Skip to content

feat: Ironwood support#4

Draft
dorianvp wants to merge 435 commits into
mainfrom
feat/ironwood
Draft

feat: Ironwood support#4
dorianvp wants to merge 435 commits into
mainfrom
feat/ironwood

Conversation

@dorianvp

@dorianvp dorianvp commented Jun 30, 2026

Copy link
Copy Markdown
Member

This branch tracks the ironwood-main branch from https://github.com/valargroup/zebra.

upbqdn and others added 30 commits April 11, 2026 16:05
Add RocksDB dependency and dynamic linking

Include librocksdb-dev in the setup-zebra-build action and in the
Dockerfile, and define ROCKSDB_LIB_DIR to enable dynamic linking,
reducing build time.
ZcashFoundation#10474)

* fix(ci): rewrite checkpoint artifact upload to scp a pre-captured file

PR ZcashFoundation#10459 introduced an upload-checkpoint-artifact job that rediscovers
the test container with `docker ps -a --filter name=${TEST_ID}` and
greps HEIGHT HASH lines out of `docker logs`. Every run since the merge
has reported "Extracted 0 checkpoint lines" because the filter does not
match the `klt-` prefixed container name injected by Container-Optimized
OS, and the anchored regex is brittle against nextest output wrapping.

Capture the lines during the test-result job while the correct container
ID is still in `steps.find-container.outputs.CONTAINER_ID`, save them to
`/tmp/checkpoints.txt` on the instance, and retrieve them with a single
`gcloud compute scp` in the upload job. The container-lookup step is
gone and the grep runs with `-oE` so it tolerates nextest prefixes.

* fix(ci): drop --ssh-flag from gcloud compute scp invocation

`gcloud compute scp` does not accept `--ssh-flag` (that flag is for
`gcloud compute ssh`). Each `--ssh-flag=...` is being parsed as a
positional source path, producing 'Source(s) must be remote when
destination is local'. The capture step verified our architecture
works: 'Captured 61 checkpoint lines'. The transfer is tiny so no
keep-alive is needed; just drop the flags.
…oundation#10475)

The `run-stateful-tests` label had to be removed and re-added after
every push to re-trigger the integration tests. Two coordinated fixes:

- Expand the `pull_request` trigger to `[labeled, synchronize, reopened]`
  so the workflow fires on push, not only when a label is toggled.
- Replace `github.event.label.name == 'run-stateful-tests'` with
  `contains(github.event.pull_request.labels.*.name, 'run-stateful-tests')`
  at all four gate sites. The old expression is null outside label
  events; the new expression reads the PR's current label set on any
  `pull_request` activity, matching the pattern used for the `A-release`
  label in `tests-unit.yml`.
…shFoundation#10472)

* fix(ci): remove dead gcr-cleaner job from GCP cleanup workflow

The `clean-registries` job pinned a Docker image from a deleted GCP
project (`us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli`),
so every daily run failed with "Project #78287296261 has been deleted"
for ~12 days.

Artifact Registry image cleanup is now handled server-side by a native
cleanup policy on the `zebra` repository: keep the 2 newest versions,
delete anything older than 504h / 21 days. Policy is defined in the
cloud-foundation-fabric Terraform stage. Semantically identical to the
retired gcr-cleaner args.

Drop the job, its Docker login, the `DELETE_IMAGE_HOURS` env var, the
`clean-registries` entry on `delete-resources-success.needs`, and the
related documentation. The disk/instance/template/image cleanup jobs
that use gcloud CLI are unaffected.

* fix(ci): drop transitive comment about registry cleanup
…ion#10471)

* fix(ci): grant issues: write to failure-issue jobs

The failure-issue jobs in zfnd-ci-integration-tests-gcp.yml and
zfnd-deploy-nodes-gcp.yml inherit only contents: read from the
workflow-level permissions, so jayqi/failed-build-issue-action failed
with "Resource not accessible by integration" whenever a real failure
triggered the job. Add a job-scoped permissions block (contents: read,
issues: write) so auto-issue creation works again, without broadening
the token at workflow scope.

* fix(ci): restore contents: read on book.yml build job

Job-level permissions replace the workflow-level block entirely, so
the Build Docs job was running with only id-token: write and
statuses: write. actions/checkout currently works because the public
repo allows anonymous HTTPS clone, but the job should declare the
contents: read it actually needs.
…0464)

* fix(docker): expose P2P port for inbound peer connections

Zebra's Docker configuration did not expose the P2P port (8233/18233),
meaning containerized nodes could only make outbound connections. This
prevents inbound peer connections, degrades Zcash network health, and
breaks the "network shield" use case where Zebra sits in front of zcashd.

