section
- Collapse nested API subpages into single pages with inline Redoc embeds
- Rewrite introduction as landing page with decision table
- Add endpoint categories, quick curl examples to each API page
- Mark Explorer API as deprecated
- Move NS API deployment guide to operators/performance-and-testing
- Fix dangling /apis/nym-api/mainnet link in network-components
- Remove sandbox endpoints from all API pages
* Add redirects for moved and deleted pages
- Add 25 redirects covering TS SDK, Rust SDK, APIs, and network sections
- Fix dangling /developers/typescript/start link in operators changelog
* Replace individual example doc pages with GitHub-linked tables, expand tutorials
- replace individual example doc pages with GitHub-linked tables
- expand mixnet tutorial with persistent identity and split_sender sections
- add tcpproxy tutorial
- rename "API Reference" to "TypeDoc Reference" in TS SDK sidebar
- rename "Misc" to "Extras" in developer sidebar, move VPN CLI up
- remove echo server from tools
- update message-queue callout to reference actual modules
- fix mixnet/examples redirect collision
* Add SEO frontmatter, validate encryption standards, clean up URLs
- add title/description/schemaType/section/lastUpdated frontmatter to 48
pages across developers, network, and APIs sections
- remove network/.archive/ directory (compare against develop instead)
- update nymtech.net → nym.com for website/blog links (keep infra URLs)
- add native proxy "in progress" callout for Rust/C/Go
* API-scraper update (#6598)
* read nodes and locations
* update python-prebuild.sh
* Address PR #6494 review feedback
- Use "mode" consistently instead of "role" on nym-nodes page
- Replace "staking" with "bonding" for NYM token collateral
- Wire up auto-scraped node counts via TimeNow + nodes-count.json
- Fix broken licensing images: download CC icons locally, replace inline HTML
- Fix 9 stale redirects pointing through deleted /network/architecture path
* Fix linkcheck errors
- Fix stale cross-links: /network/concepts/ → /network/mixnet-mode/
- Replace README.md references with globals.md in TypeDoc output
- Add entryFileName: globals to typedoc.json configs to prevent recurrence
* Fix remaining stale /network/architecture links
- zk-nym-overview: architecture/nyx#nym-api → /network/infrastructure/nyx#nym-api
- setup: network/architecture → /network/overview
* Remove accidentally re-included architecture.md file from rebase
* Standardize tutorials, document examples, add llms.txt, apply tone fixes
- Expand Rust SDK tutorials with step-by-step structure; document all SDK examples across mixnet, client-pool, and tcpproxy pages
- Add llms.txt generation script, wire into build and CI workflows
- Apply tone/style fixes: deduplicate callouts, vary sentence structure, standardize voice consistency across changed pages
* Consolidate redundant network overview docs
* Trim dev docs: git-first imports, stream notice, collapse TcpProxy
* Update tutorial
* Refresh auto-generated API and command outputs
* Update network section docs
* Update developer and API docs: reusable components, stream protocol, conventions, tutorial fixes
* Fix Rust SDK tutorial bugs: setup_env, port conflicts, logging,
open_stream race condition
* Update stream.mdx
* Remove docs.rs link from Stream overview for the moment
* add llms.txt and llms-full.txt note to readme
---------
Co-authored-by: import this <97586125+serinko@users.noreply.github.com>
* WIP
* NS agent calls probe as lib
* Clippy: ns agent
* Fix submit_v2 on API
* Adjust dockerfile, deployment details for the new flow
* Bump package versions
* PR feedback
* Fix CI
* Final version
* Replace MixnetStream with LP framing
- Replace custom header with LpFrameHeader
- Added sequence number for message ordering
* IPR: support LP Stream-framed client connections
- Detect and route LP Stream frames in mixnet_listener
- Wrap inline responses in LP Stream frames
- Thread stream_id to ConnectedClientHandler for TUN responses
* sdk: add ipr_wrapper module with IpMixStream
- IpMixStream wraps MixnetStream for IPR tunnel over mixnet
- LP Stream framing handled automatically by MixnetStream
- Gateway discovery, connect handshake, IP packet send/receive
* sdk: remove superseded stream_wrapper module
* Trim obvious comments, add architecture.md stub
* sdk: add missing deps and fix warnings
* Cut down architecture diagram until finished with rest of the code, leaving stubs
* sdk: refactor IpMixStream, extract shared helpers
- Extract gateway discovery and connect response parsing
- Add recv() to MixnetStream, remove 64KB read buffer
- Simplify IpMixStream constructor
* Fix SphinxStream renames missed during rebase
* Add IpPacketResponse::from_bytes() for stream-based deserialization
* Clean up ip_packet_client: delete stale connect.rs, take raw bytes not ReconstructedMessage
* Clippy
* Delete unused ip_packet_client modules
- Remove helpers.rs (ICMP utilities moved to example)
- Remove error.rs (errors consolidated into sdk/error.rs)
- Remove README.md
- Update module root to only export discovery + listener
* Simplify listener, IpMixStream, and network_env
- Collapse IprListener struct into standalone handle_ipr_response()
- Move check_ipr_message_version() into listener.rs
- Remove IpMixStream test module (moved to example)
- Remove parse_network() and commented-out Sandbox arms
- Return Result from find_workspace_root() instead of panicking
- Add IprTunnelDisconnected and WorkspaceRootNotFound error variants
* Refactor IPR stream handling and document seq conventions
- Inline stream_id tracking (remove current_stream_id field)
- Re-export encode_stream_frame from clients module
- Document seq=0 reservation for inline control responses
- Document data-path counter starting at 1 with skip-on-wrap
* Add ipr_tunnel example for integration testing
- ICMP ping through IPR with --gateway flag for targeting specific exits
- Move pnet_packet from dependencies to dev-dependencies
* Add message reordering to stream router
- Buffer out-of-order messages per-stream using BTreeMap
- Drain contiguous sequences individually to preserve message boundaries
- Drop duplicate/old sequence numbers with a warning
- Remove dead_code allow on StreamFrame::sequence_num
* Clean up comments and fill architecture.md
- Remove separator line comments
- Update stale comments about ordering not being implemented
- Remove collapsible_if allows, use let-else instead
- Fill in architecture.md data flow and connection lifecycle
* Simplify ipr_tunnel example to minimal smoke test
- Single ping instead of multi-ping loop
- Remove identifier and PING_COUNT
- Collapse ICMP helpers into single build_icmp_ping function
* Add dual-stack IPv6 ping and rename gateway → ipr
- Rename --gateway flag to --ipr and new_with_gateway() to new_with_ipr()
- Add ICMPv6 ping to ipr_tunnel example for dual-stack smoke test
- Tighten echo reply validation (protocol field check, diagnostic output)
- Document IP allocation (subnets, static vs dynamic, client keying) in architecture.md
- Promote LP Stream Open handshake log to INFO
* Tweak subnet comment in docs
* Don't stop IPR listener on decode failure
- Change break to continue so garbage packets can't kill the listener
- Remaining valid packets in the bundle are still processed
* Fix license headers and use workspace dep for pnet_packet
- Switch GPL-3.0 to Apache-2.0 on all SDK library files
- Add missing license headers to 7 files
- Use workspace version for pnet_packet dependency
* Document IP pool isolation from WG/LP dVPN pool
- IPR uses 10.0.0.0/16 on nymtun, WG uses 10.1.0.0/16 on nymwg
- Reference constants.rs as source of truth
* Remove network_env.rs and simplify IpMixStream API
- Default to mainnet via setup_env(None) instead of requiring env param
- Remove NetworkEnvironment enum and workspace root detection
- Remove WorkspaceRootNotFound error variant
- Update ipr_tunnel example to match new signatures
* Use weighted random selection for IPR gateway discovery
- Replace max_by_key with choose_weighted biased by performance score
- Prevents all clients converging on a single highest-performing IPR
* Cap stream reorder buffer to prevent unbounded memory growth
- Add MAX_REORDER_BUFFER (256) to limit per-stream pending messages:
- buffer overflows = skip ahead to lowest buffered seq and drain
- protects against malicious senders that deliberately skip sequence numbers
* Extract shared IPR response helpers into nym-ip-packet-requests
- Add response_helpers module with version check, connect response
parsing, and control response dispatch
- SDK ip_packet_client now delegates to shared module
- Monorepo nym-ip-packet-client uses shared version check and
connect response parsing
- Fix doc comment attributing fork to nym-vpn-client
* Extract ICMP test helpers into nym-ip-packet-requests
- Add icmp_utils module behind test-utils feature flag
- Move build_icmp_ping, build_icmpv6_ping, is_echo_reply_v4/v6 from
example
- Update ipr_tunnel example to use shared helpers
* Add protocol v9 LP-framed transport marker
- Add v9 module (re-exports v8, VERSION=9)
- Accept v9 requests and responses in IPR
- Switch SDK IpMixStream to send v9
* Log protocol version in dynamic connect requests
* Remove KCP from IPR and fix unwrap_or_default in SDK
- Remove all KCP session management from ip-packet-router (replaced by
LP Stream framing)
- Drop nym-kcp dependency and KcpError variant from IPR
- Replace unwrap_or_default with ok_or(Error::NoNymAPIUrl) in
IpMixStream::new()
* Add v9 protocol wrapper constructors and enforce version/transport
consistency
- Add v9::new_connect_request(), new_data_request(),
new_ip_packet_response() to centralise version stamping
- Replace manual protocol.version overrides in SDK and IPR with v9
wrapper calls
- Bump nym-ip-packet-client current re-export from v8 to v9
- Enforce LP Stream frames must carry v9+ payloads, non-stream must be
v8 or lower
* Filter IPR exit nodes by minimum v9-compatible release version
- Define MIN_RELEASE_VERSION (1.30.0) in ip-packet-requests/v9 alongside protocol constants
- Add semver-based filtering in SDK gateway discovery to skip nodes below v9 threshold
- Add semver dependency to ip-packet-requests and nym-sdk
* Use numeric version comparison for transport/version enforcement
- Compare version as u8 instead of enum equality so future v10+ is handled correctly
- Remove unused `use super::*` import left over from KCP test removal
* added reduced pricing handling logic
* admin methods for setting the whitelist of reduced price accounts
* updated client traits
* query to get all whitelisted accounts
* query for getting detailed deposit statistics
* fixes
* set initial whitelisted accounts in the migration
* stop transferring tokens to the holding account after redemption
* stop gateways from creating redemption multisig proposals
* make sure credential-proxy uses reduced deposits when available
* cargo fmt
* update deposit handler to allow EITHER default price or reduced price
this will allow non-breaking upgrades of NS and credential proxy
* removed use of unstable rust features
* rebuilt contract schema
* correct license timestamp
* Add LpFrameKind::Stream variant with StreamFrameAttributes
- Define LP wire format for stream multiplexing
- Handle new variant in entry gateway match arm
* Replace MixnetStream with LP framing
- Replace custom header with LpFrameHeader
- Added sequence number for message ordering
* Revert accidental vergen bump
* Revert accidental bumps
* Rename Stream to SphinxStream and split match arms in client_handler
* Add LpFrameAttributes type alias for [u8; 14]
* removed explicit storage_tx within MsgModule, TxModule and BlockModule impls
* created a NyxdWatcher that does not persist processed block info
* removed unused imports
* Remove AsyncRead/Write traits from native client - moving them to
stream/
* Substream model first push
* Update / add examples
* Update lockfile
* Clippy
* clippy examples
* remove codecs
* Remove unused bincode setup
* Revert a lot of changes when SDK client itself implemented
AsyncRead/Write
* Remove unnecessary mut
* Use local PollSender in MixnetStream instead of client_input.input_sender
Now that client-core's input_sender is back to mpsc::Sender (reverted
PollSender migration), MixnetStream creates its own PollSender wrapper
for the AsyncWrite impl's poll_ready/start_send calls.
* Remove now-unnecessary parameter
* Clippy
* Cleanup more stragglers from previous setup (Async traits on
MixnetClient)
* Rename files (remove module inception)
* - Shrink StreamId from 16 bytes to u64, add version byte to wire format
- Introduce MixStreamHeader/MixStreamFrame structs for decode
- Replace StreamMap type alias with struct using tokio::sync::Mutex
- Add StreamMap helper methods, eliminate lock().expect() panics
- Rename stream.rs -> mixnet_stream.rs to avoid module inception
- Document irrevocable stream mode, add LP integration TODO
* - Remove dummy channel
- Add err variant for reciever alredy taken
- Remove panics
* add timeout to stream
* clippy
* squashing localnet-v2 commits (again)
cargo fmt
fixes to localnet purge
provide path in the error message
output args
log failed exec
print based on tty
check-prerequisites cmd
checked iptables update
basic kernel features check
enable ipv6 rules
add forwarding rules
squashing localnet-v2 commits
additional changes
propagate custom-dns flag to all run containers
remove is_mock from EcashManager
another localnet squash
unused import
chore: remove redundant testnet manager
missing impl
additional linux fixes
command to rebuild container image
wait for at least 2 blocks
additional node startup fixes
added --custom-dns flag to nym node setup
add gateway probe + wait for DKG magic file
fixed localnet down on linux
container ls
re-enable state resync
additional feature locking
macos adjustments
working nyxd startup on linux
wip linux box
wip
separating network inspect betweewn macos and linux
initial linux feature locking
moved all container commands into a single location
finally working initial node performance
squashing orchestrator commits
cleanup
fixed condition for naive rearrangement
added cache of cosmwasm contracts for speed up on subsequent runs
'down' command
refreshing described cache after nodes are bonded
nym nodes setup + wip on nym api refresh
nodes setup WIP
first pass cleanup
placeholder for nym-node setup
bypassing the dkg
further progress on nym-api setup
wip: api setup
up/down/purge placeholders
persisting contract setup data
fix contract upload by forcing amd64 container platform
wip: contracts setup4
wip: contracts setup3
wip: contracts setup2
wip: contracts setup
include network setup
init and spawn nyxd
build nyxd image in dedicated orchestrator
build nyxd image
squashed cherry-picked lp changes
Bits and bobs to make everything work
Title
MacOS setup instructions
Docker/Container localnet
* clippy
* fixes on non-unix targets
---------
Co-authored-by: durch <durch@users.noreply.github.com>
* Additional ticket type for LP tests
* Remove hardcoded comments
* bump cargo version
* Nuke fallback edge case in the probe
* Cleanup unused code
* Bump API & agent versions
- agent bump required due to probe changes
strum iterator over an enum leaks the version needed to iterate over it,
which can cause problems to dependent crates that use a different strum
version.
