Open
Conversation
Add descriptions for the `ai/` and `handbook/` directories in the docs README. Refine the CODEOWNERS pattern for security-reviews to be more specific, and fix the trailing slash formatting for consistency. Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* Update RewindFinalizedHeadBackward test to expect panic * Fix rewind test finalized block reference * Use error handling instead of panic
* mise: upgrade semgrep from 1.90.0 to 1.131.0 Semgrep 1.90.0 has a transitive dependency on opentelemetry-instrumentation which imports pkg_resources from setuptools. Python 3.12 does not include setuptools by default in venvs, so when the mise cache is invalidated (by any change to mise.toml), a fresh pipx install of semgrep 1.90.0 fails with: ModuleNotFoundError: No module named 'pkg_resources' This was reported as semgrep/semgrep#11069 and fixed in later versions. Upgrading to 1.131.0 resolves the issue. Co-Authored-By: Kelvin Fichter <kelvinfichter@gmail.com> * mise: upgrade semgrep from 1.131.0 to 1.137.0 v1.137.0 is the first version that actually bumps the opentelemetry packages (PR semgrep/semgrep#11180), fixing the pkg_resources ModuleNotFoundError on Python 3.12 without setuptools. Co-Authored-By: Kelvin Fichter <kelvinfichter@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Kelvin Fichter <kelvinfichter@gmail.com>
* chore(rust): merge all the rust workspaces * chore(ci): formatting, fixing dockerfile and ci * chore: more ci fixes * Update .circleci/continue/rust-ci.yml Co-authored-by: Sebastian Stammler <seb@oplabs.co> * Update .circleci/continue/rust-e2e.yml Co-authored-by: Sebastian Stammler <seb@oplabs.co> * Update .circleci/continue/rust-e2e.yml Co-authored-by: Sebastian Stammler <seb@oplabs.co> * chore: pr comments * nit: fix kona path in op-challenger * chore: fix prestate artifacts path --------- Co-authored-by: Sebastian Stammler <seb@oplabs.co>
#18866) * fix: alt da: handle no commitments case when finalized head is updated * add tests * update fix
…block (#19114) * Update L1 genesis handling for genesis L2 block Clarify that for the genesis L2 block, we always return L1 block 0 without relying on the original configuration's L1 genesis. This allows for more flexibility in dispute game scenarios involving earlier L1 blocks. * empty commit to trigger CI checks
…19136) The rust workspace unification moved op-alloy under rust/, but the semgrepignore pattern was not updated, causing semgrep to flag the mdbook theme's JavaScript try/catch blocks as Solidity violations. Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Kelvin Fichter <kelvinfichter@gmail.com>
The [alias] section in mise.toml has been deprecated in favor of [tool_alias]. This fixes the deprecation warning on mise startup.
* Merge main and acceptance-test workflows. Avoids performing duplicate work. * Switch where anchor references are defined.
* op-acceptor: Update to 3.8.3 * chore(op-acceptor): update to 3.8.3 --------- Co-authored-by: Stefano Charissis <stefano@oplabs.co>
Erroneous spacing lead to Error: bad file '.circleci/continue/rust-ci.yml': yaml: line 8: mapping values are not allowed in this context
…bled (#19138) * Add metrics recording before sending to throttling loop This means we can still track the metric when throttling is disabled. * Remove unnecessary conditional for throttling threshold if we can't send on the channel, we drop the update anyway * Add test for disabled throttling in op-batcher This commit adds a test case to verify the behavior of the batch submitter when throttling is disabled (LowerThreshold = 0). The test ensures that: - The throttling loop does not start - No throttle updates are sent to the endpoint - Unsafe data availability bytes metric is still recorded - The driver can process blocks and update metrics without running the throttling loop * Add test helper method to simulate block loading * dedupe test cases * Add comment explaining channel send behavior in sendToThrottlingLoop
Rename all pipeline parameters in CircleCI continuation configs (main.yml, rust-ci.yml, rust-e2e.yml) to use a `c-` prefix, eliminating naming overlap with the setup config (config.yml). This fixes the "Conflicting pipeline parameters" error that occurs when API-triggered pipelines (e.g. from opgitgovernance bot) pass non-default parameter values. The path-filtering mapping in config.yml bridges between the setup parameter names (used by API triggers) and the new continuation parameter names.