Docker changes:
- Add EXPOSE 8233 18233 to Dockerfile runtime stage
- Enable P2P port mapping in docker-compose.yml (was commented out)
- Add P2P port to lightwalletd and observability compose files
- Document external_addr in default config for NAT/firewall scenarios
- Add ZEBRA_NETWORK__EXTERNAL_ADDR to .env template

Documentation changes:
- Add P2P port mapping (-p 8233:8233) to all docker run examples
- Add persistent volume (-v) to quickstart commands
- Add P2P Networking section to Docker docs with port table and NAT guidance
- Update requirements.md with Docker-specific and firewall/NAT guidance
- Fix stale docker-compose.grafana.yml reference to observability.yml
- Update mining docs to use modern ZEBRA_RPC__LISTEN_ADDR env var

GCP deployment changes:
- Add explicit P2P port to ZEBRA_NETWORK__LISTEN_ADDR (was bare IP)
- Add firewall rule creation step for P2P ingress on zebrad-tagged instances

* docs: use neutral language in P2P documentation and fix workflow bug

- Remove alarming phrasing ("does not contribute to network health",
  "network shield", "silently drops") from Dockerfile, docker.md,
  docker-compose.yml, mining-docker.md, and requirements.md
- Remove descriptions of internal peer discovery mechanisms and
  defensive network topologies from public documentation
- Fix P2P_PORT variable scope bug in GCP deploy workflow: shell
  variables from earlier run: blocks do not persist across steps,
  so P2P_PORT is now recomputed in the firewall rule step
- Update deprecated env var names in docker/.env (ZEBRA_RPC_PORT →
  ZEBRA_RPC__LISTEN_ADDR, ENABLE_COOKIE_AUTH →
  ZEBRA_RPC__ENABLE_COOKIE_AUTH, ZEBRA_COOKIE_DIR →
  ZEBRA_RPC__COOKIE_DIR) to match config-rs conventions

https://claude.ai/code/session_015yZ5NpStAj6aq8kbroBxUh

* fix(ci): remove inline firewall rule creation from deploy workflow

Firewall rules are managed outside the deployment workflow.

https://claude.ai/code/session_015yZ5NpStAj6aq8kbroBxUh

* docs: reduce P2P documentation repetition

- Replace duplicate docker run examples in P2P Networking section
  with a reference to the Quick Start
- Shorten NAT comment in default-zebra-config.toml to one line

https://claude.ai/code/session_015yZ5NpStAj6aq8kbroBxUh

* docs: align P2P networking prose with surrounding sections

Replace bolded bullet breakdowns and inline labels with flowing prose
to match the style of each file's surrounding sections. Drop duplicate
sentences about `external_addr` and normalize the port reference table
headers.

* Update docker/Dockerfile

Co-authored-by: Marek <m@rek.onl>

* fix(ci): exclude IACR eprint from lychee link checker

IACR's eprint server returns 403 Forbidden to automated clients,
causing docs-check link-check failures on every PR. Exclude the
domain so historical academic references in book/ don't break CI.

---------

Co-authored-by: Marek <m@rek.onl>
…cashFoundation#10482)

* refactor(ci): unify GCP deploy lifecycle and remove versioned-MIG collisions

Replaces versioned MIG names (`zebrad-v${MAJOR}-${network}`) with a stable
MIG per network and routes deploys through three lifecycle classes (prod,
staging, canary). Removes the single-writer disk collisions that versioned
MIGs created on every major release, and the shell-conditional fall-through
that routed every deploy to the prod-disk path regardless of trigger.

Workflow: trigger maps to lifecycle class via `case` on `github.event_name`,
deriving MIG, disk, and template names from one source. Pre-flight squatter
check fails fast (with the holding instance's name) when a stateful disk is
held by an unrelated MIG. Rolling action uses `--max-unavailable=1`.
Lifecycle labels (`lifecycle_class`, `created_by`, `github_ref`,
`github_sha`) are stamped on templates, instances, and disks.

Rationale and trade-offs: docs/decisions/devops/0006-gcp-deployment-lifecycle.md
Operations: book/src/dev/gcp-deployment-operations.md

* docs(ci): restore trigger and job context in deploy workflow header

The previous header inventoried jobs that no longer exist and described
release semantics that no longer apply. Replace it with the current
trigger list, the actual job graph, and pointers to the ADR and runbook.
Also annotate `set-matrix` and `deploy-nodes` so a reader can identify
each job's role without reading the full implementation.

* fix(ci): move template-injection-flagged interpolations into env vars

Routes `env.GITHUB_SHA_SHORT` (template name) and `vars.GCP_REGION`
(pre-flight check) through the step's `env:` block so they reach the
shell as `$VAR` rather than `${{ ... }}`. Removes the new
zizmor/template-injection findings introduced by this PR.

* refactor(ci): drop lifecycle-class label; reuse environment + created_by

The `lifecycle_class` label introduced earlier in this PR duplicated
information already carried by the existing `environment` (`dev` | `prod`)
and `created_by` (`release` | `push` | `workflow_dispatch`) labels.
Drop the label and the matching env var; let the existing labels carry
the discriminator. Filtering reduces to a single predicate
(`labels.created_by=workflow_dispatch` covers PR deploys; `=release`
covers production; `=push` covers staging).