While at it, bump the strum crates as well
* Tweak README ordering
* Linting
* Add sitemap generation + NEXT env var to CI
* Update domain for sitemap generation
* Inc. sitemap -0
* test remove lockfile
* fix borked name in package
* add redoc
* add framer
* Add pnpm-lock file
* Add sitemap to remote + ci workflow
* remove extra sitemap
* remove static files from remote for vercel
* add sitemap gen to next build step for vercel
* feat: introduce /v3/unstable/nym-nodes/semi-skimmed to aggregate LP information
nym-nodes will require this information to establish shared PSQ
* reorganised imports
* merging georgio/lp-psqv2-integration
* use authenicator on the responder's side
* nym-lp crate compiling
* moved the e2e test to nym-lp
* move key generation to peer
* moved principal generation
* update KKTResponder
* encapsulation key parsing
* Adding concrete types within KKT exchange
* initiator side of the full handshake
* responder side of the handshake and full e2e test
* fixed unit-tests within nym-kkt
* LpSession cleanup
* helpers for Transport
* revamp of the transport traits and initial work on client-side transport
* compiling nym-crypto
* 'working' client-entry dvpn reg
* Fix key conversion
* Slightly reduce use of rand08
* reverted back to libcrux repo refs
* intial telescoping reg
* removing dead code
* wip
* moved data encryption into the state machine
* restoring nym-lp tests
* update lp api model
* Add receiver index derivation
* Add receiver index derivation
* use derived receiver index
* feat: add kem key generation to nodes
* generate fresh x25519, mlkem768 and mceliece keys on config migration
* add lp peer config
* nym-node startup cleanup
* removed dependency on pre-rand09 from nym-lp
* re-expose LP information on the http API
* fixed tests compilation
* add peer config happy path tests
* formatting
* add more tests and fix bug
* better docs
* clippy and formatting issues
* return error on mceliece within NestedSession
* wasm fixes
* removed legacy nym-vpn-lib-wasm
* fixing wasm for real this time
* additional fixes
* add payload to kkt
* make clippy happy
* moved LP to nym-node crate
* cargo fmt
* integrate lpconfig payload
* fix response size trait impl
* Migrate receiver index
* Change receiver index to u32 and regorganize crates
* clippy
* hopefully final wasm fixes
* simple conversion method from semver to ciphersuite
* updated nym-node config template
* chore: remove duplicated code
---------
Co-authored-by: Georgio Nicolas <me@georgio.xyz>
* * Experiment with changing address mapping from canonical -> full URL as
string.
* Up MaxConns config.
* Bump webpack-cli version
* Modify internal-dev tester for concurrent testing
* Add logging + POST request to internal-dev/
* push lockfiles
* Remove RequestURL from RequestOptions struct for interface
* Bump versions + update lockfiles
- Moved OTel CLI options into a separate OtelArgs
- Otel is built behind the feature flag otel
- Store timing is in microseconds
- Restore comments to existing files
This includes:
- mixnet contract cache
- described nodes cache
- nodes annotations cache (performance)
those changes include taking some code developed for the purposes of #6277
* Improve HTTP use of connection pooling (#6375)
* add swap to system resolver instead of fallback (#6376)
* add header tracking outer host name used in stealth requests (#6389)
* Rotate urls on parse failure (#6383)
* Add shared settings for stealth policy across HTTP clients (#6388)
* Better controls for global interaction w/ static DNS (#6374)
* perform KKT/PSQ handshake outside of LPStateMachine
* initiator
* responder
* concurrent test
* remove KTT/PSQ from the LpStateMachine
* adjusted gateway's Handler to accomodate new changes
* filling in placehlders
* fixed imports in nym-kkt crate
* naming
* clippy and moved more placeholder tests
* split up the initiator side of the PSQ
* split up the responder side of the PSQ
* additional helpers
* addressing review comments
* additional tests and explicit Error message
* Revert "build(deps): bump time from 0.3.41 to 0.3.47 in /nym-wallet (#6433)"
This reverts commit fd47ebfad0.
* chore: revert #6433 due to rust version incompatibility
* squashing Lp/ip pool fixes#6412
removed unused imports
gateway probe fixes
PSK injection + test fixes
cleanup minus PSK injection
combine with lp reg
moved authenticator peer registration to centralised location
bugfix: ensure IpPool never allocates gateway ip
ip pool allocation tests
* review fixes
* test fixes
* Add conversion from gw_probe crate type
* Move code around
- split 1000+ LoC files into smaller ones
* Add socks5 field
- code improvements in gw_probe crate
* Fix docker build
- install go
- required as build dependency of gw probe
* Add logs to agent
* NS API: configure DB via env
* rebase fix
* socks5 score calc
* Cargo fmt
* use existing div_ceil
* Code improvements
* Bump NS API version
* Rename variables
* Bump API & agent version
* Try to fix CI
* Build only on linux
* Socks5 in GW probe
Bump NS agent version
Fix bugs
- force route construction
- use same entry = exit
Fix NS API version check workflow
PR feedback
More robust test attempts
CLI arg validation
Fix clippy
PR feedback
* Test provided endpoints in config at startup
Require one valid endpoint
* Bump agent to 1.1.0
* use x25519 noise key for ktt instead of deriving one from ed25519
* removed client's IpAddr from RegistrationClient constructor
* Adjusted the gateway probe to inject correct lp data
* remove redundant argument from nym-lp-client
* consistent naming for HashFunction variants
* use workspace dep import for nym-kkt-ciphersuite
* struct renaming
* removed x25519 key used within LP mixnet registration
* use Vec<u8> rather than BytesMut for LpAction::DeliverData
* introduced an explicit kind prefix for raw data sent and received within LP
* review nits
* announce KEM key hashes and use generated value within LpStateMachine
* added digest of remote KEM key into LpSession
* changed constructor to LpSession to take explicit key materials for local and remote
this makes it easier to change keys required by each party without having to change all the interfaces everywhere again
* extended the changes to LpStateMachine constructor
* modify the interface to LpRegistrationHandler and LpListener
* gateway probe fixes
* temp nym-lp-client fixes
* review nits
* remove network test
* introduced v2/nym-nodes/described endpoint for returning nodes description alongside LP data
* missed V1 -> V2 description replacements
* removed deprecated call within mix-fetch
* use old v1 call in network stats
* - standardise versions for all nym-sdk workspace dependencies
- prepend sqlx-pool-guard with 'nym-'
* Test remove nym-api from deps
* Add oneliner to client_pool doc comments
* Add note to commented out docs.rs link in sdk
* remove nym-api from script
* add publishing file
* bring non-binary / contract / tools into workspace version
* added more info to publishing.md
* make deps workspace version
* remove uploaded sphinx-types crate from script
* remove erroueously included ignore-defaults
* add zeroise to feature
* chore: Release
* add topology to batch
* more cargo versioning
* more cargo versioning - wasm utils
* more cargo versioning - wasm utils
* Add publish=false to manifest for cargo workspaces / crates.io
publishing exclusion
* remove script now switched to manifest based exclusion
* rename import based on rename of contracts-common dep
* Making workspace versions for publication + removing unnecessary crates
from publication
* Remove OOD info from publishing sdk guide
* rename contract imports + remove package
* temp commit: continuing with removal of path from cargo manifest and
replacing with workspace version import for publication
* continuing with cargo.toml updates
* dryrun only erroring on known version problem crates
* remove old published-crates file
* Minor comment change
* remove default features warning
* Additional info on workspace dep comment re publish list
* Add missing description to cargo.toml
* Fix missing feature flags
* Add missing descriptions
* Fix remaining path import
* Add workspace repo / homepage / documentation links to cargo.toml files
* remove workspace version from excluded crate
* Remove todo descriptions
* Minor comment change
* add homepage etc
* move from bls git import to nym_bls_fork crate
* Modify rest of imports from path to workspace import, excluding binaries
* add directory/homepage info
* fix cargo fmt
* add notes to gitignore
* better solution to contracts/ experiment
* wasm -> nym_wasm crate renaming
* fix fatfinger
* add metadata to ecash cargo.toml
* stub publishing guide
* fix misrevolved netlink- version
* Fixes and block publication of rebase re: LP
* first pass @ workflows
* removed dependency on nymsphinx::* key types and removed needless copies of ed25519 keys
* use more strongly types in ClientHelloData
* explicitly use provided client's x25519 from ClientHelloData
this requires adjusting LpSession constructor to take an additional key argument
* allow large LpInput enum
* clippy within tests
* removed redundant type aliases for x25519 keys
* Upgrade to def_guard_wireguard v0.8.0
* Update nix, netlink-packet-wireguard
* Adapt linux code for defguard_wireguard
* rustfmt
* Revert nix to 0.27.1
* clippy: fix
* fix from rebase
* Restore userspace imp on condition
* Add send+sync on boxed wgapi
* Use error to indicate when userspace/kernel imps are unavailable; userspace is not available on all platforms
* Remove duplicate import
---------
Co-authored-by: mfahampshire <maxhampshire@pm.me>
* standarise lp serialisation:
- stop using bincode within `LpMessage` in favour of predictable bytes concatenation
- use consistent encode/decode interface for every `LpMessage` inner variant
- hide usage of bincode within `LpRegistrationResponse` / `LpRegistrationResponse` behind `serialise` / `try_deserialise` interface
* reduced 'target_lp_address' len encoding space from u32 to u16
* Add KKT cryptographic primitives
Post-quantum Key Encapsulation Mechanism (KEM) Key Transfer protocol.
Enables efficient distribution of post-quantum KEM public keys.
Squashed from georgio/noise-psq branch.
* Implement LP registration protocol with KKT/PSQ integration
Initial implementation of the Lewes Protocol (LP) for gateway registration:
- Add nym-lp crate with Noise protocol handshake
- Add LP listener to gateway for handling registrations
- Add LP client for registration flow
- Integrate KKT for post-quantum KEM key exchange
- Integrate PSQ for post-quantum PSK derivation
- Add Ed25519 authentication throughout
- Add docker/localnet support for testing
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* Add LP telescoping with nested sessions and subsession support
Extends LP protocol with telescoping architecture for nested sessions:
- Add nested session support with KKpsk0 rekeying
- Add subsession support with collision detection
- Implement unified packet format with outer header
- Refactor gateway handlers for single-packet forwarding
- Add TTL-based state cleanup for stale sessions
- Add outer AEAD encryption layer
- Refactor registration client for packet-per-connection model
* Add gateway-probe localnet mode with WireGuard tunnel support
Adds localnet testing mode to gateway-probe for LP development:
- Add TestMode enum for different probe configurations
- Add --gateway-ip flag for direct gateway testing
- Implement two-hop WireGuard tunnel for localnet
- Add mock ecash support for testing without real credentials
- Add netstack Go bindings for userspace networking
- Restructure probe with mode and common modules
- Update README with localnet mode documentation
* Increase KCP fragment limit from u8 to u16
- Change frg field from u8 to u16 in packet header (25 bytes total)
- Update encode/decode to use get_u16_le/put_u16_le
- Update Segment struct frg field to u16
- Remove truncating cast in session.rs
- Max message size now ~91MB (65,535 fragments × MTU)
- Internal protocol only, no interop concerns
Nym uses KCP for reliability and multiplexing, not standard real-time
use cases. The u8 limit (255 fragments, ~355KB) was insufficient.
Addresses: nym-yih9
* Zeroize Ed25519 key material in to_x25519 conversion
Wrap hash and x25519_bytes in zeroize::Zeroizing to ensure private
key material is cleared from memory after use.
Closes: nym-k55g
* Return Result from KCP session input() for error detection
Change KcpSession::input() to return Result<(), KcpError> so callers
can detect invalid packets instead of silently ignoring them.
- Add ConvMismatch error variant for conversation ID mismatches
- Update driver to propagate errors from session.input()
- Update all test and example callers
Closes: nym-n0kk
* Fix Zeroizing deref in ed25519 to_x25519 conversion
The from_bytes() function expects &[u8], need to deref the Zeroizing
wrapper to get the inner array.
* Add semaphore-based connection limiting for LP packet forwarding
Limits concurrent outbound connections when forwarding LP packets to
prevent file descriptor exhaustion under high load.
Key changes:
- Add max_concurrent_forwards config (default 1000)
- Add forward_semaphore to LpHandlerState
- Acquire semaphore permit before connecting in handle_forward_packet
- Return "Gateway at forward capacity" error when at limit
This provides load signaling so clients can choose another gateway
when the current one is overloaded.
Design note: Connection pooling was considered but provides minimal
benefit since telescope setup is one-time and targets are distributed
across many different gateways. See AIDEV-NOTE in LpHandlerState for
full analysis.
Closes: nym-xi3m
* Return error on session unavailable in handle_subsession_packet
Replace .session().ok() with proper error handling to fail fast when
session is Closed or Processing after state machine processing.
Previously, the code silently continued with outer_key = None, which
could cause protocol errors downstream.
Closes: nym-8de0
* Use explicit bincode Options helper in nested_session
Add bincode_options() helper that returns DefaultOptions with explicit
big_endian and varint_encoding configuration. This future-proofs against
bincode 1.x/2.x default changes and makes serialization format explicit.