* op-supernode: Add block invalidation and deny list to chain container - Add DenyList using bbolt for persistent storage of invalid block hashes - Add InvalidateBlock method to ChainContainer interface - InvalidateBlock adds hash to denylist and triggers rewind if current block matches - Add IsDenied helper to check if a block is on the deny list - Add acceptance test skeleton for block replacement flow * op-supernode: Add unit tests for block invalidation - Add table-driven tests for DenyList (Add, Contains, Persistence, GetDeniedHashes) - Add tests for InvalidateBlock (rewind triggers, no-rewind cases, timestamp calculation) - Add tests for IsDenied helper - Fix OpenDenyList to create parent directories - Add InvalidateBlock/IsDenied stubs to mock ChainContainers in existing tests * Wire up block invalidation from interop activity to chain container When the interop activity detects an invalid executing message, it now calls InvalidateBlock on the chain container. This: 1. Adds the block to the chain's denylist (persisted via bbolt) 2. Checks if the chain is currently using that block 3. Triggers a rewind to the prior timestamp if so The acceptance test is renamed to TestSupernodeInteropInvalidMessageReset and temporarily skipped due to pre-existing logsDB consistency issues blocking interop progression. * Fix block invalidation: use eth.Unsafe label and improve test resilience - Use eth.Unsafe label in BlockAtTimestamp call (was using empty string) - Make acceptance test resilient to block not existing after rewind - Test now passes: detects reset when block 8 is rewound away * op-node: add SuperAuthority interface for payload denial Introduce SuperAuthority interface that allows external authority (like op-supernode) to deny payloads before they are inserted into the engine. - Define SuperAuthority interface in op-node/node/node.go with IsDenied method - Add SuperAuthority to InitializationOverrides for injection - Wire SuperAuthority through Driver to EngineController - Check IsDenied before NewPayload in payload_process.go - If denied during Holocene derivation, request deposits-only replacement - Update tests and op-program to pass nil for SuperAuthority * op-supernode: add ResetOn method to Activity interface Add ResetOn(chainID, timestamp) to Activity interface so activities can clean up cached state when a chain container rewinds. - Activity.ResetOn called by Supernode when any chain resets - Supernode.onChainReset distributes reset to all activities - Heartbeat and Superroot implement no-op ResetOn (no cached state) - Update test mocks to implement ResetOn * op-supernode: add SetResetCallback to ChainContainer Add reset callback mechanism to ChainContainer so it can notify the supernode when a chain rewinds due to block invalidation. - Add ResetCallback type and onReset field to simpleChainContainer - Add SetResetCallback to ChainContainer interface - Call onReset after successful RewindEngine in InvalidateBlock - Update test mocks to implement SetResetCallback * op-supernode: implement ResetOn in Interop activity When a chain rewinds, the Interop activity must clean up its cached state: - Rewind logsDB for the chain to before the reset timestamp - Rewind verifiedDB to remove entries at or after reset timestamp - Log error if verified results were deleted (unexpected) Also adds: - Rewind/Clear methods to LogsDB interface - RewindTo method to VerifiedDB - noopInvalidator for calling logsDB.Rewind - Update test mocks for new interface methods * op-acceptance-tests: add replacement block assertions Add assertions to verify block replacement behavior: - Replacement block hash differs from invalid block hash - Invalid transaction is NOT present in replacement block These checks confirm the deposits-only replacement mechanism works correctly after an invalid executing message is detected. * fill in missing unit tests Add comprehensive unit tests for block invalidation sub-features: - TestDenyList_ConcurrentAccess: Verify concurrent Add/Contains operations - TestInvalidateBlock: Test invalidateBlock wiring from Interop to ChainContainer - TestResetOn: Test Interop activity reset behavior on chain rewind - TestVerifiedDB_RewindTo: Test VerifiedDB rewind functionality - TestSuperAuthority_*: Test payload denial in op-node engine controller Also includes BlockInvalidation_Feature.md diary documenting all sub-features. * address review feedback: genesis block guard and docs - Add guard check rejecting InvalidateBlock for height=0 (genesis block) - Document SetResetCallback must only be called during initialization - Add test case for genesis block invalidation error * op-acceptance-tests: rename halt package to reorg, consolidate tests - Rename halt/ package to reorg/ (reflects actual behavior) - Move invalid_message_replacement_test.go into reorg package - Delete obsolete invalid_message_halt_test.go (superseded by reorg test) The halt test tested old behavior where invalid messages caused the chain to halt. With block invalidation, the chain now rewinds and replaces the invalid block with a deposits-only block. * sub-feature 6: interop test control (PauseInterop/ResumeInterop) Add test-only control methods for the interop activity to support precise timing control in acceptance tests. Specification: - PauseInterop(ts): When called, interop activity returns early when it would process the given timestamp, without making progress - ResumeInterop(): Clears the pause, allowing normal processing - Zero value indicates 'not paused' (always process all values) - Atomic read/write for concurrent safety Implementation layers: - Interop: pauseAtTimestamp atomic.Uint64 field + check in progressInterop() - Supernode: delegates to