Rename the ADR to `0006-gcp-deployment-naming.md` to reflect that the
decision is about deriving MIG and disk names from `(environment, branch)`,
not about a new lifecycle vocabulary. The word "lifecycle" stays available
for what it already means in this repo: how disks are created, retained,
snapshotted, and reaped.

Replace "canary" with "PR deploy" in docs and runbook. Dispatch deploys
are dev work on branches, not partial-production canaries with traffic
splits.

* docs(ops): tighten GCP operations runbook

Consolidate the four PR-deploy sections (run / list / label / reap /
sweep) into one with sub-headings, since they share label vocabulary and
target the same resources. Move static-IP, cache-image, and daily-cleanup
notes into a single Reference section. Drop the duplicated "Concepts"
preamble; the same model is in continuous-delivery.md. Factor `$P` and
`$R` into shell defaults at the top so each recipe stops redeclaring
them.

No behavior changes. The runbook drops from 255 lines to roughly half
without losing any procedure.
…shFoundation#10485)

* refactor(ci): zonal MIG per (environment, branch, network, zone)

One zonal MIG per matrix cell. Each MIG holds 1 instance, 1 stateful
disk, 1 static IP. Push and release fan out to 6 cells (2 networks ×
3 zones); workflow_dispatch deploys one cell (user picks network +
zone) for PR smoke-tests.

The prior regional stateful MIG architecture forced all-at-once
updates: regional stateful MIGs require max-surge=0 and
max-unavailable >= zone_count. Zonal MIGs take max-unavailable=1
natively, so a rolling update replaces one zone at a time while the
other two keep serving.

Deploy success is two channels:
- deploy-nodes reports infrastructure (template + MIG + IP), ~3-5 min
  per cell. `failure-issue` label `S-ci-fail-release-auto-issue`.
- verify-nodes reports application (peer mesh + chain tip), up to
  90 min, runs async. `verify-failure-issue` label
  `S-ci-fail-verify-auto-issue`. On-call can tell deploy bugs from
  warmup slowness.

Other:
- get-disk-name split per-network; fixes testnet-gets-mainnet-image
  leak from the workflow-level lookup.
- ensure-health-checks is a one-shot job (runs once per push, not 6x
  from the matrix).
- environment value computed once in set-matrix.outputs.environment;
  the old four copies of the event-name ternary are gone.
- Template uses --disk=name=X (attach existing) plus an explicit
  "Ensure zonal disk exists" step that creates from the cache image
  when missing. Supports both fresh deploys and manual snapshot seeds.
- Matrix fail-fast off; each (network, zone) cell succeeds or fails
  independently.

* docs: fix broken GCP docs link in ADR 0006

link-check flagged `.../instance-groups/zonal-migs` as 404. Replace
with the canonical `.../instance-groups` overview, which covers the
zonal/regional distinction and is stable across GCP doc restructures.
)

* fix(ci): scope deploy concurrency per (env, network, zone)

The previous concurrency key serialized every deploy event on the same
ref, so firing six workflow_dispatch runs against (env=prod, one per
network+zone) would let only one run at a time. That contradicts the
zonal-MIG design in ADR 0006, where each (environment, network, zone)
owns an independent MIG, disk, and IP and has no reason to block its
siblings.

Including inputs.environment, inputs.network, and inputs.zone in the
group gives each cell its own concurrency bucket. For push and release
the inputs are empty, so the key collapses to one group per (event,
ref), preserving the current in-workflow matrix fan-out.

* fix(ci): derive MIG names and static-IP condition from env + branch

Both `Compute MIG and disk naming` and `Assign static IP` branched on
`github.event_name` instead of the deploy target, which broke
workflow_dispatch to prod:

1. Naming: `event=workflow_dispatch` set `PREFIX="${REF_SLUG}-"`, so a
   prod dispatch looked for `zebrad-cache-main-mainnet-b` instead of the
   ADR-0006 stable name `zebrad-cache-mainnet-b`. The disk-exists check
   missed and the fallback `disks.create` tried to use a dev-project
   cache image that prod cannot read.
2. Static IP: skipped for every workflow_dispatch, including dispatches
   to prod that need the reserved zone-to-IP mapping.

Derive both from (environment, branch):
- `env=prod`           -> empty prefix, assign static IP (any event).
- `env=dev` + `main`   -> `main-` prefix, assign static IP.
- `env=dev` + other    -> `${ref}-` prefix, ephemeral IP.
…undation#10488)

fix(ci): harden pre-flight parse and make health-check idempotent

Two races surfaced when post-merge main ran and six prod dispatches fired
in parallel:

1. Pre-flight owner parse: `grep -oE 'instanceGroupManagers/[^/]+'` accepts
   every non-slash character, so when gcloud renders the extracted metadata
   value with list-bracket framing, the trailing `']` becomes part of the
   owner string. The `owner != MIG_NAME` check then always fails when the
   disk is already attached (every push after the first). Tighten the
   character class to `[a-z0-9-]+`, matching only valid MIG name chars.
2. Health-check upsert: the create-or-update pattern races across parallel
   runs. `update` sees the resource mid-creation and gets
   `The resource ... is not ready`. Switch to describe-or-create: skip
   entirely when the global health check exists.
…n#10489)

The build job references `needs.set-matrix.outputs.environment` but does
not list set-matrix in its `needs:`, so GitHub Actions silently resolves
the reference to an empty string. The build reusable workflow then falls
back to environment=dev and pushes the image to the dev Artifact
Registry, even when the deploy target is prod.