Updated all 4 bincode usages in nested_session.rs to use the helper.
* Deduplicate outer_key lookup pattern in nested_session.rs
Extract common state_machine.session().ok().and_then(...) pattern into
two helper methods:
- get_send_key() for encryption (outer_aead_key_for_sending)
- get_recv_key() for decryption (outer_aead_key)
Updated 6 call sites to use the helpers, reducing verbosity.
* Add LpConfig struct and AIDEV-NOTE documentation for KKT+PSQ
- Create config.rs with LpConfig struct (kem_algorithm, psk_ttl, enable_kkt)
- Export LpConfig from lib.rs
- Add AIDEV-NOTE to psk.rs explaining:
- Why PSQ is embedded in Noise (single round-trip, PSK binding)
- KEM migration path (X25519 → MlKem768 → XWing)
- Add AIDEV-NOTE to state_machine.rs explaining protocol flow:
- KKTExchange → Handshaking → Transport state transitions
- PSK derivation formula (ECDH || PSQ || salt)
* Add forward_timeout to LP client config
Add forward_timeout (30s default) to LpConfig and wrap send_forward_packet's
connect_send_receive call with tokio::time::timeout, matching the pattern
used by register() with registration_timeout.
This prevents indefinite hangs when forwarding packets through entry gateway.
* Add negotiated_version field to LpSession
Add AtomicU8 field to store the protocol version from handshake packet
headers. Includes getter and setter methods for future version negotiation
and compatibility checks.
- negotiated_version() returns current version (defaults to 1)
- set_negotiated_version() allows setting during handshake
- Subsessions inherit version 1 (can be enhanced to inherit parent's)
* Change MessageType from u16 to u32
Breaking wire protocol change: MessageType field increased from 2 bytes
to 4 bytes in LP packets. This future-proofs the message type space and
aligns with other u32 fields.
Changes:
- message.rs: #[repr(u32)], from_u32(), to_u32()
- error.rs: InvalidMessageType(u32)
- codec.rs: All serialization/deserialization updated to 4-byte msg_type
- Cleartext parsing: inner_bytes[4..8], content at [8..]
- AEAD parsing: decrypted[4..8], content at [8..]
- Serialization: 4 bytes for message type
* Various smaller fixes
* Refactor LP to stream-oriented TCP processing
Gateway (handler.rs):
- Add bound_receiver_idx field for session-affine connections
- Convert handle() from single-packet to loop with EOF detection
- Add validate_or_set_binding() for receiver_idx validation
- Set binding in handle_client_hello after collision check
- Centralize emit_lifecycle_metrics in main loop only
- Add is_connection_closed() helper for graceful EOF
Client (client.rs):
- Add stream field for persistent TCP connection
- Add ensure_connected(), send_packet(), receive_packet(), close() methods
- Modify perform_handshake_inner() to use persistent stream
- Modify register_with_credential() to use persistent stream
- Modify send_forward_packet() to use persistent stream
- Keep connect_send_receive() for reference (marked dead_code)
This reduces handshake overhead from ~5 TCP connections to 1.
Drive-by: Fix log::info! -> info! in wireguard peer_controller.rs
* Add persistent exit stream for entry→exit forwarding
Entry gateway now maintains a persistent TCP connection to the exit
gateway per client session, reusing it for all forward requests from
that client. This reduces TCP handshake overhead significantly.
Key changes:
- Add exit_stream: Option<(TcpStream, SocketAddr)> to LpConnectionHandler
- Modify handle_forward_packet() to open on first forward, reuse after
- Clear exit_stream on connection errors (auto-reconnect on next forward)
- Semaphore only acquired for connection opens, not reuse (sequential access)
* Fix code review issues for stream-oriented LP
- Add 30s timeout to exit stream I/O operations (nym-df31)
Prevents handler from hanging on unresponsive exit gateway
- Return error on forward target address mismatch (nym-zegu)
Previously warned and proceeded, which could mask bugs
- Close client stream on handshake error paths (nym-scvm)
Prevents state machine inconsistency on timeout or failure
* Add LP registration idempotency and retry logic
Make LP registration resilient to network failures that could waste
credentials. When registration succeeds on the gateway but the response
is lost (e.g., network drop), clients can retry with the same WG key
and get the cached result instead of spending another credential.
Gateway-side:
- Add check_existing_registration() helper that looks up WG peer and
returns cached GatewayData if already registered
- Add idempotency check in process_registration() dVPN branch
- Only return cached response if bandwidth > 0 (ensures registration
was actually completed, not just peer created)
- Track idempotent registrations with lp_registration_dvpn_idempotent metric
Client-side:
- Add register_with_retry() to LpRegistrationClient that acquires
credential once and retries handshake+registration on failure
- Add handshake_and_register_with_retry() to NestedLpSession for
exit gateway registration via forwarding
- Add exponential backoff with jitter between retry attempts
- Verify outer session validity before nested session retry
Both retry methods clear state machine before retry to ensure fresh
handshake, and reuse the same credential across all attempts.
* Add no-mix-acks feature flag to nym-sphinx-framing
When enabled, mix nodes skip ack extraction and forwarding entirely.
The full payload (including ack portion) is returned as the message.
Closes: nym-3wrr
* Create nym-lp-speedtest crate scaffold
- Created tools/nym-lp-speedtest/ with Cargo.toml
- Added main.rs with CLI argument parsing
- Created stub modules: client.rs, speedtest.rs, topology.rs
- Added to workspace members
- Verified compilation with cargo check
* Implement topology fetching for nym-lp-speedtest
- Add topology.rs with NymTopology integration
- Fetch mix nodes and gateways from nym-api
- Build GatewayInfo with LP addresses (port 41264)
- Provide random_route_to_gateway() for Sphinx routing
- Add required Cargo.toml dependencies
* Implement LP+Sphinx+KCP client with SURB support
- Add send_data() and send_data_with_surbs() methods for mixnet data
- Integrate KCP reliable delivery with Sphinx packet construction
- Add x25519 encryption keypair for SURB reply mechanism
- Wire up main.rs to test LP handshake and data path
- Add NymRouteProvider support in topology for SURB construction
- Refactor send_data() to delegate to send_data_with_surbs(0) (DRY)
The client can now:
- Perform LP handshake with gateways
- Send data through the mixnet wrapped in KCP + Sphinx packets
- Attach SURBs for bidirectional communication
- Return encryption keys for decrypting replies
* Rename nym-lp-speedtest to nym-lp-client and fix KCP bug
- Rename crate from nym-lp-speedtest to nym-lp-client
- Fix KCP bug: add driver.update() call before fetch_outgoing()
Without update(), KCP never moves segments from snd_queue to snd_buf
- Update CLI name, about string, and user agent to match new name
* Add LP mixnet mode registration with nym address return
- Extend RegistrationMode::Mixnet to include client_ed25519_pubkey
and client_x25519_pubkey for nym address construction
- Add LpGatewayData struct containing gateway_identity and
gateway_sphinx_key for SURB reply routing
- Add lp_gateway_data field to LpRegistrationResponse for mixnet mode
- Implement success_mixnet() constructor for mixnet registrations
- Update gateway registration to insert clients into ActiveClientsStore
for SURB reply delivery, matching the websocket flow
* Implement LP data handler on UDP:51264
- Add LpDataHandler for UDP data plane (port 51264)
- Decrypt LP layer and forward Sphinx packets to mixnet
- Add outbound_mix_sender to LpHandlerState
- Integrate data handler spawn into LpListener::run()
- Add metrics for data packets received/forwarded/errors
Implements nym-yzzm
* Fix replay protection vulnerability in LP data handler
Use state machine process_input() instead of manual decryption to ensure
proper replay protection:
- Counter check against receiving window
- Counter marking after successful decryption
Also handle subsession actions gracefully (SendPacket ignored on UDP,
clients should use TCP control plane for rekeying).
Security fix for nym-yzzm implementation.
* feat(ipr): add KcpSessionManager for LP client KCP handling
- Add fetch_incoming() and recv() methods to KcpDriver for retrieving
reassembled messages
- Create KcpSessionManager in ip-packet-router that manages KCP sessions
keyed by conv_id (first 4 bytes of KCP packet header)
- Store ReplySurbs per session for sending anonymous replies
- Implement session timeout (5 min) and max sessions limit (10000)
- Add comprehensive tests for session lifecycle and KCP roundtrip
* feat(ipr): integrate KcpSessionManager into MixnetListener
- Add KcpSessionManager field to MixnetListener struct
- Add is_kcp_message() helper to detect KCP-wrapped payloads
- Add on_kcp_message() to process LP client KCP messages
- Refactor on_reconstructed_message() to route KCP vs regular IPR
- Add KCP tick timer (100ms) for session updates and cleanup
- Initialize KcpSessionManager in IpPacketRouter::run_service_provider()
KCP messages are detected by checking byte 4 for valid KCP commands
(81-84), which doesn't conflict with IPR protocol version bytes (6-8)
at position 0.
Closes: nym-96zl
* fix(ipr): prevent KCP detection false positives on IPR messages
Add secondary check in is_kcp_message() to exclude messages that match
IPR protocol header pattern (version 6-8 at byte 0, ServiceProviderType
0-2 at byte 1). This prevents false positives where IPR messages with
byte 4 in range 81-84 would be incorrectly routed to KCP processing.
Added 4 unit tests to validate the detection logic.
Closes: nym-6f3x
* fix(ipr): wrap KCP client responses in KCP before SURB reply
- Modify on_kcp_message to handle responses directly instead of returning them
- Add handle_kcp_response method that wraps response in KCP and sends via mixnet
- Ensures KCP clients receive KCP-wrapped responses for proper reassembly
Closes: nym-7oh2
* fix(ipr): send KCP protocol packets in tick instead of just logging
- Add get_sender_tag() and fetch_outgoing_for_conv() to KcpSessionManager
- Change handle_kcp_tick() to actually send ACKs/retransmissions via mixnet
- Reduce KCP tick interval from 100ms to 10ms for better responsiveness
This fixes the KCP reliability protocol which was broken because
protocol packets (ACKs, retransmissions) were generated but never sent.
* feat(lp-client): wrap payload in IpPacketRequest before KCP
- Add nym-ip-packet-requests and bytes dependencies
- Wrap payload in IpPacketRequest::new_data_request() before sending to KCP
- Add LP_DATA_PORT constant (51264) and lp_data_address field to GatewayInfo
This ensures IPR can properly parse incoming messages as DataRequest.
LP framing (wrapping Sphinx in LP before sending) is a separate task.
* feat(lp-client): add LP session management and UDP data plane support
- Add wrap_data() and session_id() to LpRegistrationClient for LP packet
creation after handshake
- Add init_lp_session() and close_lp_session() to SpeedtestClient for
managing LP sessions
- Extract prepare_sphinx_fragments() helper to reduce code duplication
between send_data_with_surbs() and send_data_via_lp()
- Add send_data_via_lp() for sending Sphinx packets through LP's UDP
data plane (port 51264)
The LP session is kept alive after TCP handshake closes, allowing
subsequent wrap_data() calls for UDP transmission without re-handshaking.
* random formatting
* replaced all instances of bincode::serialize and bincode::deserialize with explicit lp_bincode_serialiser() within the LP
* additional formatting
* removed source of possible panic from nym-kkt
invalid KEM mapping will now return an Err rather than panicking
* integration test for LP entry registration
This includes creation of mocks of various gateway-related components, such as the PeerController
* changed ClientHelloData serialisation
the old variant using bincode did not produce constant-length output in some cases
* Fixed generation of receiver index
removes the possible clash with the boostrap id
* Integration test for nested LP registration
- move `LpTransport` trait definition to shared `nym-lp-transport` crate
- make transport layer within `LpConnectionHandler` generic with respect to the forwarding target. it must, however, use the same type as the incoming client connection
- extracted explicit `LpConnectionHandler::establish_exit_stream` to more easily modify it in the future to fully protect the channel and disallow using untrusted egress points
- fix additional log-string interpolation nits
* resolved clippy issues pointed out by clippy 1.91
* added LP discovery into self-described endpoint:
- removed changes to the node bonding within the contract
- introduced '/api/v1/lewes-protocol' route within nym-node http api
- added 'lewes_protocol' field to 'NymNodeData' inside of NymNodeDescription
- refactored LpConfig to allow separate bind and announce addresses and used more strict typing
* chore: allow unwrap/expect within kkt benchmarking code
* chore: downgraded sha2 dep for cosmwasm compatibility
* clippy
* marking simd calls as unsafe
* fixed calls to '_mm_testz_si128'
* additional clippy fixes
---------
Co-authored-by: Georgio Nicolas <me@georgio.xyz>
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* one commit to rule them all
* remove too aggressive copy pasting
* update details when outdated
* typo and serde alias
* no hostname option and fixes
* fix wasm client?