interop activity by type assertion - sysgo.SuperNode: exposes methods, delegates to supernode.Supernode - stack.InteropTestControl: interface defining the test control contract - Orchestrator: InteropTestControl(id) method to get control for a supernode - DSL Supernode: NewSupernodeWithTestControl() + wrapper methods - Preset: wires up test control in NewTwoL2SupernodeInterop() This enables acceptance tests to: sys.Supernode.PauseInterop(targetTimestamp + 1) // ... perform test setup ... sys.Supernode.ResumeInterop() * Updates from Self Review - Consolidate SuperAuthority interface to op-node/rollup/iface.go (remove duplicate definitions from node.go, engine_controller.go, resources/) - Move onReset callback invocation from InvalidateBlock to RewindEngine (fires on any engine reset, not just block invalidation) - Move helper methods (SetResetCallback, blockNumberToTimestamp, IsDenied) from invalidation.go to chain_container.go - Delete unused op-supernode/supernode/resources/super_authority.go * lint * datadir for unit tests * Add functions to DSL * PR comments: Rename Functions ; Remove non-holocene replacement logic * refactor: cleanup DSL, tests, and interop activity DSL changes: - Add TimestampForBlockNum helper to L2Network - Simplify SendInvalidExecMessage to just increment log index Test changes: - invalid_message_reorg_test: use TimestampForBlockNum, check eth.NotFound - Move SuperAuthority tests to super_authority_deny_test.go - Fix denied payload test to expect DepositsOnlyPayloadAttributesRequestEvent - Make denyBlock private in test mock Interop activity: - Extract resetLogsDB and resetVerifiedDB helper functions * Refacor Tests to Test Cases * Delete AI Diary * Final PR Comments * More tests to sub-cases
) The split preimage uploader previously chose the “large preimage proposal” path purely by preimage size. That path is keccak-only on-chain (it finalizes by writing a 0x02-prefixed key), so routing large sha256/blob/precompile preimages there could never satisfy the requested oracle key/offset. To fix this we update routing to only use the large uploader for non-local Keccak256KeyType preimages. Co-authored-by: inphi <mlaw2501@gmail.com>
#19173) * flaky test: add TestUnsafeChainNotStalling_DisabledReqRespSync to flake-shake * circleci: set DEBUG log.level for flake-shake
…nned tag (#19183) Now that kona lives in the monorepo, the prestate build no longer needs to clone the optimism repo at a pinned commit to build cannon. Instead, cannon is built from the local monorepo source via a Docker named build context, removing the cannon_tag config file and simplifying the build. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* proofs: port TestInteropFaultProofs action test to devstack * fix(kona/client): produce InvalidTransition when derivation falls short of target block * Update Makefile Co-authored-by: graphite-app[bot] <96075541+graphite-app[bot]@users.noreply.github.com> * fix makefile indent * revert Makefile changes * revert rust/kona/justfile changes --------- Co-authored-by: graphite-app[bot] <96075541+graphite-app[bot]@users.noreply.github.com>
* chore(rust): move docs to unified rust/docs/ directory * chore(rust): update repo links from alloy-rs/paradigmxyz to ethereum-optimism
* DSL: Coordinate Interop Activity Pause for Acceptance Testing * Refactor EnsureInteropPaused to simplify timestamp selection --------- Co-authored-by: geoknee <georgeknee@googlemail.com>
* feat: add ConditionalDeployer (#687) * feat: refactor l2cm conditional deployer predeploy and add L2CM dev flag (#836) * refactor: replace create2 deployer for arachnid * feat: add ConditionalDeployer as predeploy and add L2CM dev flag * fix: add pre-pr fix * fix: remove unnecessary auth in conditional deployer * feat: add custom error for deployment revert * test: add l2cm e2e apply test case * fix: conditional deployer tests and match style guide * fix: remove fork test * feat: add common test to cond deployer test * fix: follow constant style guide * fix: comments and add msg.value to ConditionalDeployer * fix: conditional deployer comment in apply test * fix: arachnid reference comment * fix: add msg.value to conditional deployer * fix: deterministic deployment proxy comment * fix: add code length check after deploy * fix: add code length check after deploy * fix: pre pr fix * refactor: remove useL2CM bool initialization * fix: make deploy non payable and add tests * fix: make deploy non payable * test: add missing getters test * fix: add missing natspec * feat: add todo issue for devfeatures cyclic import * chore: pre pr run * refactor: add returned address check in deploy * fix: use encodePacked for return address test * fix: unify getters in a single test contract * fix: variables naming and mutability * fix: remove underscore from local variable * fix: remove address payable from deterministicDeploymentProxy * refactor: rename dummy storage variable in test and add internal getExpectedImplementation helper --------- Co-authored-by: niha <205694301+0xniha@users.noreply.github.com> Co-authored-by: OneTony <onetony@defi.sucks> Co-authored-by: 0xOneTony <112496816+0xOneTony@users.noreply.github.com>
- Add tag classification to distinguish Rust crate groups from Docker-only groups - Add publish-crates CI job for crates.io publishing with dependency-ordered releases - Add op-reth Docker bake target and compute-git-versions entry - Add cargo-release configuration for alloy-op-hardforks and op-reth - Add .dockerignore for rust/ build context - Fix op-reth DockerfileOp manifest paths
kona-client is an FPVM guest program (#![no_std]) with no CLI argument handling. The `--version` smoke test doesn't apply to it. Fixes #19255