Adding `needs: [set-matrix]` resolves the reference to the real value.
Replace `.expect()` on fallible `body.collect().await` with `?` in
`request_to_json_rpc_2` and `response_from_json_rpc_2`. A TCP
connection reset during body reading previously panicked, which with
`panic = "abort"` instantly killed the entire Zebra process.

Now body collection errors propagate as `Err(BoxError)`, closing the
HTTP connection cleanly.
* fmt

* fix(clippy): use Option::zip instead of manual implementation

* fix(deps): update rustls-webpki to 0.103.12 for security advisories

* fix(clippy): use Option::zip in zebra-rpc indexer

* fix(ci): add rustls-webpki audit and downgrade yanked to warn
* add test to reproduce issue

* consensus: remove mempool bypass

* addressed comments in test

* fix skips_verification_of_block_transactions_in_mempool()

* add test to reproduce issue

* fix(chain): validate rk on parsing

* adjust test for the fix

* reproduce addr_limit

* fix addr_limit

* add fuzzing artifacts to .gitignore

* fix(script): correct v4/v5 sighash divergence with zcashd

For V5+ transactions, reject undefined hash_type values in the script
verification callback, matching zcashd's SighashType::parse behavior.

For pre-V5 (V4) transactions, use the raw hash_type byte in the sighash
preimage instead of canonicalizing it, matching zcashd's serialization
behavior that only masks with 0x1f for selection logic.

Add sighash_v4_raw API to zebra-chain for raw-byte V4 sighash computation
and comprehensive tests for both V4 and V5 divergence scenarios.

* build: update zcash_script to 0.4.4

Use the published zcash_script 0.4.4 and zcash_transparent 0.6.4
which include the sighash fixes upstream. No patches needed.

* style: apply rustfmt to cherry-picked code

* fix: move test-only constants into test modules, pin zcash_transparent 0.6.4

Move ADDR_V1_SIZE and ADDR_V2_MIN_SIZE from source files into the test
modules that consume them, eliminating dead_code warnings from clippy.

Pin zcash_transparent to 0.6.4 in Cargo.toml so the fix is explicit and
not dependent on lockfile resolution.

* Delete zebra-network/proptest-regressions/peer_set/set/tests/prop.txt

---------

Co-authored-by: Conrado Gouvea <conradoplg@gmail.com>
Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
Co-authored-by: DC <alchemydc@proton.me>
* bump versions and changelogs for 4.3.1

* Update zebra-consensus/CHANGELOG.md

Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>

* add some CVE numbers

* expand CHANGELOG

* bump zebra-rpc; add rpc panic to the changelogs

* chore: refresh mainnet and testnet checkpoints for v4.3.1

* chore(release): add Dockerized mining changelog entry; bump estimated release height; fix duplicate Unreleased heading

---------

Co-authored-by: Conrado Gouvea <conradoplg@gmail.com>
Co-authored-by: Conrado <conrado@zfnd.org>
Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
…ion#10444)

* bench(consensus): add Groth16 proof verification benchmarks

Add criterion benchmarks for Sprout JoinSplit Groth16 proof verification
in zebra-consensus. Measures single and unbatched verification at batch
sizes 2–64, plus input preparation costs (primary_inputs computation
and item creation). Uses cycled items from mainnet test blocks since
verification cost is constant per proof regardless of content.

* bench(consensus): add Halo2 (Orchard) proof verification benchmarks

Add criterion benchmarks for Orchard Halo2 proof verification in
zebra-consensus. Extracts real Orchard bundles from NU5 mainnet test
blocks and measures single and unbatched verification at batch sizes
2-32. Only exercises verify_single() since Item fields and the batch
trait are private.

* bench(consensus): add Sapling proof verification benchmarks

Add criterion benchmarks for Sapling shielded data verification in
zebra-consensus. Extracts real Sapling bundles from mainnet test blocks
(28 items) and measures both unbatched (one-item batch per bundle) and
true batch verification at sizes 2-64. Batch verification shows ~5x
speedup at 64 bundles, validating the batching architecture.

* bench(chain): add per-version transaction serialization benchmarks

Add criterion benchmarks for transaction deserialization and
serialization across all five Zcash transaction versions (V1-V5).
Extracts real transactions from mainnet test blocks at the appropriate
network upgrade heights. V5 deserialization is notably slower than
V1-V4 due to consensus branch ID validation and Orchard field parsing.

