Skip to content

feat(config): surface trust anchors; warn on a sub-activation --genesis (#107)#108

Merged
LiranCohen merged 1 commit into
mainfrom
fix/config-operator-visibility
Jun 8, 2026
Merged

feat(config): surface trust anchors; warn on a sub-activation --genesis (#107)#108
LiranCohen merged 1 commit into
mainfrom
fix/config-operator-visibility

Conversation

@LiranCohen

@LiranCohen LiranCohen commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Closes audit findings #25 and #38 (operator visibility in the config path).

  • feat(process): observer skips-and-records, never fail-stop (M4 U5) #25 — hidden trust anchors: ion-node config omitted MinChainWork (the eclipse/fake-chain floor markSynced enforces) and any augmenting --checkpoint. runConfig now prints minChainWork (or unset) and extraCheckpoint (or none).
  • feat(ion-wallet): submit funds from the keystore + full wallet e2e (U12) #38 — no genesis sanity check: buildConfig accepted any --genesis >= 0, so --network mainnet --genesis 0 silently scans ~667k pointless pre-ION blocks. config.ProfileGenesisHeight(network) exposes the per-network ION-activation default; buildConfig logs a WARN when the resolved genesis is below it. Warning, not error — a low genesis is wasteful, not incorrect; a higher-than-default genesis is fine (skips old DIDs).

Tests

TestProfileGenesisHeight (mainnet 667000, testnet 1764000, dev 0, unknown errors). go test -race ./... green (26 packages).

Post-Deploy Monitoring & Validation

  • What to watch: operators should run ion-node config and confirm minChainWork is the expected non-default floor and extraCheckpoint matches intent. A "genesis height is below the network's ION activation" WARN at boot flags a misconfigured --genesis.
  • Failure signal / trigger: the genesis WARN on a production node → fix --genesis (or remove it to use the profile default).
  • Window/owner: pre-launch config review.

Closes #107

🤖 Generated with Claude Code

@claude
feat(config): surface trust anchors; warn on a sub-activation --genes…
b26006f 
…is (#107)

Findings #25 and #38 (operator visibility).

#25: `ion-node config` omitted MinChainWork (the eclipse/fake-chain floor markSynced
enforces) and any augmenting --checkpoint, so an operator couldn't confirm the
security-critical config before launch. runConfig now prints minChainWork (or
"unset") and extraCheckpoint (or "none").

#38: buildConfig accepted any --genesis>=0 with no warning, so `--network mainnet
--genesis 0` silently scans ~667k pointless pre-ION blocks. config.ProfileGenesisHeight
exposes the per-network ION-activation default; buildConfig logs a WARN when the
resolved genesis is below it. Warning (not error): a low genesis is wasteful, not
incorrect; a higher-than-default genesis is fine (skips old DIDs).

Test: TestProfileGenesisHeight (mainnet 667000, testnet 1764000, dev 0, unknown
errors). go test -race ./... green.

Co-authored-by: Liran Cohen <liranlasvegas@gmail.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@LiranCohen LiranCohen merged commit 701d3ee into main Jun 8, 2026
1 check passed
@LiranCohen LiranCohen deleted the fix/config-operator-visibility branch June 8, 2026 03:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

config: hides trust anchors (min-chain-work/checkpoint); accepts a sub-activation --genesis with no warning

1 participant

@LiranCohen