…8873) Introduce a unified Registry type that can replace the 14+ separate locks.RWMap instances in the Orchestrator. The Registry provides: - Single map storage keyed by ComponentID (from Phase 1) - Secondary indexes by ComponentKind and ChainID for efficient queries - Type-safe generic accessor functions (RegistryGet, RegistryGetByKind, etc.) - Thread-safe concurrent access via sync.RWMutex - Registrable interface for self-registering components Also adds HasChainID() helper to ComponentID to reduce code duplication. This is Phase 2 of the ID type system refactor. The Registry is designed to coexist with existing RWMap fields during incremental migration. Amendments: * op-devstack: avoid calling range callbacks under lock
…artifact output paths (#19251) Move kona-node, op-reth, and related docker image references from ghcr.io (op-rs/kona, paradigmxyz) to the oplabs-tools-artifacts GCP registry. Also fix the prestate build output directory to use an absolute path and update CI to write artifacts to a dedicated per-kind directory. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…19189) * Refactor Finalized Head Management in EngineController This commit updates the engine controller to introduce a more flexible finalized head management approach. Key changes include: - Introduce `FinalizedHead()` method to dynamically select finalized head - Deprecate direct `finalizedHead` field in favor of new method - Add support * add stubs * Implement FinalizedL2Head with cross-verifier consensus check * WIP * Update FinalizedL2Head method with improved fallback logic The changes modify the `FinalizedL2Head` method in multiple files to: - Introduce a second return value to signal when local finalized head should be used - Handle cases with no registered verifiers - Provide more detailed logging - Improve error handling for unfinalized verifier states * Refactor Interop Service Finalized L2 Block Tracking The commit introduces a robust implementation for tracking finalized L2 blocks in the Interop service. Key changes include: - Implement `LatestFinalizedL2Block` method with logic to find the latest verified L2 block based on the finalized L1 block - Add finalized L2 head tracking in `mockSuperAuthority` for testing - Expand test coverage for finalized head progression in `head_progression_test.go` * Rename Test to Better Describe Safe Head Progression * Add Safe and Finalized Head Progression Checks Extend head progression test to verify both safe and finalized block progression in the supernode interop scenario. Ensures that both safe and finalized heads stall when interop activity is paused and correctly catch * Update Supernode interop safe head progression test This commit enhances the `TestSupernodeInterop_SafeHeadProgression` test by adding an additional validation step. It now checks that the L1 origin of finalized L2 blocks is at or behind the L1 finalized head, providing an extra layer of sanity checking for cross-chain head progression. * Return to Genesis Block as Safe/Finalized Head Fallback This change modifies the `SafeL2Head()` and `FinalizedHead()` methods to return the genesis block when no safe or finalized head is yet established, instead of returning an empty `L2BlockRef`. The key changes are: - Fetch the genesis block from the engine when no safe/finalized head is available - Panic if the genesis block cannot be retrieved, as this represents a critical system failure * Add time travel to supernode interop tests * Update Interop verification to include L1 head context * Replace `L1Head` with `L1Inclusion` in interop functionality * lint * Add FinalizedHead tests to engine and supernode * engine-controller: update localFinalizedHead * Update SafeL2Head test to return genesis block with empty SuperAuthority * add comment * interop activity: expose VerifiedBlockAtL1 instead of LatestFinalizedL2Block the chain container calls this with the finalized l1 of its virtual node, in order to satisfy the FinalizedL2Head() API * interop algo: update result.L1Inclusion semantics the earliest L1 block such that all L2 blocks at the supplied timestamp were derived from a source at or before that L1 block * interop verification: return error when there are no chains add unit test coverage for the algo * remove unused fn * do not panic if we cannot get genesis block from engine * fix test * add comments * tidy
…anged transactions (#19030)
* ci: Switch auth used to publish kona prestates. * ci: Only publish kona prestates on push to develop, not scheduled builds.
The workflow used `or` logic, causing it to run on any scheduled pipeline with branch=develop or any webhook push to any branch. Change to `and` so it only fires on webhook pushes to develop. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…19275) * test(contracts): improve DelayedWETH test coverage with fuzz tests - Convert unlock tests to fuzz: testFuzz_unlock_once_succeeds, testFuzz_unlock_twice_succeeds - Convert withdraw success tests to fuzz: testFuzz_withdraw_whileUnlocked_succeeds, testFuzz_withdraw_withdrawFromWhileUnlocked_succeeds - Convert hold tests to fuzz: testFuzz_hold_byOwner_succeeds, testFuzz_hold_withoutAmount_succeeds, testFuzz_hold_byNonOwner_fails - Convert recover tests to fuzz: testFuzz_recover_byNonOwner_fails, testFuzz_recover_moreThanBalance_succeeds - Add testFuzz_recover_partialAmount_succeeds for _wad < balance branch - Add testFuzz_hold_withoutAmount_byNonOwner_fails for hold(address) non-owner access control - Add DelayedWETH_Version_Test with SemverComp.parse validation * fix(test): rename hold test to satisfy 4-part naming convention --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
kona-host is built in the kona-build-release job already.