* non fallback fixed
* improve gateway details update
* better ws addresses
* PR review fixes
* improve type safety on update_gateway_published_data
* fix client gateway storage migration
* rename nyxd-scraper to sqlite
wip: made storage mostly generic minus modules
changed error types to make modules dyn compatible
implemented traits for sqlite instance
using sqlite instance for rewarder and chain watcher
psql scaffolding
initial postgres support - missing some proto -> json parsing
use postgres in chain scraper
added message registry to block processor
message content parsing in psql
involved addresses
adding null value for logs
Revert "use postgres in chain scraper"
This reverts commit 83c84bfd2d.
using SignerInfo proto definitions for db serialisation
added ibc messages to MessageRegistry
* add the data observatory
* add the data observatory
* move message parsing and change webhook
* handle wasm messages in a module
* formatting and clippy
* copy shared migrations and add comments to ignore file to explain
* update offline queries
* change to clap args and use url::Url to parse args
* tidy up README, startup info, typos
* tidy up validator rewarder
* lock file
* change webhook module from msg to tx handler
* ignore profiler output
* add missing things and make clippy happy
* updated cosmrs version used by the nym wallet
* add glob to workspace dependencies
* rename migration files
* remove copying from shared migrations
* duplicate shared migrations to keep things simple
* add check for manual migration sync that will fail on `cargo build` in CI
* build.rs checks data observatory migrations have content of all shared scraper migrations and errors on changes or new files
* update runner
* add reset target to make file
* process events and logs
* migrations - remove unnecessary columns
* update offline queries
* chore: run cargo fmt
* fix up: inpsect_err instead of map_err
---------
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
Co-authored-by: benedettadavico <benedetta.davico@gmail.com>
* chore: make 'DirectSecp256k1HdWallet' only derive its keys once on construction
Previously all the keys and account information was being derived for every transaction signed
* no longer keep account seed on the wallet struct
* vpn client report v2
* report v2 support in nym-stats API
* version bump
* CI fix while we're at it
* more CI fix
* needed the dind after all
* PR comments
* placeholder handling of wg registration with upgrade mode token
* include upgrade mode credentials as part of credential storage
* introduce helper for decoding JWT payload
* expose methods for removing emergency credentials from the storage
* don't allow duplicate emergency credentials with the same content
* added authenticator ClientMessage for upgrade mode check
* retrieve credentials with longest expiration first
* post rebasing fixes
* fixed gateway config
* feat: allow specifying minimum node performance for client init
* nym-node UM improvements
* fixed upgrade mode bandwidth on initial authentication
* fix: logs and thresholds
* expose attestation information from nym-node http api
* additional logs
* post rebasing fixes
* make @simonwicky happy by removing empty lines in emergency_credential table definition
* chore: remove '_' prefix for internal counters within in-mem ecash storage
* improved import of 'UpgradeModeState' within the nym-node
* use explicit time dependency within credential-storage
* re-order imports within the gateway-client
* moved 'AvailableBandwidth' definition to the monorepo
* squashing feat: merge intermediate upgrade mode changes #6174 to more easily resolve merge conflicts during rebasing
added additional v2 query for metadata endpoint for requesting upgrade mode recheck
added additional message to v6 authenticator to request explicit upgrade mode recheck
clippy
test fixes due to updated keys
updated assertion for upgrading v1 top up request to v2
compare attester public key against the expected value within the credential proxy
use pre-generated attestation public keys within nym-nodes
remove version deprecation
bugfix: default bandwidth response for authenticator
expose upgrade mode information in authenticator responses
adding tests for new v2 server
passing upgrade mode information in metadata endpoint
v2 wireguard private metadata
bugfix: make sure to immediately poll for attestation after spawning task
fix gateway probe and remove code duplication for finalizing registration
squashing before rebasing
post rebasing fixes
AuthenticatorVersion helpers
additional nits
allow unwraps in mocks
fixed linux build
clippy
integrating upgrade mode into authenticator
fixed build after adding wrappers to response types
conditionally updating peer handle bandwidth
cleanup
negotiate initial protocol during registration
change auth to use highest protocol
handler for JWT message
dont meter client bandwidth in upgrade mode
handling recheck requests
sending information about upgrade_mode on client messages
gateway watching for upgrade mode attestation
wip: gateways to disable bandwidth metering on upgrade mode
* fixed ServerResponse deserialisation
* fixed incorrect swagger path for upgrade mode check endpoint
* moved upgrade mode endpoint out of bandwidth routes
* chore: remove unused error variant
* removed re-export of UpgradeModeAttestation from credentials-interface
* chore: define single source of truth for minimum bandwidth threshold value
* moved type definitions out of traits.rs
* updated v6 versioning to point to niolo release instead
* fixed incorrect error mapping
* http url fallback conditions
* include changes and tests for fronted
* Allow for explicit DNS error Handling in HTTP client (#6201)
when sending http reqs add manual DNS so we can handle errors directly
* Address PR nits
---------
Co-authored-by: durch <durch@users.noreply.github.com>
* squashed feature/credential-proxy-jwt [#5957]
post rebasing fixes
clippy
changed obtain-async endpoint to conditionally return jwt instead of pending zk-nym
watching for the attestation file and issuing jwt
* changed attestation starting time serialisation into rfc3339
* including authorised JWT issuers in attestation
* reduce attestation retrieval error log
* new quick deployment script
* docs tweak
* update script to use .deb postinst
* final clean - ready to go
* correct nym-node config dir search with a fallback
Updated ping commands to explicitly use IPv4 and adjusted file permission checks with sudo. Changed the forward address prompt to specify IPv4 and modified the binary download process to fetch and install the latest .deb release URL automatically.
Changes:
- Add network_details field to BaseClientBuilder (optional, backwards compatible)
- Add with_network_details() method for opt-in domain fronting
- Update construct_nym_api_client() to use from_network() when network_details provided
- Enable network-defaults feature in nym-client-core Cargo.toml
- SDK passes network_details to BaseClientBuilder
Changes:
Multiple URL fallback with configurable retries (defaults to 3)
Infallible URL conversion per Andrews feedback (Url::from() instead of parse().ok())
Non-breaking builder pattern for BuilderConfig per Andrej's "too many arguments" feedback
Reverted redundant node filtering per Andrew's clarification that API already filters by supported_roles.entry
Changes:
- Replace String error with BuilderConfigError enum in BuilderConfigBuilder
- Update tests to use pattern matching instead of string assertions
This branch now contains only gateway registration improvements:
- Multiple URL fallback support in gateways_for_init()
- Get all entry-capable nodes for registration
- Performance and code quality improvements
- Reverted all changes to topology_control/nym_api_provider.rs
- Changed info/warn logs to debug for custom client messages
- Removed unused _rng parameter from gateways_for_init()
- Simplified URL builder to always use new_with_urls()
Resolved conflicts:
- Added event_tx field to MixnetClientBuilder alongside custom_nym_api_client
- Both features are independent and coexist:
* custom_nym_api_client: for domain fronting support
* event_tx: for event handling
- Updated all constructors and methods to properly handle both fields
- Add with_nym_api_client() to BaseClientBuilder, MixnetClientBuilder, and RegistrationClientBuilderConfig
- Modify nym_api_provider to fetch all nodes then filter by supported_roles.entry (fixes metadata inconsistency)
- Update helpers.rs to build HTTP client with all nym_apis URLs and retries for fallback support
- Fix SDK to use entry_capable_nodes() instead of entry_gateways() for broader gateway selection
This enables domain fronting and URL rotation throughout the entire SDK stack, improving censorship resistance and connection reliability. All changes are backward compatible - custom client is optional.
* bugfix: retrieve and update ticketbook in the same query
* bump up NS version
* Update Cargo.toml
* remove SKIP LOCKED part of the query
---------
Co-authored-by: benedetta davico <46782255+benedettadavico@users.noreply.github.com>
* add quic_bridge_deployment.sh
* create a snippet with quick install steps
* add quic deployment to changelog
* add quic deployment to node config page
* add version compatibility callout
* last edits and scraped stats update
* correct name of QUIC snippet
* fix naming
* fix naming
* re-run python-prebuild.sh aka time-now updated
* attempt to fix vercel build the hard way
* rerun npm
* build with pnpm
* restore lock file and rebuild w pnpm
* chore: update pnpm lockfile
* attempt to fix build
* attempt to fix runtime builds
* update ci-docs run OS
dont build netstack in CI
additional rust 2024 fixes
fixes
removed temp.rs
first round of cleanup
removed duplicated NS types
moved gateway probe to the monorepo
* ns-api: when `score` is `Offline`, clamp `load` to `Offline`
* ns-api: bump version
* ns-api: add mixnet score field to performance_v2 struct
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
* Debug logging
* Yield based logging
* Reintroduce non-dummy task manager, try add counting for
BatchMessageSender, a couple of compiler target introductions on use
statements.
* Fixed time runtime err
* Uncomment forgetme/rememberme
* remove diffs from debug
* missed commented out forgetme
* yet more forgetme comments
* * Added missing clientreqestsender clone to wasm client to stop
premature drop & busyloop
* Removed hacky mem::forget fix
* Remove debug panic_hook
* Conditional import + use of wasm_utils::console_log
* add wasm_util dep
* Commenting out or removing debug logging
* Remove missed comment
* cleanup gitignore
* clippy
* update go version in ci
* removed unused deps
* add clippy ignore
* remove mixfetch from ci build
* add minifetch fix
* comment out unused ts builds
* stop contract clients killing ci for the moment
* wasm target locking for imports
* Either remove console_log! macro or introduce cfg(debug_assertions)
* downgrade netlink
* debug assertions for console_log import
* modify config logging (debug -> normal)
* remove clone for client_request_sender + grab directly in struct
creation
* reintroduce debug print for config in debug mode
* remove ood / unused custom topology from worker example file
* clippy
* clippy - ignore todo() tests
* modified humantime test in line with new parsing rules
* added new dkg execute methods for ownership transfer and announce address update
* cherry-pick TestableNymContract for the dkg contract from #5091
* tests
* schema fixes
* removed old queued migrations
* ns api: add node scraper for bridge information and add to dVPN gateway output
* extra error reporting
* run sqlx-prepare
* fix clippy
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
Co-authored-by: benedettadavico <benedetta.davico@gmail.com>
* ns-api: remove sqlite support
ns-api: add env var to skip migrations for local dev
ns-api: tidy up imports
ns-api: fix deserialisation fo node descriptions
update dockerfile
update README
fix up README and example env
ns-api: bump major version to 4
ns-api: add more geoip data and new performance field in dvpn responses
* ability to import partial ticketbooks
* wip: adding common ecash state to NS API
* buffering ticketbooks
* wip
* distribute tickets when getting testrun assignment
* passing ticketbook data to gateway probe
* wrapped around storage tx
* ticketbook query fixes
* clippy
* modified testrun assignment to always return tickets
* Update version
* Update push-node-status-agent.yaml
* Update Cargo.toml
* add entrypoint for ns agents
* sqlx prepare and cargo fmt
* clippy fixes
* Update ci-check-ns-api-version.yml
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
Co-authored-by: benedetta davico <46782255+benedettadavico@users.noreply.github.com>
Co-authored-by: benedettadavico <benedetta.davico@gmail.com>
* ns-api: remove sqlite support
ns-api: add env var to skip migrations for local dev
ns-api: tidy up imports
ns-api: fix deserialisation fo node descriptions
update dockerfile
update README
fix up README and example env
ns-api: bump major version to 4
ns-api: add more geoip data and new performance field in dvpn responses
* ns-api: polyfill dVPN probe outcomes to make compatible with existing clients
* Use explicit transaction for testrun status change (#6046)
* Use explicit transaction for testrun status change
* Improve run scripts
* Skip locked rows
* bump version 4.0.2
* Fix build.rs
* Fix up .sqlx queries
* Bump agent version and change dockerfile to run the agent in a loop
* Make time between agents configurable by env var SLEEP_TIME
* Update entrypoint.sh
* Update Dockerfile with full path
* Force bigint to avoid postgres numeric cast
* Add override args to agent entry point, bump agent version and NS API version
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
Co-authored-by: dynco-nym <173912580+dynco-nym@users.noreply.github.com>
* remove [most of] legacy data from nym-api endpoints
* chore: removed contamination with legacy nodes data
* added /v1/nym-nodes/stake-saturation/{node_id}
* added /v1/legacy/mixnodes and /v1/legacy/gateways
* removed scraping of legacy mixnodes in NS api
* remove export of removed types
* huge warnings on attempting to use removed commands in the wallet
* fixed reference to removed type in tests
* feat: unify HTTP client creation and enable domain fronting
Enhanced the base nym_http_api_client to reduce fragmentation and enable domain fronting:
- Added SerializationFormat enum for explicit JSON/bincode choice (no auto-detection)
- Added from_network() method to create clients from NymNetworkDetails with domain fronting
- Added with_bincode() builder method for explicit serialization configuration
- Set Accept header based on serialization preference
- Added deprecation paths for NymApiClient wrapper and nym_api::Client re-export
- Enabled domain fronting support via network defaults feature
This is part of a broader effort to consolidate HTTP client implementations across the codebase,
reducing ~500 lines of wrapper code and providing automatic domain fronting for censorship resistance.
* feat: migrate NymApiClient usage to unified HTTP client
- Wire up domain fronting configuration in NymNetworkDetails
- Implement NymApiClientExt trait for base nym_http_api_client::Client
- Migrate direct NymApiClient usage in multiple components:
- nym-network-monitor
- verloc measurements
- connection tester
- coconut/ecash client
- validator rewarder
- Add Copy derive to ApiUrlConst to enable iteration
- Update error handling and Display implementations
This enables automatic domain fronting for all Nym API calls via the configured CDN front hosts.
* fix: resolve all compilation errors after NymApiClient migration
- Add missing nym-http-api-client dependencies to multiple crates
- Add NymApiClientExt trait imports where needed
- Fix type mismatches from NymApiClient to unified Client
- Add error conversions for NymAPIError in various error enums
- Implement missing trait methods (get_current_rewarded_set, get_all_basic_nodes_with_metadata, get_all_described_nodes)
- Fix type conversions for RewardedSetResponse in network monitor
- Update all API client instantiation to use new unified HTTP client
* feat: complete migration to unified HTTP client and fix all compilation errors
- Added missing NymApiClientExt trait methods (get_all_expanded_nodes, change_base_urls)
- Fixed all compilation errors across the workspace
- Updated nym-node to use unified client instead of deprecated NymApiClient
- Fixed type conversions for RewardedSetResponse → EpochRewardedSet
- Added nym-http-api-client dependency where needed
- Updated all examples and documentation to use new client API
* fix: provide all API URLs for automatic failover in endpoint rotation
Previously, when rotating API endpoints, only a single URL was provided to the
HTTP client, defeating the purpose of having multiple URLs for resilience.