---------

Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
…er Sapling migration (ZcashFoundation#10436)

cleanup(zebra-consensus): remove remaining groth16 abstractions after Sapling migration

Remove the `Description` trait and `DescriptionWrapper` that were only
used by Sprout JoinSplit after Sapling verification moved to
`sapling_crypto::BatchValidator`. Replace with a direct
`Item::from_joinsplit()` constructor. Relocate `SAPLING` params from
`groth16/params.rs` to `sapling.rs` where they are actually used, and
rename misleading `proofs.groth16.*` metrics to `proofs.sapling.*` in
the Sapling verifier.

Closes ZcashFoundation#9891
* fix(ci): update cargo vet exemptions to match current crate versions

* fix(ci): prune unnecessary cargo vet exemptions and refresh imports

* fix(ci): trigger lint workflow on supply-chain changes

* fix(ci): update rustls-webpki and ignore core2 unmaintained advisory
…ZcashFoundation#10503)

* build(deps): bump the devops group across 1 directory with 26 updates

Bumps the devops group with 26 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |
| [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) | `1.15.2` | `1.16.0` |
| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` |
| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |
| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` |
| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.68.10` | `2.75.18` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.5` |
| [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.7.0` | `2.8.0` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.4.0` |
| [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) | `2.0.15` | `2.0.17` |
| [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `3.0.3` | `3.0.4` |
| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `6.2.0` | `7.2.0` |
| [rlespinasse/github-slug-action](https://github.com/rlespinasse/github-slug-action) | `5.5.0` | `5.6.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.1.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.1.1` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.0.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` |
| [docker/scout-action](https://github.com/docker/scout-action) | `1.18.2` | `1.20.4` |
| [shimataro/ssh-key-action](https://github.com/shimataro/ssh-key-action) | `2.8.0` | `2.8.1` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.0` | `0.5.3` |



Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6.0.1...de0fac2)

Updates `actions-rust-lang/setup-rust-toolchain` from 1.15.2 to 1.16.0
- [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases)
- [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md)
- [Commits](actions-rust-lang/setup-rust-toolchain@1780873...2b1f5e9)

Updates `actions/github-script` from 7.0.1 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@60a0d83...3a2844b)

Updates `actions/configure-pages` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/configure-pages/releases)
- [Commits](actions/configure-pages@983d773...45bfe01)

Updates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@7b1f4a7...fc324d3)

Updates `actions/deploy-pages` from 4.0.5 to 5.0.0
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](actions/deploy-pages@d6db901...cd2ce8f)

Updates `actions/download-artifact` from 7.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v7...3e5f45b)

Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@c0f553f...5f6978f)

Updates `taiki-e/install-action` from 2.68.10 to 2.75.18
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/install-action@305beba...055f5df)

Updates `codecov/codecov-action` from 5.5.2 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@671740a...57e3a13)

Updates `actions/cache` from 5.0.1 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@9255dc7...27d5ce7)

Updates `lycheeverse/lychee-action` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](lycheeverse/lychee-action@a8c4c7c...8646ba3)

Updates `actions/setup-node` from 6.1.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@395ad32...48b55a0)

Updates `EmbarkStudios/cargo-deny-action` from 2.0.15 to 2.0.17
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](EmbarkStudios/cargo-deny-action@3fd3802...91bf2b6)

Updates `marocchino/sticky-pull-request-comment` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@d4d6b09...0ea0beb)

Updates `release-drafter/release-drafter` from 6.2.0 to 7.2.0
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@6db134d...5de9358)

Updates `rlespinasse/github-slug-action` from 5.5.0 to 5.6.0
- [Release notes](https://github.com/rlespinasse/github-slug-action/releases)
- [Commits](rlespinasse/github-slug-action@9e7def6...e6f2616)

Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@8d2750c...4d04d5d)

Updates `docker/build-push-action` from 6.19.2 to 7.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@10e90e3...bcafcac)

Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4.6.2...043fb46)

Updates `actions/create-github-app-token` from 2.2.1 to 3.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@29824e6...1b10c78)

Updates `docker/metadata-action` from 5.10.0 to 6.0.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@c299e40...030e881)

Updates `docker/login-action` from 3.7.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@c94ce9f...4907a6d)

Updates `docker/scout-action` from 1.18.2 to 1.20.4
- [Release notes](https://github.com/docker/scout-action/releases)
- [Commits](docker/scout-action@f8c7768...bacf462)

Updates `shimataro/ssh-key-action` from 2.8.0 to 2.8.1
- [Release notes](https://github.com/shimataro/ssh-key-action/releases)
- [Changelog](https://github.com/shimataro/ssh-key-action/blob/v2/CHANGELOG.md)
- [Commits](shimataro/ssh-key-action@6b84f2e...87a8f06)

Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.3
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](zizmorcore/zizmor-action@0dce257...b1d7e1f)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: devops
- dependency-name: actions-rust-lang/setup-rust-toolchain
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: devops
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: actions/configure-pages
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: actions/deploy-pages
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: devops
- dependency-name: taiki-e/install-action
  dependency-version: 2.75.18
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: devops
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: devops
- dependency-name: lycheeverse/lychee-action
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: devops
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: devops
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: 2.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: devops
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: devops
- dependency-name: release-drafter/release-drafter
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: rlespinasse/github-slug-action
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: devops
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: actions/create-github-app-token
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: docker/metadata-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: devops
- dependency-name: docker/scout-action
  dependency-version: 1.20.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: devops
- dependency-name: shimataro/ssh-key-action
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: devops
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: devops
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): pin cargo-deny-action, suppress zizmor cache finding

- cargo-deny-action stays at 2.0.15: 2.0.17 ships a newer cargo-deny
  that trips on the hashbrown triple already present in Cargo.lock.
- docker/setup-buildx-action keeps 4.0.0 with an inline
  `# zizmor: ignore[cache-poisoning]` documenting that PR, main, and
  release builds share one Docker Build Cloud endpoint without
  per-environment cache scoping.