* ci: disable incremental compilation and bump rust cache version - Set CARGO_INCREMENTAL=0 in rust-setup-env to disable incremental compilation for all Rust CI jobs, reducing cache size and improving reproducibility - Bump rust build cache version from 15 to 16 to invalidate stale caches - Use a YAML anchor in main.yml so the cache version only needs to be set once Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(ci): remove stale ci jobs * ci: pin nightly toolchain and add weekly bump job - Add c-rust-nightly-version pipeline parameter (pinned to nightly-2025-11-01) to prevent surprise breakages from transitive deps incompatible with the latest nightly (e.g. shellexpand-3.1.1) - Update rust-install-toolchain to link a pinned nightly as "nightly" so existing `cargo +nightly` commands keep working - Replace all hardcoded `toolchain_version: nightly` with the parameter - Add rust-bump-nightly-pin job that opens a PR each week bumping the pin to the latest available nightly - Add scheduled-rust-nightly-bump workflow triggering on build_weekly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…19254) * proofs: Port TestInteropFaultProofs_UnsafeProposal test to devstack * Fix unsafe proposal test to deterministically order safe heads
* feat: policy engine staking * feat: slots tests * fix: pre-pr * fix: linter * fix: linter * feat: inmutable contract * fix: check link to self * fix: natspec * fix: make * feat: improving code * feat: improving code * fix: lint * fix: comments * fix: comments * feat: improving tests * fix: linter * fix: linter * style: formatting * style: formatting * style: formatting * feat polish improvments and comments * feat: polish and comments * feat: sender and fuzz * fix: bugs and sender * fix: natspec * feat: policy engine refactor (#867) * feat: add V2 policy engine implementation * chore: undo foundry.toml modification * fix: stake function available if not allowlisted * refactor: rename PolicyEngineStakingV2 -> PolicyEngineStaking * refactor: remove stake function, add allowlist check when same beneficiary * refactor: make peData functions arg uint128 * chore: add comments * test: add fuzz testing * test: max approval on setup * refactor: remove helper function * chore: make link not puasable * feat: rename functions, add token to constructor * feat: add deployment script * fix: wrong foundry.toml * fix: pr (#868) * chore: make owner address public * refactor: rename data->stakingData * docs: natspec * refactor: improve checks * fix: pre-pr * fix: foundry.toml * fix: comments and link * chore: bump solidity version * feat: add named members in mapping * fix: revert contract creation on zero address * refactor: reduce parameters size * chore: undo unnecessary casting * fix: revert on same beneficiary linking * perf: optimize stake() sstores * feat: add transferOwnership * refactor: update stakedAmount after decrease * chore: make change beneficiary pausable * feat: unlink after allowance revoked * refactor: remove linking concept and use beneficiary instead * docs: improve natspec * test: stake() after being revoked reverts * feat: add ISemver * fix: conflicts * refactor: improve var naming * test: transferOwnership * refactor; vars naming * chore: improve comments * chore downgrade pragma * fix: pre-pr * fix: wrong foundry.toml * chore: improve comments * fix: ci failing * fix: pre-pr * fix: self allowlist * feat: disable self-allowlist * docs: improve natspec --------- Co-authored-by: Chiin <77933451+0xChin@users.noreply.github.com> Co-authored-by: 0xOneTony <112496816+0xOneTony@users.noreply.github.com> Co-authored-by: OneTony <onetony@defi.sucks>
* op-supernode: add TestCleanShutdown return from supernode.Start() function without waiting for the context to be cancelled * improve test * pass bg context to supernode start in test * mock runnable activity: calling stop causes start to return this mirrors the interop activity, for example * op-supernode: several improvements to lifecycle management * improve robustness of TestRunnableActivityGating since activities are started async and we don't have a way to wait on them, there is a race betwen start and stop in this test * reinstate fix
… 3) (#18874) Introduce L2ELCapable interface that captures shared behavior across L2ELNode, RollupBoostNode, and OPRBuilderNode without requiring them to share an ID() method signature. This enables polymorphic lookups where code can find any L2 EL-capable component by key+chainID, regardless of concrete type: sequencer, ok := FindL2ELCapableByKey(registry, "sequencer", chainID) Previously this required manual multi-registry lookups checking each type separately.
* feat: add Karst hard fork activation Adds the forking logic for the Karst network upgrade, following the same pattern as the Jovian activation (PR #13722). * feat: Update to op-geth with karst fork * fix: add Karst to genesis allocs, deploy config, and fork numbering Fixes interop test failures caused by Solidity Fork enum and Go SolidityForkNumber being out of sync after Karst addition. * fix: enable KarstTime in applyHardforks op-geth now includes KarstTime in HardforkConfig, so the TODO guard is no longer needed. * fix: add Karst to deploy config test fork overrides The fork ordering validation requires karst before interop. * fix: exclude Karst from upgrade-tx batch test Karst has no upgrade deposit transactions, so user txs in its activation block should not be rejected. * fix: add Karst to remaining e2e and op-wheel files Cover the remaining files that had Jovian entries but were missing Karst equivalents.