Changes:
- NymApiTopologyProvider now provides all URLs in rotated order when switching endpoints
- NymApisClient similarly provides all URLs starting from the working endpoint
- Added clarifying comments for broadcast/exhaustive query methods where single URLs are intentionally used
- This enables the HTTP client's built-in failover mechanism while maintaining endpoint rotation behavior
The fix ensures that if the primary endpoint fails, the client can automatically
failover to alternative endpoints without manual intervention, improving overall
network resilience.
* Update common/client-core/src/client/base_client/mod.rs
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* Remove error generics, address PR comments
* Explicit warning on missing fronting configuration
* Assorted CI fixes
* Registry proc-macro
* Rename macro
* Syn workspace version
* Where do we need to put inventory
* Ergonomics and call sites, incept the builder
* fix: Address critical issues in client configuration registry implementation
- Fixed HeaderMapInit parsing bug that would cause compilation errors
- Added comprehensive documentation with usage examples and DSL reference
- Improved error handling with better error messages for invalid headers
- Added test coverage for both macro and registry functionality
- Added debug inspection capabilities for registered configurations
- Fixed module name conflicts in tests by using separate modules
All tests now passing:
- 7 macro tests validating DSL parsing and code generation
- 4 registry tests verifying configuration collection and application
* Use default value for the ports until api is deployed
* Feature/improved http error (#6025)
* use display impl for urls
* feat: attempt to add more details to reqwest errors
* temporarily restored GenericRequestFailure variant
* another restoration
* cleanup
* Some debug tooling, and default timeout fix
* Fix user-agent override
* Fix various wasm things
---------
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
Co-authored-by: Bogdan-Ștefan Neacşu <bogdan@nymtech.net>
* squashing work on using cancellation in nym crates
making nym-task wasm compilable
removed sending of status messages
replaced TaskManager with ShutdownManager in the validator rewarder
additional helpers for ShutdownManager
simplified ShutdownToken by removing the name field
TaskClient => ShutdownToken within all client tasks
wip: remove TaskHandle
* track all long-living client tasks
* add task tracking for most top level tasks within nym-node
* improved default builder
* split up cancellation module
* module documentation and unit tests
* nym node fixes and naming consistency
* wasm fixes
* assert_eq => assert
* wasm fixes and made 'run_until_shutdown' take reference instead of ownership
* linux-specific fixes to IpPacketRouter
* post rebasing fixes for signing monitor
* add ShutdownManager constructor to build it from an external token
* applying PR review suggestions
* moved storage and deposits buffer to the common lib
* move more of the state into the shared lib
* extracted the rest of the features into the shared lib
* fixed test imports
* clippy
* make nym-api use ShutdownToken instead of TaskClient
* ignore public-api tests if env is not set
* removed default features to avoid pulling in openssl
* initialise stake adjustment program
* add readme file with a simple guide
* syntax
* syntax
* FINISHED: faster and returning more data
* change dwl link to develop branch
* feat: shared library for attempting to retrieve update mode attestation
* clippy
* add nym- prefix to the crate name
* use pure-rust impl for jwt-simple
* bugfix: Recipient deserialisation for deserialisers missing bytes specialisation
for example toml or json will just default to visit_seq ignoring bytes related optimisations
* clippy
* node-status-api: fix missing monikers because of deserialisation issues from unstructured data
* node-status-api: bump version after bug fix monikers
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
* chore: rename VpnApiError to CredentialProxyError
* reorganise deposit flow
* updated sql tables et al.
* insert information about deposit usage failure
* remove old deposit maker
* nym credential proxy to monitor quorum state to stop issuance if it'd fail
* clippy
* target lock new modules
* windows clippy
* renamed migration file due to rebasing
* Remove freshness check on testrun submit
- freshness is enforced by a background task
that marks testruns as stale after a
configured amount of time
* Move code around
* Add humantime
* Update launch script
* Fix typo
* Adjust agent run script
* Configure user agent
* Bump version
* feat: introduce additional checks when attempting to send to bounded channels
or to a fallible gateway
* return error rather than panic when merging socket during shutdown
delay to gruyere
chore: delay to Feta
added threshold information to the response
nym api test clippy
bugfixes and endpoint improvements
expose results on api endpoints
wip: making nym api monitor network signers
added fallback legacy queries to get basic support idea
refactored the code to expose bool-only methods for status
ecash-signer-check lib for obtaining basic ecash signer information
* conditionally enable console-subscriber within nym-node
* Update ci-build-upload-binaries.yml
* Update ci-build-upload-binaries.yml
add features console
* updated feature name
* fixed filtering on tracing layers
* add track_caller when spawning futures for better tokio-console support
* allow [client] tasks to specify their names when used within tokio console
* clippy
* pre-emptively fix wasm clippy
---------
Co-authored-by: Tommy Verrall <60836166+tommyv1987@users.noreply.github.com>
* Set cached storage counters to 0 (#5812)
* Set cached storage counters to 0
* u64 to i64 log possible error
* Check addition too
Debug commit
Remove more data from wg storage peer
Put actual ticket type in storage
Simplify add peer
Finish rebase
Pass defguard Peer
Cache less data for consumption
GatewayStorage traits
Wg API trait
Mock test structures
Unit test for peer controller
EcashManager trait
Init test of Authenticator
Remove peer test
* Fix windows different API
* Use make_bincode_serializer like in other places
* Add log_slow_statements to gateway storage
* Use correct LevelFilter
* Fix clippy
* More win fix
* Win clippy
* Use two error variants more
* Use only one Arc<RwLock<T>> instead of many more
* Remove commented test
* Specific trait import
* feat(db): add SQL query wrapper for PostgreSQL placeholder conversion
- Created query_wrapper module with functions to automatically convert
SQLite ? placeholders to PostgreSQL $1, $2, ... format
- Updated build.rs to handle mutually exclusive feature flags
- Modified one query in mixnodes.rs as proof of concept
- Added type conversions for PostgreSQL compatibility (u32->i64, u16->i32)
This is a checkpoint commit before converting all queries to use the wrapper.
* feat(nym-node-status-api): add PostgreSQL database support via feature flags
Implement dual database support for SQLite and PostgreSQL through Cargo feature flags.
The implementation uses a query wrapper that automatically converts SQLite-style ?
placeholders to PostgreSQL-style $1, $2, ... placeholders at runtime.
Key changes:
- Add query wrapper functions that handle placeholder conversion
- Convert all sqlx::query\! macros to use wrapper functions
- Handle type conversions between databases (i64 vs i32)
- Add feature-gated implementations for database-specific SQL syntax
- Update Makefile with clippy targets for both database features
- Document database support in README
* feat(nym-node-status-agent): add multi-API support with random selection
Agents can now connect to multiple APIs and randomly select one for each testrun:
- Accept multiple --server arguments in format "address:port:auth_key"
- Randomly shuffle server list before attempting connections
- Try each server until a testrun is obtained
- Submit results back only to the API that provided the testrun
- Continue to next server if one is down or has no testruns available
* feat(nym-node-status): implement primary/secondary server architecture
- Agent now requests testruns only from primary server (first in list)
- Results are submitted to all configured servers in parallel
- Secondary servers accept external testruns via new v2 endpoint
- Added auto-creation of gateway and testrun records on secondary servers
- New database queries: get_or_create_gateway, insert_external_testrun
- Client library enhanced with submit_results_with_context method
* Bump Node status API version
* Fix build workdir
* Bump to 3.1.4
* Fix types and queries
* 3.1.6
* Fix gateway perf, bump 3.1.7
* NodeId -> i32, 3.1.8
* Bump agent version
* i64 -> i32
* Use image yq
* Migration and more types
* Update remaining JSONB columns
* Simplify server config
* Update build path
* Change delimiter
* bump agent
* Split up pg and sqlite builds
* More typing fixes, build-and-push script
* Fix Dockerfile-pg
* Bump node-status-api
* TYping
* Agent build script
* More logging around testruns
* Fail loudly on read errors
* Cleanup
* Debug get gateways query
* Fix get_gateways query
* Use pg cert, 3.1.16
* Submit regular results to primary server
* Bump freshenss cutoff
* Update Cargo.lock
* fix: resolve rebase conflicts and compilation errors
After rebasing onto develop, fixed several issues:
- Fixed borrowed data escapes error by using sqlx::query directly in transaction functions
- Removed unused imports and cleaned up code
- Maintained database-specific implementations for transaction functions
* fmt
* Make PG default to make lives easier
* Performance improvements for Explorer v2
* Fix sqlite build
* Fix PG migration
* Tests round 1
* DB tests
* More tests
* And some more tests
* And some more, more tests
* cargo fmt
* Fix some failing lints
* Fix lioness version problems
* Clippy in tests
---------
Co-authored-by: dynco-nym <173912580+dynco-nym@users.noreply.github.com>
* define storage item for holding historical DKG state
* make all epoch storage operations go through proxy functions
* make each saving action also apply to the historical item
* removed usage of update_epoch function
* test correct save heights
* exposed query for the epoch state at specified height
* regenerated contract schema
* restored default cw-plus behaviour as in hindsight it makes more sense
* feat: add GetEpochDealers and GetEpochDealersAddresses queries to the DKG contract
* extended DkgQueryClient with new queries
* updated contract schema
* unit tests
* wip: changes to surb logic + stronger db typing
* surb invalidation logic
* chore: remove unused deps
* resolving todos
* a lot of additional bugfixes
* 1.88 clippy
* wasm fixes
* wasm clippy
* wallet clippy
* wait for epoch end when setting up new network
* split ReplyController into Sender and Receiver for easier reasoning
* additional reply surbs improvements
includes, but is not limited to: unconditionally reseting sender tag on restart, limiting number of surb re-requests, resetting stale surbs on load
* fixed calculation of number of removed surbs
* add additional calculated field to key rotation info
* DBG: 'request_reply_surbs_for_queue_clearing' temp logs
* fixes for silly mistakes
* conditionally reduce log severity
* renamed nym-api config fields
* decouple rewarder startup from network monitor
* additional sections in nym-api config
* removed vesting queries in circulating supply calculator
* added memoized field for last submitted performance measurement
* wip: performance contract refresher
* cleaned up various contract caches
* modified cache refresher to allow passing update fn
* implement performance cache refreshing
* updated lefthook.yml to run cargo fmt
* impl NodePerformanceProvider trait
* dynamically using specific performance provider
* pre warm up performance contract cache and forbid the mode if its empty
* clippy
* introduce fallback setting for performance contract if value for given epoch is not available
* move some functions around
* initialised basic structure for the performance contract
* shared code for contract testing
* unified common testing methods between performance and nym pool contracts
* impl of ExecuteMsg for the contract
* impl of QueryMsg for the contract
* setting initial authorised NMs during instantiation
* additional tests and fixes
* ibid
* scaffolding for client traits
* completed client traits
* clippy
* naive add performance contract to testnet manager
* placeholder values for the performance contract address
* introduced admin messages to purge old measurements from the storage
* introduced check ensuring performance data is only added to bonded nodes
* wip - dvpn directory cache
* Endpoint & cache
* /gateways works
- SkimmedNode data still missing
- need to move probe models to monorepo
* Rest of the data for /gateways
* Revert before merge: pin deps to cheddar release
* Filter gw by country
* Return percent string instead of u8
* Filter by semver
* Bump package version
* Fix probe types
* Reorg
* Add exit, entry endpoints
* Different entry/exit selection criteria
* Date fix migration
* Unpin from cheddar
* Revert "Unpin from cheddar"
This reverts commit f17239075b.
* Validation with celes
* PR feedback
* Fix path
* Bump version
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
- keep all the internal-dev wasm pieces as future examples
- everything previously was going to be removed
- shows functioning wasm interaction with the js
* wip
* wip: wrap node's sphinx key with a manager
* wip: choosing correct key for packet processing
* further propagation of key rotation information
* attaching key rotation information to reply surbs
* added basic key rotation information to mixnet contract
* wip: introducing cached queries for key rotation info from nym api
* unified nym-api contract cache refreshing
* finish packet decoding
* multi api client + retrieving rotation id
* rotating sphinx key files
* logic for migrating config file
* wip: putting new sphinx keys to self described endpoints
* processing loop of KeyRotationController
* fixed sphinx key loading
* rotating bloomfilters
* wired up KeyRotationController
* flushing bloomfilters to disk and loading
* most of nym-node changes
* post rebase fixes
* fixes due to backwards compatible hostkeys
* split http state.rs file
* dont use deprecated fields
* fixed backwards compatible deserialisation of host information
* split up node describe cache
* added a dedicated CacheRefresher listener to perform full refresh outside the set interval
* controlling announced sphinx keys within nym-api
* retrieving rotation id when pulling topology
* split nym-nodes http handlers
* v2 nym-api endpoints to retrieve nodes with additional metadata information
* bug fixes...