* build(deps): move zizmor ignore to trailing comment on uses line

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
…10498)

* rpc: Add nTx field to getblock response

Add a per-block transaction count (`nTx`) to the verbose `getblock`
RPC response. The value is derived from the length of the `tx` array,
so it introduces no new storage or computation — it just makes the
count explicitly available as a top-level field.

This is useful for release tooling, block explorers, and consistency
with Bitcoin Core. zcash/zcash#7144 proposes to add the same field to
zcashd.

`nChainTx` (cumulative transaction count from genesis) is not included
in this change as it requires new storage infrastructure. See
ZcashFoundation#10497.

Partially addresses ZcashFoundation#10497

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(zebra-rpc): update serialization tests and fixtures for nTx field

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
* test(rpc): add regression test for getrawtransaction confirmations undercount

* fix(state): use non-finalized tip for getrawtransaction confirmation count

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* add annotation

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ation#10521)

fix(docs): update broken NetworkConstants doc link to zcash_protocol

The lychee link checker started failing on `main` after librustzcash
released zcash_primitives 0.27.0 (zcash/librustzcash#2313, merged
2026-04-24). docs.rs/zcash_primitives/latest now resolves to 0.27.0,
where the trait page at consensus/trait.NetworkConstants.html returns a
hard 404. At 0.26.0 the same path returned a 302 redirect that lychee
silently accepted, so the link looked valid even though the trait's
canonical home had already moved to zcash_protocol.

Repoint the prose reference and hyperlink in the custom-testnets book
chapter to zcash_protocol::consensus, which is where Zebra's own code
already imports the trait from
(zebra-chain/src/parameters/network/tests/vectors.rs).
* fix(zebra-rpc): set explicit 0600 perms on cookie file

* fix(zebra-rpc): enforce max request body size in HTTP middleware

* fix(zebra-rpc): add slow-consumer drop to gRPC indexer streams

* fix(zebra-rpc): use caller-provided blockhash in getrawtransaction to avoid TOCTOU race

---------

Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
…t verification (ZcashFoundation#10510)

* fix(script): Avoid panicking in transparent script verifier if callers provide a request with a missing input

* fix(script): Check that all transparent inputs have matching previous outputs before verifying

* fix(consensus): use ok_or_else with formatted index, fixing clippy

Clippy's unnecessary_lazy_evaluations lint flagged the ok_or_else closure
with a string literal. Switch to an interpolated format that includes
the actual input_index, which makes the closure non-trivial (satisfying
the lint) and produces a more useful error message.

* test(script): cover out-of-range input_index and mismatched-length cases

- zebra-script::is_valid_rejects_mismatched_previous_outputs_length:
  exercises the .filter() length-equality guard inside CachedFfiTransaction::is_valid.
- zebra-script::is_valid_rejects_out_of_range_input_index: regression
  test for the existing bounds check on all_previous_outputs.
- zebra-consensus::script::tests::verifier_returns_error_for_out_of_range_input_index:
  end-to-end Tower service test covering the new ok_or_else error path
  in Verifier::call.

---------

Co-authored-by: Marek <m@rek.onl>
…shFoundation#10522)

* feat(deps): migrate librustzcash crates to 2026-04 release wave (drops core2)

Bumps the librustzcash crate cohort to the 2026-04 release wave, which
replaces the yanked `core2` crate with `corez 0.1.1` and clears
RUSTSEC-2026-0105.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

* ci: fix deny bans, cargo-vet, and zebrad MSRV for librustzcash 2026-04 cohort

The 2026-04 librustzcash cohort upgrade pulls in transitive deps that
introduce duplicate-version conflicts and lift the zebrad MSRV.
Resolve all three classes of CI failure without bumping the workspace MSRV:

- MSRV: bump zebrad 1.89 -> 1.91 (for cargo-platform 0.3.3 via vergen-git2 9.1).
  Update the lint.yml msrv job toolchain and the docker base image accordingly.
  The workspace MSRV stays at 1.85.1; transitive deps that were going to lift it
  to 1.88 (serde_with 3.18, idna_adapter 1.2, home 0.5.12) are pinned via
  Cargo.lock to older minor versions that still support 1.85.1.