* ci: tag security oncall for contracts failures * fix: solidity interface mismatch * ci: fix store_test_results syntax for contracts jobs Use when: always directly on store_test_results steps instead of wrapping in a conditional block, and broaden path from results.xml to results dir. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(contracts): use correct Foundry env vars for fork RPC retries FORK_RETRIES and FORK_BACKOFF were never consumed by Foundry — the correct env var names are FOUNDRY_FORK_RETRIES and FOUNDRY_FORK_RETRY_BACKOFF. Without these, fork tests had no retry protection against RPC 429 rate limit errors, causing CI flakes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…e 4) (#18875) * op-devstack: add capability interfaces for polymorphic lookups (Phase 3) Introduce L2ELCapable interface that captures shared behavior across L2ELNode, RollupBoostNode, and OPRBuilderNode without requiring them to share an ID() method signature. This enables polymorphic lookups where code can find any L2 EL-capable component by key+chainID, regardless of concrete type: sequencer, ok := FindL2ELCapableByKey(registry, "sequencer", chainID) Previously this required manual multi-registry lookups checking each type separately. * refactor(op-devstack): migrate Orchestrator to unified Registry (Phase 4) Replace 15 separate locks.RWMap registry fields in Orchestrator with a single unified *stack.Registry. This completes the ID type system refactor by consolidating all component storage into one registry with secondary indexes for efficient lookups by kind and chainID. Key changes: - Remove l1ELs, l1CLs, l1Nets, l2ELs, l2CLs, l2Nets, batchers, proposers, challengers, rollupBoosts, oprbuilderNodes, supervisors, clusters, superchains, and faucets fields from Orchestrator - Add single registry *stack.Registry field - Update GetL2EL to use FindL2ELCapableByKey for polymorphic lookups - Update Hydrate to iterate by kind with explicit ordering - Update ControlPlane methods to use registry lookups - Migrate ~24 files to use registry.Register() and registry.Get() patterns - Change l2MetricsEndpoints from locks.RWMap to map with sync.RWMutex All 54 stack tests pass. * fix(op-devstack): address PR #18875 review feedback
* feat: l2cm impl l2contractsmanager (#837) * feat: add initial iteration of L2ContractsManager * feat: add network configuration structs * feat: load full config for L2ContractsManager * feat: implement L2CM::_apply * feat: add gas price oracle * refactor: move L2CM types to library * fix: upgrade ProxyAdmin predeploy * chore: enforce delegatecall for L2CM::upgrade * feat: add conditional upgrade for CGT * refactor: remove non-proxied predeploys * chore: renamed l2cm * refactor: l2cm address comments (#839) * refactor: rename _fullConfig to _loadFullConfig to match OPCM v2 * chore: remove non-proxied weth from implementations struct * test: add config preservation test * test: add CGT specific tests * refactor: avoid casting network config values to address * test: add test cases * chore: pr ready (#844) * chore: remove unnecesary casting on L2CM * feat: add interface for XForkL2ContractsManager * chore: add natspec to XForkL2ContractsManager * chore: pr ready * refactor: moves util functions out of L2CM implementation (#848) * feat: l2cm address comments (#850) * chore: add comment clarifying use `useCustomGasToken` * chore: upgrade both native native asset liquidity and liquidity controller predeploys together * feat: prohibit downgrading predeploy implementations * refactor: make isCustomGasToken part of the network full config * fix: add missing import * fix: use FeeVault legacy getters for backward compat * chore: update name XForkL2ContractsManager to L2ContractsManager * feat: conditionally skip some predeploys based on them being supported in a given chain (#857) * fix: l2cm address comments (#872) * chore: add todo tracking removal of L2ProxyAdmin skips * chore: add natspec comment for isPredeployNamespace * chore: use vm.prank(address,bool) to prank a delegatecall * chore: add todo for dev flags for CrossL2Inbox and L2ToL2CrossDomainMessenger * feat: allow immutables for L2CM in semgrep rules * chore: pr ready * test: L2CM verify testing (#874) * test: add coverage test for predeploy upgrades * chore: update test natspec * chore: just pr ready * chore: L2CM round comments (#877) * refactor: move helper function into Predeploys.s.sol * fix: add conditional deployer to L2CM * chore: update to l1block and l1blockCGT * test: fixes issue where OptimismSuperchainERC20 tests fail due to profile ambiguity * chore: just pr ready * chore: l2cm round comments2 (#883) * fix: move code length check out of isUpgradeable * chore: inline fullCofig_.isCustomGasToken initialization * chore: add public getters for the implementations on the L2CM * chore: remove XForkL2ContractsManager sol rule exclusion * test: add downgrade prevention test suite * chore: just pr ready * refactor: check for address 0 instead code length * Revert "refactor: check for address 0 instead code length" This reverts commit 1fa8694. * chore: remove non-needed check * chore: remove unused function in tests (#884) * refactor: l2cm group impls (#885) * refactor: remove individual getters in favor of a unified one * test: add test for getImplementations * test: add OZ v5 Initializable compatibility in L2ContractsManagerUtils (#887)
…19305) * add much logging * op-devstack/supernode: check Start error, and cancel Start context before calling Stop * devstack/supernode: eliminate duplicated lifecycle management * use interop name instead of reflection --------- Co-authored-by: Axel Kingsley <axel.kingsley@gmail.com>