* additional bugfixes and guards against stuck epoch
* testnet manager: set first nym-api as the rewarder
* fixed host information deserialisation
* fixed panic during first key rotation
* post rebase fixes
* clippy
* more guards against stuck epochs
* added helper method to reset node's sphinx key
* instantiate mixnet contract with custom key rotation validity
* additional bugfixes and debugging nym-api deadlock
* passing shutdown to nym apis client
* remove dead test
* post rebasing fixes
* missing MixnetQueryClient variants
* remove usage of deprecated methods in sdk example
* fix: incorrect method signature
* post rebasing fixes
* attempt to retrieve key rotation id before doing any config migration work
* ignore tests relying on networking behaviour
* allow networking failures in certain tests
* add option for ssl mode
* add dockerfile and dev util
* add github workflow for nym-statistics api
* apply review comments
* ci check for version + removed checks from push
* squashed nym-pool commits
initialised nym-pool contract and updated all bls12_381 to make it possible
create scaffolding for tests
ability to control the contract admin
introducing contract grants
grant type validation
basic grant operations + stubs for other messages
added queries
use transaction stubs
added expiration information to grant queries
setting initial grant state based on the current environment
allowance logic for attempting to spend part of a grant
implemented all remaining transactions
made public api for coin locking perform validation
tests for locked tokens storage
nympool storage tests
added messages for changing granter set
tests and fixes for sufficient tokens when inserting grants
tests for initial state + more bugfixes
queries tests
additional tests for transactions and fixes
post rebase fixes
updated contract dependencies
removed redundant wasm constructor
dont ask me why this suddenly became an issue - no clue
removed redundant wasm constructor
dont ask me why this suddenly became an issue - no clue
* missing schema + added nym_pool to the main Makefile
* move stats types from vpn-client to here
* base stats api
* change storage schema
* add link to nymAPI for whitelisting
* remove outdated comment
* more comments update
* example of chrono vs time
* Add build.rs
- exports DATABASE_URL so cargo check works
- exports SQLX_OFFLINE for CI
- added pg_up.sh which spawns PG container
- required for cargo sqlx prepare
* fixes time vs chrono issue and cleaner build with docker
* add correct swagger types, with feature locking where relevant
* apply dynco suggestions
---------
Co-authored-by: dynco-nym <173912580+dynco-nym@users.noreply.github.com>
* Clippy in wallet & sdk
* Clippy in wallet
* Pin rust to 1.86 in builder
* apply changes from b7da75a18c
* missing nym-node features
* Box all the things
* additional boxes in the wallet
* post rebasing clippy
---------
Co-authored-by: dynco-nym <173912580+dynco-nym@users.noreply.github.com>
* Add a cache for the credentials seen before on top-up
* Verify seen credentials on top ups
* Add warning log for timestamp subtraction
* Add unit test
* Add node_bonded field to delegations
- clarifies whether the delegation is to a bonded or unbonded node
- include delegations to unbonded nodes in the returned list
* PR feedback
* correct expression about node stake
* typo fix
* sharpen overview
* detail rewards formula
* make calculator into standalone jsx component and import it
* finish pr for review
* fix alpha example with correct formula
* work in comments
In the vpn-api client we create requests directly, so let's instrument
them as well as the currently instrumented top-level function get_json
doesn't capture that.
- new instance of echo server with lib / cli split
- echo server docs update
- tcpproxy and echosever now listen for kill signal
- ffi bindings of tcpproxy functions updated
* Decrease default average packet delay to 15 ms
* Add upgrade for config value
* Fix ip packet router too
* Fix clippy
* Remove message_sending_average_delay from template too
* refactor FormattedResponse to allow attaching additional headers
* helper method for including expiration headers
* add expires header for /active nodes responses
* added additional 'with_expires_header_delta' builder to FormattedResponse to allow setting expiration header with time delta
Upgrade the `prometheus` crate to bump the version of the protobuf
crate, which is flagged by `cargo audit` as having a security issue
RUSTSEC-2024-0437.
VPN-3074
* move SessionType into statsitcis common crate
* add RememberMe to clients config
* change stats collection logic to handle remember me
* set up sdk client to send remember me message
* bump NS API version
* introduce 'Bincode' variant for FormattedResponse
* allow nym-api to return responses in bincode (and also yaml)
* client parsing support
* cargo fmt
* missing changes to nym-api tests
* fixed node status api build + adjusted NymApiClient construction
* NMv2 fixes + further api changes
* feature-locking http-api-common to fix wasm build
* Add /account/{address}
* Don't query vesting info
* Don't query rewards
* Remove unused code
* Fix clippy
* Fix build.rs build on Windows
* Addressing PR feedback
- not cloning nym nodes from cache
- reduced number of nym nodes kept in memory
- reduced number of iterations to read all data
- removed some fields
* Fix total_delegations
* Optimize nym_nodes hashmap
* Split flow into functions
* Remove vesting info
* Add caching for endpoint
* Cache optimizations
* Return early if balance is 0
* Refactor state cloning shenanigans
* Improve swagger definitions
* Sort data in DB
* Improve logging
* Store gw description to nym nodes table
* Move explorer related path to /explorer
* Bump package version
* Don't exit handle without having peer removed
* Kernel going back to 0 is not an error
* Fix build
* Add stronger message for failure on last resort remove
clean up
Another try
clean up
fix build
fix build
fix build
fix build
Refactor Node page to accept identity_key in params
fix build
fix build
fix buggy data on landing page graphs
Try fix gas fee for redeem all rewards
Another try to fix gas fee for redeem rewards
Add fees "auto" to the cosmWasm client with offline signer
comment out unused option
add getOfflineSigner dependency to the callback fn
comment out for good
clean up, optimise homepage layout
Dark theme
fix build
fix build
add fixes
Rebase onto develop, fix lint error
fix build
Fix tooltip
Fix switch button on mobile header
fix build
clean up
fix build
Fix switch component
fix build
Add moniker to Magic Search, fix tooltip hover on landing page
refactor urls
fix build
edit placeholder
Fix styles
fix error message
* Expand /v3/nym-nodes
- includes node description and geodata
- expanded scope of included geodata
* Fetch geodata for all nodes
* Bump package version
* removed support for legacy packet types from NymCodec
I think nodes had plenty of time to upgrade given versioned variant was introduced in 2022
* temp: use local sphinx packet for development
* introduce new messages that use more efficient reply surbs encoding
* checks for incorrect encoding
* generate correct message depending on config value
* fixed current packet version
* made packet type selection configurable
* updated sphinx packet crate to the published version
* fixed wasm build
* fixes in outfox due to sphinx api changes
* additional tests
* clippy
* fixed log/tracing import
* remove old packettype + fix: apply routing filter BEFORE delaying
* updated sphinx crate for allow usage of reply tags
* full pipeline for placeholder checking of packet replay
* replay protection with batched insertion
* running background task for clearing/flushing the BF
* allow disabling the replay detection + cleanup
* allow unwrap in bench code
* Move all workflows on ubuntu-20 to ubuntu-22
* Add missing -y for installing rsync in ci-docs
* Install rsync with --yes
* Switch two jobs to github hosted free tier runners
- now i've reverted back to the original two here, as the compiler is failing around `tauri::api::path` however, looking into the new design for the path resolver in tower this tasks, requires pratically changing the whole wallet_strorage and config set up
- it seems pretty straight forward https://v2.tauri.app/start/migrate/from-tauri-1/#migrate-path-to-tauri-manager - however, I would need a second set of eyes on this
- now i've reverted back to the original two here, as the compiler is failing around `tauri::api::path` however, looking into the new design for the path resolver in tower this tasks, requires pratically changing the whole wallet_strorage and config set up
- it seems pretty straight forward https://v2.tauri.app/start/migrate/from-tauri-1/#migrate-path-to-tauri-manager - however, I would need a second set of eyes on this
- now i've reverted back to the original two here, as the compiler is failing around `tauri::api::path` however, looking into the new design for the path resolver in tower this tasks, requires pratically changing the whole wallet_strorage and config set up
- it seems pretty straight forward https://v2.tauri.app/start/migrate/from-tauri-1/#migrate-path-to-tauri-manager - however, I would need a second set of eyes on this
* wip: sending with single client
* tag packets to measure latency
* constantly logging rates
* concurrency
* adjusting some values
* write results to files upon completion
* change ticketbook data request to allow for pagination
* implemented api endpoints on nym-api side
* auxiliary nym-api queries for number of issued ticketbooks
* ensure that challenged issuers support new queries
* addeed persistent identity to the rewarder
* clippy
* stupid chrono feature workaround
* clippy
* debugging issuance verification
* remove redundant closure
* added a minimum issuance threshold
* updated contracts to cosmwasm2.2 and fixed build issues
* removed old coconut contract code + additional dkg fixes
* replace deprecated to_binary and from_binary functions
* mixnet contract tests compiling
some are failing due to incorrect addresses
* made other contract tests compile
* fixed remaining tests
* allow usage of manually dispatching contract replies
* nym-api test fixes
* removed old toolchain from contracts CI
* linter fixes
* regenerated contract schema
* fixed easy_addr
* further license fixes
* post rebase fixes + update to 2.2.2
* change ci runner
* minor CI adjustments
* change wallet CI to use node 20
* more CI changes...
* run cosmwasm-check against release contracts
* test ci changes
* wip...
- the submission to the chain probably needs changing to create a new nym-node rust type for updating the cost params
- a few things may been changing in terms of display and submission
- the simulate txs fee is failing - because i don't know what to put
* Clean stale partially received buffers
* Tweak timeout
* Do cleanup after handling new messages instead of in the select loop
* Debug logging and remove unreachable
* Downgrade log
* Tweak logs
* tweak whitespace
* Only run the stale check every 10 sec
* new api link for explorer v2
* remove footer add explorer to navbar
* include image
* @ fix menu icons
* + explorer link in footer
---------
Co-authored-by: RadekSabacky <radek@nymtech.net>
* Add /v3/nym-nodes
- returns extended node info from local DB
- endpoint caching
- add bond_info & self_described to DB nym_nodes
- update mixnode & gateway bond status on data refresh
- add `active` column to DB nym_nodes
- use only active & bonded nodes in scraping/testrun tasks
* Improve log
* PR feedback
- remove active field from nym_nodes
- delete obsolete nym_nodes
* node-status-api: cargo sqlx prepare
* Remove guardrails in CI file
* Revert "node-status-api: cargo sqlx prepare"
This reverts commit 1fcd895f0d.
* Try to ignore sqlx files
* cargo sqlx prepare
* Repair harbor tag check
* Try without checkout action
* add awk
* Update log
* add new endpoints for health and build information
* fixed timestamp serialisation in api responses
* status routes for price scraper
* state for processing bank msg
* clippy
* first pass
* cleanup
* added qu
* add readme
* more verbose err
* reword explainer @ top
* rename private-key.public to public-key
* move instructions to own file + add _meta.json files
* first pass probe
* remove unnecessary doubled notice to developers
* added extra debug log to version()
* include PR suggestions
* remove commented out function
* introduced v2 authentication request between clients and gateways
* client to send v2 auth when possible
* added persistence to last used authentication timestamp
* added clients identity to signed plaintext
To reduce the risk of the IPR DoS the client:
- Lower the timeout until the IPR will disconnect a client
- Reduce fewer surbs at a time. Large surb requests increases the
latency until all fragments in the response have been delivered. The
efficiency gains of having large surb requests dimishes quickly for
large sizes as well
* new NymNodeTopologyProvider to also keep track of ips of all nodes
* added nym-api endpoint for nodes existence by ip
* change behaviour of updating allowed nodes alongside the topology
* clippy
* license fix
* fix default filtering limit
* introduced v2 authentication request between clients and gateways
* client to send v2 auth when possible
* added persistence to last used authentication timestamp
* added clients identity to signed plaintext
* initialise KVM docs
* initialise steps for KVM installation and setup
* document guide to setup KVM network bridge
* add new page with KVM installation
* add disclaimer
* add VM configuration guide
* first version finalised, ready for testing and review
* finish VM guide
* setup guide finished
* add last sentence
* nym-api endpoint to return latest block information
* attached chain health to health query
* fixed serde casing
* one of the most nastiest work arounds in test code
* IPR v8 request/response types
* Remove signature for when we use sender tags
* Remove unused
* Address some review comments
* Update license to GPL-3.0 for IPR
Since the IPR can run as a binary, make sure it's license is GPL-3.0
* update cargo deny
* Add back support for v6
* Tidy responses
* Clippy
* Fix compilation
* Conversions
* Conversions
* Split response conversion
* request split
* Complete conversion switch
* Remove commented out code
* rustfmt
* Remove unused conversions
* Remove unused TryFrom
* use from
Inside client-core we want to prepare the ground for moving a behaviour
close to what we have in the vpn client.
Remove all the recv_with_delay since we want to just stop
Add shutdown condition to all select loops to guard against the shutdown
listener being polled inside the select blocks.
Since the contracts workspace depends on the common code in the main
workspace, and since the contracts are critical to not have regressions
in, trigger contracts CI on any changes to the workspace
Cargo.toml and lock files.
* Disable the test for checking the remaining bandwidth in nym-node-status-api
This check fails almost every time on CI, possibly due to rate limiting?
It's not good to disable the check, but it's blocking CI as it stands
now. Given that we have the check above for locating the ip, we at least
have a little coverage.
* Remove unused
* Upgrade to thiserror 2.0
* Remove line macros in vesting contract error type
* Name positional arguments in GatewayRequestsError
* Named positional argument
* Revert "Remove line macros in vesting contract error type"
This reverts commit 49f937da3f.
* Use positional arguments for line
* fix socks5 syntax
* reshape backup and restore and add proxy
* fix URLS
* remove deprecated node-api-check - archived for when there is time to maintain the tool
* add hash verification step
* feature: introduce /load endpoint for self-reported quantised NymNode load
* return Load::Unknown for value of 0 because it means we misread some data
* add additional filtering on 'en...' endpoints
* make packet statistics wasm-compatible
* fixed possible overflow issue in delay controller
* updated wasm-client to be compatible with the current network
* applied same logic to mixfetch client
* removed dead imports
* updated versions
* tcp conn tracker
* make default decay const
* first pass connpool
* err handling conpool start
* added notes for next features
* first version working
* first pass spin out client_pool
* cancel token
* logging change
* bump default decay time
* bugfix: make sure to apply gateway score filtering when choosing initial node
* add duplicate packets received to troubleshooting
* client_pool.rs mod
* client pool example
* clippy
* client pool example done
* added disconnect to client pool
* update mod file
* add cancel token disconnect fn
* comments
* comments
* add clone
* added disconnect thread
* update example files tcpproxy
* client pool docs
* remove comments for future ffi push + lower default pool size from 4 to 2
* comment on ffi
* update command help
* clone impl
* remove clone
* fix clippy
* fix clippy again
* fix test
* tweaked text grammar
* updated comment in example
* future is now
* cherry
* cherry
* fix borked rebase
* fix fmt
* wasm fix
---------
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* add timestamp to stored client messages
* removed dead code
* starting node task to remove old messages
* added log for number of removed messages
* debug log on task finishing
* Use expect in geodata test to give error message on failure
I keep hitting this error on CI, from what I think is network hickup.