- deny bans: add skip-tree entries for the four duplicate crates the
  upgrade introduces: console (0.15.x via indicatif/howudoin vs 0.16.x
  via insta), hashbrown (0.16.x via ed25519-zebra vs 0.17.x via
  indexmap 2.14), toml (0.9.x via zebrad vs 1.1.x via config 0.15),
  and winnow (0.7.x via toml 0.9 vs 1.x via toml 1.x).

- cargo-vet: regenerate exemptions to cover crates entering the supply
  chain via the cohort upgrade and second-version exemptions for the four
  duplicates above.

Restore the "home must be downgraded manually" note in the release issue
and PR templates, since the workaround is still required at MSRV 1.85.1.

* style: inline format args

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Marek <m@rek.onl>
Co-authored-by: Conrado Gouvea <conradoplg@gmail.com>
…#10525)

* fix(zebra-script): fix stale sighash issue

* fix(chain): validate solution size before allocating

* Update zebra-chain/src/work/tests/vectors.rs

Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>

---------

Co-authored-by: Conrado Gouvea <conradoplg@gmail.com>
Co-authored-by: Conrado <conrado@zfnd.org>
Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
ValarDragon and others added 30 commits June 30, 2026 18:49
* feat(rpc): report Ironwood value pool balances

* fix(rpc): accept legacy value pool responses

* fix(rpc): preserve legacy value pool deltas

* fix(rpc): preserve value pool order
* feat(state): track Ironwood shielded state

* refactor(state): split history tree rebuild from Ironwood state

* fix(state): allow activation Ironwood mempool anchor

* refactor(chain): batch Ironwood note tree updates

* fix(state): make shielded spend lookup explicit

* fix(state): cfg-gate Ironwood anchor test imports

* docs(state): clean up nullifier check links

* refactor(state): reuse Ironwood tree lookup in rollback

* docs(state): explain Ironwood tree rollback

* test(state): restore chain tip expected action ordering

* docs(state): explain typed Ironwood none

* fix(state): reset database format minor version

* docs(chain): correct Ironwood action bound comment

* test(state): rename Ironwood anchor activation test

* refactor(state): clarify default Ironwood root naming

* docs(state): clarify Ironwood activation root guard

* refactor(state): name block info formats explicitly

* refactor(state): match Ironwood anchor validation to Orchard

* docs(state): move nullifier uniqueness docs to public helper

* refactor(state): route Ironwood nullifiers through UpdateWith
…cashFoundation#352)

* fix(chain): validate V6 transactions through librustzcash

* test(consensus): cover block verifier librustzcash validation

* test(consensus): cover librustzcash conversion failures

* Revert "test(consensus): cover block verifier librustzcash validation"

This reverts commit 4724a9a.

* fix(chain): defer librustzcash checks to consensus

* consensus: implement native v6 transaction hashing

* Update zebra-chain/CHANGELOG.md

* test(chain): reject padded V6 Orchard proof via librustzcash conversion

The librustzcash conversion check is deferred out of deserialization to
consensus verification, so a padded (non-canonical) Orchard proof now
deserializes successfully. Update the test to assert the padded proof is
rejected by the deferred librustzcash conversion that consensus relies on,
rather than at parse time.

* test(chain): reject padded V6 Ironwood proof via librustzcash conversion

Zebra native deserialization is more permissive than librustzcash for the
variable-length Halo2 proofs used by the V6 Orchard and Ironwood pools. Add
Ironwood coverage mirroring the Orchard case so both net-new V6 shielded
proof surfaces are guarded: a non-canonical (padded) proof deserializes but
must be rejected by the deferred librustzcash conversion that consensus relies
on.

---------

Co-authored-by: Dev Ojha <dojha@berkeley.edu>
Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>
Co-authored-by: roman <roman@osmosis.team>
* fix(rpc): harden getblocktemplate for Ironwood mining

* fix(rpc): preserve Orchard mining receiver priority

* fix(rpc): prefer Ironwood for Orchard unified miners

* fix(rpc): reuse long-poll coinbase precompute

* fix(rpc): keep PoW-disabled mempool gated

* fix(rpc): satisfy clippy for coinbase precompute

* fix(rpc): refresh tip after coinbase precompute

* fix(rpc): handle disabled mempool in GBT fetch

* fix(rpc): keep Ironwood reward routing after NU6.3

* fix(rpc): restore GBT template invariants

* fix(rpc): restore miner params handling

* fix(rpc): restore long-poll coinbase precompute

* docs(rpc): update getblocktemplate changelog

* test(rpc): explain ignored shielded coinbase tests

* chore(rpc): defer PoW-disabled GBT support
…tic path (ZcashFoundation#367)

* fix(chain): validate V6 transactions through librustzcash

* test(consensus): cover block verifier librustzcash validation

* test(consensus): cover librustzcash conversion failures

* Revert "test(consensus): cover block verifier librustzcash validation"

This reverts commit 4724a9a.

* fix(chain): defer librustzcash checks to consensus

* consensus: implement native v6 transaction hashing

* perf(chain): defer Sapling cv/epk decompression, enforce on the semantic path

* fix(chain): precheck Sapling points in V6 transactions

Ensure V6 Sapling point validation uses the same unstable gates as the V6 transaction variant, so invalid cv/epk encodings fail before reaching the batch verifier.