…erop flag (#19302) * op-devstack: refactor genesis interop activation to use UseGenesisInterop flag Extracts genesis timestamp resolution out of WithSharedSupernodeCLsInterop and into withSharedSupernodeCLsImpl via a new UseGenesisInterop field on SupernodeConfig. Adds WithSupernodeInteropAtGenesis() option and threads snOpts through defaultSupernodeSuperProofsSystem so callers can pass supernode options independently of deployer options. Ported from #19242 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Skip failing test. * Move test that stops the batcher to its own package. * Skip one more test. --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(contracts-bedrock): resolve VerifyOPCM bytecode mismatch from compiler profile ambiguity When `additional_compiler_profiles` is configured in foundry.toml, contracts pulled into the dispute profile's compilation graph get compiled with both default (999999 optimizer runs) and dispute (5000 runs) profiles. PR #19111 added L2ProxyAdmin extending ProxyAdmin, which pulled ProxyAdmin (and transitively OptimismMintableERC20Factory) into the dispute profile graph. On CI (Linux), `vm.getCode("ProxyAdmin")` non-deterministically resolves to the dispute profile artifact (6149 bytes creation code), while VerifyOPCM reads the default profile artifact from disk (6751 bytes). This mismatch causes VerifyOPCM_Failed() across all chains and feature flags on CI, while passing locally on macOS where the resolution order differs. The fix adds `DeployUtils.getCode()` which constructs explicit artifact file paths (`forge-artifacts/<Name>.sol/<Name>.json`) to always resolve the default profile. All `vm.getCode()` callsites in scripts and tests are migrated to use this helper. A semgrep rule enforces this going forward. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(contracts-bedrock): add try/catch fallback and cicoverage gas test fix Add try/catch fallback to DeployUtils.getCode() so the Go script host (which doesn't support explicit artifact paths) gracefully falls back to vm.getCode(_name). Also add "/" passthrough for callers passing explicit paths. Fix L1ChugSplashProxy OOG gas test: under cicoverage, the now-correct default-profile proxy bytecode is larger, leaving insufficient retained gas (1/64 rule) for the require message. Use generic vm.expectRevert() for unoptimized profiles — the test still verifies the revert occurs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(contracts-bedrock): fix semgrep findings in DeployUtils and L1ChugSplashProxy Rename try/catch return variable to `code_` (trailing underscore convention) and add L1ChugSplashProxy.t.sol to expectrevert-no-args exclusion list since the bare vm.expectRevert() is intentional (OOG produces no revert data). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(contracts-bedrock): skip explicit artifact path under coverage Under coverage profiles, forge-artifacts/ contains the default profile's (optimized) artifacts, not the coverage profile's. Since coverage profiles have no additional_compiler_profiles, there is no profile ambiguity, so plain vm.getCode() resolves correctly. Skip the explicit artifact path under vm.isContext(Coverage) to avoid bytecode mismatches between artifact- loaded code and fresh compilation in tests (DeployFeesDepositor, DeployMIPS). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(contracts-bedrock): wrap isContext in try/catch for Go host compat The Go script host doesn't implement vm.isContext(), causing a revert that propagates up as an unrecognized selector error. Wrap the coverage detection in try/catch so the Go host silently falls through to the artifact-path resolution (which itself falls back to vm.getCode). Also adds a comment explaining why the catch block is intentionally empty. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* DSL: Coordinate Interop Activity Pause for Acceptance Testing * op-acceptance-tests: add same-timestamp invalid message tests Add acceptance tests for supernode interop that verify invalid same-timestamp executing messages are correctly detected and replaced. TestSupernodeSameTimestampInvalidExecMessage: - Chain A emits initiating message at timestamp T - Chain B executes that message at timestamp T (same timestamp - invalid) - Verifies Chain B's block is replaced with deposits-only block - Verifies Chain A's block (with valid init) is NOT replaced TestSupernodeSameTimestampInvalidTransitive: - Chain A: init(IA) + exec(IB) (valid reference to B's init) - Chain B: init(IB) + exec(IA) (invalid - bad log index) - Verifies transitive invalidation: B replaced first, then A replaced because B's init no longer exists after B was replaced These tests validate the strict timestamp checking and cascading invalidation behavior of the interop system. * Rename first test * interop: allow same-timestamp executing messages Subfeature 1 of Same-Timestamp Interop feature. Changes the timestamp validation to allow executing messages that reference initiating messages from the same timestamp. Previously, the check was >= which rejected same-timestamp messages. Now it uses > which only rejects future timestamps. - algo.go: Change timestamp check from >= to > in verifyExecutingMessage - algo_test.go: Add ValidBlocks/SameTimestampMessage test, rename TimestampViolation to FutureTimestamp for clarity - same_timestamp_invalid_test.go: Update expectations - same-timestamp messages are now valid and blocks are not replaced - SameTimestampInterop_Feature.md: Feature diary documenting the work * interop: add cycleVerifyFn field for same-timestamp verification Subfeature 2 of Same-Timestamp Interop feature. Adds the cycleVerifyFn field to the Interop struct. This function will be used to verify same-timestamp executing messages that may form circular dependencies between chains. The field starts as nil and will be set by the circular verification implementation (Subfeature 4). - interop.go: Add cycleVerifyFn field with documentation - interop_test.go: Add TestCycleVerifyFn test section verifying the field