But it's hard to tell form the log since the error is swallowed.
Explicitly unwrap the result so we get a more detailed error output
* Add nym-node-status-api to ci-build
* fixed bearer auth for prometheus route
* basic prometheus metrics
* added rates on global values
* improved structure on the prometheus metrics
* added additional metrics for ingress websockets and egress mixnet connections
* some channel business metrics
* fixed metrics registration and added additional variants
* added counter for number of disk persisted packets
* counter for pending egress packets
* counter for pending egress forward packets
* clippy
* fixed bearer auth for prometheus route
* basic prometheus metrics
* added rates on global values
* improved structure on the prometheus metrics
* added additional metrics for ingress websockets and egress mixnet connections
* some channel business metrics
* fixed metrics registration and added additional variants
* added counter for number of disk persisted packets
* counter for pending egress packets
* counter for pending egress forward packets
* clippy
* + add header into Packet Mixing docs
* + add head changes for testing
* / updated version of metatags in theme.config
* + add env file
* / theme.config to use NEXT_PUBLIC_SITE_URL from env file
* @ Fix broken link in theme.config
* - remove favicon code
* + add desription for intro pages
* first pass redoc apis
* new landing + component update
* added intro
* new structure
* link list
* add sandbox sdk
* remove theme colours
* revert credit to ticket & ticketbook and actually get all the instances to replace
* Max/zknym doc tweak (#5223)
* revert credit to ticket & ticketbook
* revert credit to ticket & ticketbook and actually get all the instances to replace
* theme tweak to widen text area
* theme redoc component
* tweak padding topbar
* modified socks5 page to be in line with websocket client
* modify h size of autodoc generated command info
* tweak script to build from master
* add autodoc to workspace
* auto commit generated command files
* clean autodoc-generated-markdown in script
* auto commit generated command files
* tweak works
* clippy
* fix borked toml from cherrypick
* remove rm command
* auto commit generated command files
* blow away images
* auto commit generated command files
* remove redoc for nymapi for the moment but retain everything else
* fix double paste
* temp remove sandbox
* wip
* changed minor/patch weights and introduced full release chain history for more accurate calculations
* clippy
* updated contract schema
* added nym-api endpoint for current rewarded set nodes
* added nym-api endpoint for internal config score data
* guard mixnet contract against decreasing semver
* fixed config score calculation if there are skipped versions
* removed mnemonic from gateway config struct
scaffolding for common mixnet listener
running verloc unconditionally in a nym-node
remove filtering by mixnode
extracted verloc to separate crate
integrated nym-node-http-server more tightly with the binary
most logic for handling forward packets
running all mixnode-related tasks natively inside nymnode
removed gateway storage trait in favour of the only concrete implementation
most logic for handling final hop packets
using nym-node owned socket listener for gateways
utility for sending plain message through mixnet + gateway fix
using common packet forwarding in both modes
nifying nym-node metrics
reproduce behaviour of the console logger
cleaned up cli args
redesigned gateway tasks startup procedure
removing dead code
scaffolding for old config v6
config migration
implemented MixnetMetricsCleaner
* clippy
* require entry/exit for wireguard
* removed dead code in migration code
* updated config template
* use custom user agent for verloc queries
* fixed premature shutdown of gateway tasks
* hidden nym-api flag to allow illegal node ips
* experiment: final hop handing with wireguard
* added additional startup logs
* typo
* fixed legacy stats endpoint data
* additional logs
* apply review comments
* fixed local testnet manager
* ignore legacy nodes for test route selection and bias selection with existing score
* feature: dont keep persistent GatewayClient inside NMv1 (#5211)
* removed overly complex logic for requesting mutex permits for packet processing
* dont keep persistent gateway connections. instead make them on demand
* clippy
* explorer-api: add nym node endpoints + UI to show nym-nodes and account balances
* explorer-api: add endpoints to get operator rewards
explorer-ui: show delegations on nym-nodes, show operator rewards, bug fixes
* explorer-ui: change summary screen to only show nym-node stats
* explorer-api: add unstable routes to get legacy mixnodes and gateways from the contract instead of the Nym API
explorer-ui: adapt front-end to show less information in legacy nodes with plain bond types
* explorer-ui: fix up source of legacy mixnode data
* explorer-ui: add more account page null and undefined checks
* explorer-ui: filter out null gateway versions
* explorer-ui: sanitise gateway versions
* explorer-ui: add more guards on the balance parts to check that greater than 0
* explorer-api: make /tmp/unstable/gateways endpoint compatible with the current Harbour Master API
* explorer-ui: fix typo
* cargo fmt
* Add node-id, total stake and links to nodes list
---------
Co-authored-by: Mark Sinclair <mmsinclair@users.noreply.github.com>
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
* using common middleware for all http servers
* improved span handling in credential-proxy
* ensure increase in sequence number upon making deposit
* added explicit connect options for the db
* fixed further instances of incorrect span instrumentation
* batch deposit requests together to improve concurrency
* ignore cancelled requests
* updated credential proxy version to 0.1.4
* adjusted Dockerfile with new binary location
* log binary version on startup
* reduce default log level
* guard against unavaiable commit sha
* apply review comments: dont exit(0), instead just shutdown normally
* add skip_webhook parameter to obtain-async
* removing dead code
* Move monitor code to a struct
- to store state in a struct
* explorer deprecation wip
* Replace explorer with ipinfo calls
* PR feedback
* Fix clippy
* Bump package version
* Remove ipinfo crate due to openssl dep
* Add remaining bandwidth log
- improved iptables management: apply_iptables_rules and apply_iptables_rules_wg now automatically remove duplicate rules before reapplying them, ensuring a clean setup without disrupting iptables
- consolidated joke feature: unified the "joke through the mixnet" logic into a generic function, allowing it to work seamlessly across any specified interface
- enhanced tunnel checks: added check_nym_wg_tun alongside check_nymtun_iptables, making it easier to verify the state of both tunnels
- reduced error-prone behavior: simplified workflows to avoid issues caused by running commands multiple times
how to use:
1. download the script and make it executable:
curl -L -o network_tunnel_manager.sh https://raw.download.github.of.this.file && chmod u+x network_tunnel_manager.sh
2. run the following commands as needed:
- apply_iptables_rules: apply and clean iptables rules for nymtun0
- apply_iptables_rules_wg: apply and clean iptables rules for nymwg
- check_ipv6_ipv4_forwarding: verify if ipv4 and ipv6 forwarding are enabled
- check_ip_routing: display the current ipv4 and ipv6 routing tables
tldr:
- improved iptables handling to avoid duplicates
- unified functionality for better maintainability
- reduced potential errors when rerunning commands
* fixed signer related endpoints
* fixed aggregation of partial data if the api is not a signer
* fixes to swagger docs for global ecash endpoints
* remove unused axum_macros
* fixed test traits
* added statement logging to nym-api db
* adding additional pool options
* dont blow up upon failing to submit network monitor results
* store in-memory cache of node database ids
* feat: add env vars to NNM
* update version to testfran
* add ip and port for locust connection as variables
* bump version
* bump version, fix env variable names
* bump version to correct one
* Agents authenticate with NSAPI
* /submit with better auth
- also adjust agent run script to authenticate, even in parallel
* /request better authentication
- moved agent API calls to Client struct
* Replay protection
* Fix testrun cleanup bug
- introduce a new column last_assigned which is different than
created_at so that stale testruns get cleaned up based on
last_assigned
- created_at is still useful for determining the "oldest" testrun
to be picked up
* Uniform request authentication
* Suppress ts-rs serde warnings
* Update cargo version
* All agents use the same key
- remove assigned_agent column
- remove logic which would stop agents with
the same key to connect
- as a safety measure, add cap to total no. of agents
* fixed pagination for querying for validators
* wip: decoupling block signing from ticketbook issuance
* added ecash contract query for latest deposit
* parking the branch: wrappers for merkle tree for issued ticketbooks
* make nym-api store merkle trees of issued ticketbooks
* nym-api route for returning all deposits alongside merkle root
* return index alongside deposit id
* persisting merkle index alongside issued ticketbook details
* wip
* responses for issued deposit challenges
* nym-api cleanup
* verification of issued partial ticketbooks
* cleanup of rewarder code
* make the rest of codebase compile
* updated config file
* improved logging
* fixed division by zero if there were no ticketbooks issued in a day
* using correct budget when rewarding operators
* fixed routes for issued data
* fixed ecash test fixture
* fixed incorrect deserialisation of expiration_date param
* additional bugfixes for ticketbook issuance
* more fixes and updated tests
* fixed formatting after rebasing
* updated schema
* fixed edge case unit test
* added config-score related parameters to the mixnet contract
* weaved in described_cache into NodeStatusCacheRefresher
* adding config score annotation
* using new updated performance for updating rewarded set
* using new values for rewarding
* clippy
* updated contract schema
* wallet fixes
* fixed wasm build
* add stats_reporting_config in config and env var
* fix serializazion issue
* remove duplicate stats reporting config
* cargo toml cleanup
* more cleanup
* draft of wasm sdk for stats reporting
* fix wasm sdk?
* again
* make stats sending possible from outside the sdk
* make sure stats_id from client and gateway reported ared different
* draft of client data collection
* refactor gateway stats collection to fit client stats collection in same common crate
* moved client stats event and reporter to common crate
* basic os reporting
* add stats reporting address in sdk
* integrate stats scaffolding changes
* remove tokio spawn to potentially accomodate wasm32
* fmt
* fix typo
* add client_stats_id
* unify stats reporting
* avoid shutdown handle drop
* add client_type to stats reporting
* better way to build statsReportingconfig
* disarm shutdown on sink
* remove sink reporter and env dev-dependency
* cherrypick from jon/send-packet-stats
* uncoditionally start controller + licensing
* improve ClientStatsReport serialization
* better time handling
* reintroduce proper local reporting
* Let task wait for shutdown when exiting
* Log tweak
---------
Co-authored-by: jmwample <jmwample@users.noreply.github.com>
Co-authored-by: Jon Häggblad <jon.haggblad@gmail.com>
* Add ipv6 in configs
* Make v4 latest
* Fix linux
* IPv6 prefix in config
* Fix template of private ip
* Fix clippy
* Fix v6 cidr
* Move from 2001:db8::/32 to fc00::/7 addresses
* Fix version number on conversion
* feat: add functionality to specify a git_ref for gateway probe when building node status agent
* remove mac specifics
* fix: remove unused part of code, add gateway probe git ref to tag name
* fix: add cleaning gateway probe git ref
* fix: incorrect bash
* fix: incorrect output name
* workflow fix
* introduced nym-api endpoint for force refreshing described node data
* client code + updated return types
* nym-node to update self-described data cache on startup + change request type
* send request to all available nym-apis
* fixed 'is_stale' check
* add new redirect
* add new redirect fix
* add new redirect fix
* try remove prepend from redirects
* more tweaks config redirects
* new tweaks
* move root redirect to bottom
* tweak
* tweak
* test the difference in config
* correct all redirects based on testing - ready to review
* adding one more redirect
---------
Co-authored-by: import this <97586125+serinko@users.noreply.github.com>
* started todo list for rework
* startd long todo list
* startd long todo list
* remove ts docs from ts sdk dir
* started new docs draft
* rearranged code example dir structure
* modified code component filepaths
* first pass rust sdk
* small shift typescript org
* updated todo list
* consolidating images folders in one place
* first pass @ operator docs
* gen updates
* sdk in its own dir
* first pass developers structure
* first pass network structure
* structure
* add licensing
* moved old docs -> old_docs dir for clarity when devving
* moving around new docs - think this is the final dir structure
* updated todo list
* new autodoc version (#4781)
* Update rework_todo.md
* quick first sketch of landing page
* rework of structure of developers
* added arch and concepts stubs
* add new bits to todo list
* new list
* tweak to overview
* mixnet node overview
* tweak overview
* first pass new arch
* first pass concepts
* first pass traffic
* more network docs
* moved some chain files to the dev portal stubs
* removed old reference to archive
* note to client
* concepts 2nd pass
* crypto first proper pass, sphinx
* stub for not p2p
* structure change
* traffic 2nd pass
* misc
* hid root index
* overhaul arch
* overhaul arch
* add links + tweaks
* update todo list
* updating nyx section
* added zknym docs
* added zknym docs
* note on where to find deployed info
* smart contracts done
* started moving integrations docs over from ts sdk
* pass @ integration page
* todo for the tldr overview
* added ffi stub files
* updated todo list
* move sdks to developers
* initial pass at new clients overview for developers
* rework intro
* add echo serv to tools
* sidebar autocollapse
* integration overview work + tools
* concepts overview for devporta
* stub
* more for networking pages
* added to concepts in dev portal
* updated arch
* crypto overview page
* typo fix
* add credential stub
* first pass concepts done
* start reorg of rust sdk docs
* reorg + added FFI table
* added no scroll to inline code
* finished ffi overview page
* first pass @ rest of rust sdk doc
* first pass ffi
* tweaks
* added testnet example + note to custom topology example overview
* stripped unnecessary stuff from TS
* tweaks to ffi
* updated faq
* first pass tcpproxy