can be set, called, return invalid heads, and return errors * interop: route same-timestamp messages through cycleVerifyFn Subfeature 3 of Same-Timestamp Interop feature. Implements the routing logic for same-timestamp executing messages: - verifyExecutingMessage now returns ErrSameTimestamp sentinel when the initiating message timestamp equals the executing timestamp - verifyInteropMessages catches ErrSameTimestamp and tracks whether any chain has same-timestamp messages - After the main loop, if same-timestamp messages exist AND cycleVerifyFn is set, it calls cycleVerifyFn and merges any invalid heads into the result This allows same-timestamp messages to be verified by the cycle verification algorithm (to be implemented in Subfeature 4) rather than immediate validation. - algo.go: Add ErrSameTimestamp, modify verification flow - algo_test.go: Add CycleVerify/* tests for routing behavior * interop: add cycleVerifyFn for same-timestamp cycle verification Adds infrastructure for same-timestamp interop cycle verification: - Add cycleVerifyFn field to Interop struct, called after verifyFn in progressInterop with results merged (invalid heads combined) - Create circular.go with stub verifyCycleMessages implementation that returns a valid result (algorithm to be implemented) - Set cycleVerifyFn in New() - function is always set, not optional - Add TestProgressInteropWithCycleVerify test suite verifying: - Results from both verifyFn and cycleVerifyFn are merged - Errors from cycleVerifyFn propagate correctly - Invalid heads from both functions are combined This prepares the codebase for implementing the actual cycle verification algorithm that will resolve same-timestamp circular dependencies. * interop: implement cycle detection algorithm for same-timestamp messages - Add executingMessageBefore helper (finds latest EM with logIndex <= target) - Add buildCycleGraph to construct dependency graph from same-timestamp EMs - Implement verifyCycleMessages to orchestrate cycle detection - Add comprehensive tests for executingMessageBefore, buildCycleGraph, checkCycle Edges in dependency graph: - Intra-chain: each EM depends on previous EM on same chain - Cross-chain: each EM depends on executingMessageBefore(targetChain, refLogIdx) Cycle detection uses Kahn's topological sort algorithm. * acceptance: add cycle detection test and rename same_timestamp_test.go - Rename same_timestamp_invalid_test.go to same_timestamp_test.go (since same-ts is now valid) - Add TestSupernodeSameTimestampCycle: tests that mutual same-timestamp exec messages (A executes B, B executes A) are detected as a circular dependency and cause both blocks to be replaced - Update spec comment to document all three test scenarios * interop: add feature diary for same-timestamp interop Documents the implementation of same-timestamp interop verification: - Feature goals and breakdown into subfeatures - Development diary with entries for each implementation phase - Complete test coverage summary (30 unit tests, 3 acceptance tests) Key changes documented: - Relaxed timestamp check (>= → >) to allow same-timestamp messages - Added cycleVerifyFn for cycle detection - Implemented Kahn's topological sort for circular dependency detection - Added acceptance test for cycle detection causing reorgs * interop: only invalidate cycle participants, not bystanders Previously, when a cycle was detected, all chains with same-timestamp executing messages were marked as invalid. This was overly broad. Now, only chains with unresolved nodes after Kahn's algorithm are marked as invalid. Chains that have same-timestamp EMs but whose nodes all resolved (i.e., they weren't part of any cycle) are spared. - Add collectCycleParticipants helper to identify unresolved chains - Update verifyCycleMessages to use precise cycle participant set - Add TestVerifyCycleMessagesOnlyCycleParticipants test - Add TestCycleParticipants graph-level test * interop: rename circular.go to cycle.go Self-review cleanup: rename 'circular' to 'cycle' throughout: - circular.go -> cycle.go - circular_test.go -> cycle_test.go - Updated comments: 'circular dependency' -> 'cycle' - Updated Feature.md documentation references * interop: simplify cycle verification buildCycleGraph simplification: - Remove unused nodeByLocation map (dead code) - Remove intermediate logIndices extraction - Build nodes directly from map iteration - Sort with slices.SortFunc after building - Delete sortUint32s helper (replaced by stdlib) Remove cycleVerify knowledge from verifyInteropMessages: - verifyInteropMessages now has no knowledge of cycleVerify - cycleVerifyFn is called from progressInterop (not verifyInteropMessages) - Remove hasSameTimestampMessages tracking - Remove cycleVerifyFn call block - Delete 4 CycleVerify tests from algo_test.go (covered by interop_test.go) * interop: remove feature diary from PR Keep locally for reference but exclude from version control. * remove unrelated files from PR - reth submodule - superchain-registry submodule - SuperRootRefactor_Feature.md diary * tests: simplify same-timestamp interop tests cycle_test.go (692 → 536 lines, -23%): - Add helper functions: mutualCycle, triangleCycle, oneWayRef, mergeEMs - Merge TestCycleParticipants into TestBuildCycleGraph - Delete redundant TestVerifyCycleMessagesOnlyCycleParticipants - Use shared test constants (testChainA/B/C/D, testTS) same_timestamp_test.go (830 → 298 lines, -64%): - Extract sameTimestampHarness for common setup - Consolidate 3 tests using shared harness methods - Remove ~500 lines of duplicated setup code - Simplify helper functions Total reduction: 1522 → 834 lines (-45%) * interop: remove block comments from file headers * Human updates * remove test from other PR * Test Sequencer and DSL * lint * update from merge * address PR comments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.