* commit before moving image dir
* moved images/ to correct place
* started on client redo
* chain first pass
* moved cli wallet out of tools
* first pass new ws client
* new chain info, left todo links in
* links
* more links
* chain registry
* added echo server to tools
* rust sdk links
* ts sdk links
* final linkchecks
* redo acks diagram as mermaid
* add mermaid flow diagram
* added links for codecs + full flow diagram
* removed todo
* remove forced dark mode
* diagram + concepts overview
* small correction re tcpproxy ffi
* remove diagram title
* new sock5 diagram, minor client docs tweaks
* diagrams
* change order in list
* added note for standalone: can be accessed via sdk
* tweaks
* replaced old diagram with mermaid
* fixed link
* hardcoded import version for the moment
* update deps
* remove test component
* recreated tools dir
* remove tools dir moved to wrong palce
* prebuild and predev script for autodoc commands
* make script own command instead of prebuild
* made code blocks sh
* updated autogenerated docs
* temp
* auto commit generated command files
* add link to autodoc generated files
* updated autodoc for committing changing else exit
* auto commit generated command files
* updated readme
* make subcommand headers smaller
* removed mdbook related scripts
* update readme
* update readme
* removed backups of root meta.json
* cherry pick yana commits + some extra config in theme
* update readme
* update theme: width of page and padding
* some more themeing
* changed erroneous note
* docs redirects first pass
* tweaking
* new pages + rest of redirects for old docs/
* brought in archive + done rewrites for devportal
* cherry pick yana landingpage
* tweaked landing page component
* changed theme of mermaid diagram to match everything else
* updated todo list
* [DOCs]: Operators rework to next.js (#4930)
* initialise operators guides v2
* new introduction page
* add variables csv and page
* add baseurl to allow short path
* add sandbox page
* added building from source page
* add binary pages
* add preliminary steps
* clean preliminary steps dir
* syntax edit
* syntax edit
* add configuration page
* create new proxy configuration page
* create new proxy configuration page
* create bonding.mdx page
* correct images path
* syntax edit
* add new validator setup page
* add api setup page
* add nyx configuration page
* add nym node and maintenance pages
* finish maintenance and add nymvisor conf page
* add manual upgrade page
* add nymvisor upgrade page
* add performance testing page and dir
* add node api check page
* add explore nym scripts page
* add testing pages
* fix menu issue by moving snippets to coomponents
* add all troubleshooting pages
* add general faq page
* add nym node faq page
* add nyx faq page
* revamp legal forum to community counsel and add all pages
* rewire relative paths to new structure
* simplify setup and remove lock file
* syntax fix
* rm package.json
* re add package.json, rm package-lock.json
* removed old books from commit
* address review comments
---------
Co-authored-by: mfahampshire <maxhampshire@pm.me>
Co-authored-by: mx <33262279+mfahampshire@users.noreply.github.com>
* tweak client links
* also moved matrix images to correct place
* Max/fix links new docs framework (#4989)
* tweak client links
* standardise images in public/
* old images move to public/archive
* rename overview to more descriptive
* links (#4990)
* links
* removed todos
* updated todo list
* minor themeing
* operator redirects
* pick yana's edits: remove specified callout theming
* added todo comments for old ts sdk redirects
* [new/docs/operators]: Create archive section - PR ready to merge (#5004)
* [new-docs/operators] : Fix callout syntax (#5006)
* fix callout syntax from color to type
* correct callout from danger to warning
* update footer
* updated footer
* finalised rewrites
* tweaks to clients and reintroduced old examples page
* update todo
* Max/individual command autodocs (#5015)
* auto commit generated command files
* added to autodoc.sh: build all binaries before running
* autodoc move individual command outputs to components
* Max/individual command autodocs (#5018)
* updated autodoc script
* updated autodoc script for fix + reintroduced gitignore file for generated markdown
* auto commit generated command files
* auto commit generated command files
* added command-outputs to autodoc script
* fix merge conflicts
* repush components
* remove old docs dirs
* auto commit generated command files
* auto commit generated command files
* updated messages paradigm with the standalone proxies
* [NEW-DOCs/operators]: Command output, accordion, api scraping & all final tasks (#5026)
* add custom scripts, create prebuild to import data to pages
* update after latest prebuild
* auto commit generated command files
* add accordion component
* add changbelog page
* add node_api_check outputs
* finish all command outputs
* more accordions beautifications
* finish accordion
* PR ready to go
* address review comments
---------
Co-authored-by: mfahampshire <maxhampshire@pm.me>
* Adjust padding
* Fix responsive design
* cherry pick yana landingpage flex update
* reremove old docs
* added dependencies to readme
* pushing build attempt changes
* fix merge errors, path errors, dump uselss dinosaurs - BUILT THE F*N DOCS w success
* moved prebuild to its own script
* generate timenow
* auto commit generated command files
* remove comment
* auto commit generated command files
* auto commit generated command files
* auto commit generated command files
* build from new configs
* add mdx type as explicit dep
* remove rc from version in package
* change predev script
* update readme with scripts
* update general info
* add license
* auto commit generated command files
* add updated components
* removed old examples page for the moment
* remove old list will reintroduce hidden behind gitignore for future
* reintroduce todo list behind gitignore
* added standalone tcpproxy binary info
* nothing change for redeploy test
* make build standalone
* updated readme
* working on new cd
* remove export
* updated ci/cd for docs
* added ci script for dist
* hide text on laptop wide screen
* add pnpm to ci/cd
* add pnpm version to ci/cd
* add default dir to ci/cd
* change path to script
* update projct name ci
* lint ci branch ignore
* add basePath to next.config.js
* update doc rewrites
* revert basePath addition
* update basePath
* add mobile styles
* fix responsive style
* remove old ts sdk docs workflow
* temp remove autodoc from workspace
* update sidebar for clarity: crypto = cryptography
* ignore documentation in pr-validation workflow
---------
Co-authored-by: Yana <yanok87@users.noreply.github.com>
Co-authored-by: import this <97586125+serinko@users.noreply.github.com>
Co-authored-by: fmtabbara <fmtabbara@hotmail.co.uk>
description:"Rehearse the publish (pnpm publish --dry-run, no tarballs uploaded). Untick to publish for real."
type:boolean
default:true
dist_tag:
description:"Tag mode. 'auto' picks per package: new packages and same-major releases -> latest; a breaking major (e.g. mix-fetch v2 over v1) -> next, promote later with `npm dist-tag add`. 'next'/'latest' force that tag on all four."
type:choice
options:
- auto
- next
- latest
default:auto
jobs:
publish:
runs-on:arc-ubuntu-20.04
runs-on:ubuntu-latest
steps:
- uses:actions/checkout@v4
- uses:actions/checkout@v6
- name:Setup pnpm
uses:pnpm/action-setup@v5.0.0
with:
version:11.1.2
- name:Install Node
uses:actions/setup-node@v4
with:
node-version:18
node-version:24
registry-url:"https://registry.npmjs.org"
- name:Setup yarn
run:npm install -g yarn
- name:Install Rust stable
- name:Install rust toolchain
uses:actions-rs/toolchain@v1
with:
toolchain:stable
profile:minimal
toolchain:${{ vars.REQUIRED_RUSTC_VERSION }}
override:true
components:rustfmt, clippy
- name:Install wasm-pack
run:curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
Notifications are run by adding the snippet above to a GitHub Action, and:
1. Installing node packages needed at run time
2. Set the env vars as required:
-`NYM_NOTIFICATION_KIND` matches the directory in `.github/workflows/support-files/${NYM_NOTIFICATION_KIND}` to provide the templates and extra scripting in `index.js`
- Matrix credentials, room and other env vars for the status of the build and repo
3. Replacing the default entry point shell script on the `keybaseio/client:stable-node` docker image to run `.github/workflows/support-files/notifications/entry_point.sh`
These scripts send CI notifications to Matrix by creating messages from templates and env vars passed from GitHub
Actions.
### Running locally
You will need:
- Node 16 LTS
- npm
Copy `.github/workflows/support-files/.env.example` to `.github/workflows/support-files/.env` and valid Matrix credentials.
Copy `.github/workflows/support-files/.env.example` to `.github/workflows/support-files/.env` and valid Matrix
credentials.
Then run `npm install` to get dependencies.
Start development mode for the notification type you want either by passing the value as an env var called`NYM_NOTIFICATION_KIND` or set the `.env` file values correctly.
Start development mode for the notification type you want either by passing the value as an env var called
`NYM_NOTIFICATION_KIND` or set the `.env` file values correctly.
# we don't care about particular versions - just pull whatever is used by sphinx
lioness="*"
arrayref="*"
# libcrux
libcrux-kem="0.0.7"
libcrux-ecdh="0.0.6"
libcrux-curve25519="0.0.6"
libcrux-chacha20poly1305="0.0.7"
libcrux-psq="0.0.8"
libcrux-ml-kem="0.0.8"
libcrux-sha3="0.0.8"
libcrux-traits="0.0.6"
# Workspace dep definitions required by crates.io publication - we need a workspace version since `cargo workspaces` doesn't work with path imports from crate manifests
cosmrs={git="https://github.com/cosmos/cosmos-rust",rev="4b1332e6d8258ac845cef71589c8d362a669675a"}# unfortuntely we need a fork by yours truly to get the staking support
tendermint="0.37.0"# same version as used by cosmrs
tendermint-rpc="0.37.0"# same version as used by cosmrs
prost={version="0.12",default-features=false}
cosmrs={version="0.22.0"}
cosmos-sdk-proto={version="0.27.0"}
ibc-proto={version="0.52.0"}
tendermint="0.40.4"
tendermint-rpc="0.40.4"
prost={version="0.13",default-features=false}
# wasm-related dependencies
gloo-utils="0.2.0"
gloo-net="0.5.0"
gloo-net="0.6.0"
gloo-timers="0.3.0"
# use a separate branch due to feature unification failures
# this is blocked until the upstream removes outdates `wasm_bindgen` feature usage
@@ -13,7 +13,8 @@ The platform is composed of multiple Rust crates. Top-level executable binary cr
*`nym-client` - an executable which you can build into your own applications. Use it for interacting with Nym nodes.
*`nym-socks5-client` - a Socks5 proxy you can run on your machine and use with existing applications.
*`nym-explorer` - a (projected) block explorer and (existing) mixnet viewer.
*`nym-wallet` - a desktop wallet implemented using the [Tauri](https://tauri.studio/en/docs/about/intro) framework.
*`nym-wallet` - a desktop wallet implemented using the [Tauri](https://tauri.app)) framework.
*`nym-cli` - a tool for interacting with the network from the CLI.
<!-- coming soon
*`nym-network-monitor` - sends packets through the full system to check that they are working as expected, and stores node uptime histories as the basis of a rewards system ("mixmining" or "proof-of-mixing").
> This project integrates with the Midnight Network
### Building
* Platform build instructions are available on Nym [Operators Guide documentation](https://nymtech.net/operators/binaries/building-nym.html).
* Wallet build instructions are available on Nym [Technical docs](https://nymtech.net/docs/wallet/desktop-wallet.html).
* Wallet build instructions are available [here](https://github.com/nymtech/nym/tree/master/nym-wallet#installation-prerequisites---linux--mac).
### Developing
There's a [`sandbox.env`](https://github.com/nymtech/nym/envs/sandbox.env) file provided which you can rename to `.env` if you want convenient testing environment. Read more about sandbox environment in our [Operators Guide page](https://nymtech.net/operators/sandbox.html).
The fingerprint of the key is on the second line above.
If you need to chat __urgently__ to our team for a __critical__ security issue:
go to Matrix, and alert the core engineers with a private direct message:
Jedrzej Stuczynski @jstuczyn:nymtech.chat
Mark Sinclair @mark:nymtech.chat
Raphaël Walther @raphael:nymtech.chat
Please avoid opening public issues on GitHub that contain information about a potential security vulnerability as this makes it difficult to reduce the impact and harm of valid security issues.
If you don't know what Matrix is, you can follow this documentation to create an account on this federation of instant messaging servers:
[Matrix for Instant Messaging](https://matrix.org/docs/chat_basics/matrix-for-im/)
# Run this AFTER your distro has shipped the patched kernel.
# This playbook:
# 1. Updates the kernel via apt
# 2. Reboots and waits for reconnect
# 3. Verifies the running kernel is newer than the pre-patch version
# 4. Removes the interim module blacklists
# 5. Re-enables the affected modules live (no second reboot needed)
#
# Debian family only (Debian, Ubuntu). Tested on Debian 11, Debian 12, Ubuntu 20.04, 22.04, 24.04.
#
# For exit-gateway nodes with --wireguard-enabled true:
# After this playbook completes, run the networking restore step on each node via:
# ansible-playbook deploy.yml -t ntm
# See the CVE patch documentation for details.
- name:Remove CVE mitigations and apply patched kernel
hosts:all
become:true
tasks:
- name:Verify OS is Debian family
assert:
that:
- ansible_os_family == "Debian"
fail_msg:"This playbook supports Debian-family distros only (Debian, Ubuntu). For other distros, apply the kernel update and mitigation removal manually."
- name:Update apt cache
apt:
update_cache:true
cache_valid_time:0
- name:Upgrade kernel packages
apt:
upgrade:full
only_upgrade:false
register:apt_upgrade_result
- name:Record pre-reboot kernel version
command:uname -r
register:kernel_before
changed_when:false
- name:Reboot to load patched kernel
reboot:
msg:"Rebooting to apply patched kernel (CVE-2026-31431 / CVE-2026-43284 / CVE-2026-43500)"
reboot_timeout:300
pre_reboot_delay:5
post_reboot_delay:15
- name:Record post-reboot kernel version
command:uname -r
register:kernel_after
changed_when:false
- name:Show kernel versions before and after reboot
debug:
msg:
- "Kernel before reboot: {{ kernel_before.stdout }}"
- "Kernel after reboot: {{ kernel_after.stdout }}"
- name:Warn if kernel did not change after reboot
debug:
msg:>
WARNING: kernel version did not change after reboot ({{ kernel_after.stdout }}).
The patched kernel may not have been selected by GRUB, or no kernel update was available.
Do NOT remove the interim mitigations until you have confirmed the running kernel is patched.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.