* clarify comments

* simplify comments

* lints

* fmt

* Update zebra-chain/src/sapling/keys.rs

Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com>

* refactor Sapling point check

Move the deferred Sapling point validation into the transaction check module so the verifier keeps the same named-check structure as surrounding consensus checks.

* comment

---------

Co-authored-by: Adam Tucker <adamleetucker@outlook.com>
Co-authored-by: Dev Ojha <dojha@berkeley.edu>
Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com>
* chore(deps): bump zcash crates for Ironwood

* fix(ci): update transaction builder annotations

* test(rpc): update protocol version snapshots

* fix(chain): add Testnet NU6.3 activation height

* test: update NU6.3 transaction generators

* fix(consensus): allow V4 transactions at NU6.3

* test(rpc): update NU6.3 blockchain info snapshot

* test(chain): restore Ironwood V6 tx hash vectors

* fix(chain): remove stale NU6.3 cfg guards

* test(consensus): allow V6 at NU6.3 in tx props

* test(consensus): keep ZFuture version max open

* fix(network): use NU6.3 protocol version
* feat(state): track Ironwood shielded state

* refactor(state): split history tree rebuild from Ironwood state

* fix(state): rebuild history tree entries after Ironwood

* fix(state): allow activation Ironwood mempool anchor

* refactor(chain): batch Ironwood note tree updates

* fix(state): make shielded spend lookup explicit

* fix(state): cfg-gate Ironwood anchor test imports

* docs(state): clean up nullifier check links

* refactor(state): reuse Ironwood tree lookup in rollback

* docs(state): explain Ironwood tree rollback

* test(state): restore chain tip expected action ordering

* docs(state): explain typed Ironwood none

* fix(state): reset database format minor version

* docs(chain): correct Ironwood action bound comment

* test(state): rename Ironwood anchor activation test

* refactor(state): clarify default Ironwood root naming

* docs(state): clarify Ironwood activation root guard

* refactor(state): name block info formats explicitly

* refactor(state): match Ironwood anchor validation to Orchard

* docs(state): move nullifier uniqueness docs to public helper

* fix(state): use empty Ironwood tree root in rebuild

* fix(state): fold history rebuild into Ironwood upgrade

* fix(state): repair legacy history tree rebuilds

* fix(state): preserve Ironwood activation anchor

* fix(state): align Ironwood history upgrade with upstream

* test(state): trim snapshot metadata

* refactor(state): inline Ironwood anchor insertion
* feat(rpc): expose Ironwood RPC output

* fix(rpc): preserve transaction object constructor

* fix(rpc): preserve treestate response constructor

* fix(rpc): expose Ironwood cross-address flags

* test(rpc): gate Ironwood getblock vector to NU6.3

* refactor(rpc): remove redundant treestate serde defaults

* refactor(rpc): align Ironwood treestate shape

* fix(rpc): route post-NU6.3 Orchard rewards to Ironwood

* refactor(rpc): make Ironwood tree constructors explicit

* refactor(rpc): inline subtree response construction

* fix(rpc): remove stale NU6.3 cfg gates
* perf(network): tune Zakura native P2P defaults

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>

* docs: link Zakura P2P parameter changelog to PR

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>

* test(zebrad): store Zakura P2P generated config

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>

---------

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>
* fix(mempool): attribute peer transaction admission

* refactor(mempool): don't surface peer queue saturation as overload

The per-peer mempool admission cap already refuses excess candidates
cheaply, so routing that refusal back as an `Overloaded` error gave
honest bursty peers a probabilistic disconnect for little extra security
benefit. Keep the peer attribution and the per-peer slot-leak fix, but
drop the overload signaling so over-cap candidates are silently refused,
as they were before the overload change.

* test(mempool): cover peer-pushed transaction cap

Add an inbound regression test for the direct full-transaction push path. The test queues MAX_INBOUND_CONCURRENCY_PER_PEER distinct PushTransaction requests from the same LegacySocket peer source, verifies they are admitted, then asserts the next peer-pushed transaction is surfaced as Tower overload.

This complements the existing txid-advertisement overload regression by proving full peer-pushed transactions are also attributed to the peer for admission limits. Locally validated with:

CXXFLAGS='-include cstdint' cargo test -p zebrad peer_pushed_transactions_are_limited_by_per_peer_cap

* test(mempool): align push cap test with silent refusal

Update the peer-pushed transaction cap regression after the branch changed per-peer saturation handling to avoid surfacing overload errors. The over-cap PushTransaction request now asserts a Nil response, then verifies only the admitted MAX_INBOUND_CONCURRENCY_PER_PEER transactions reached the verifier.

This keeps coverage for the direct full-transaction push path while matching the current policy: excess peer-originated candidates are refused without disconnect-oriented overload signaling.

Validated with:

CXXFLAGS='-include cstdint' cargo test -p zebrad peer_pushed_transactions_are_limited_by_per_peer_cap

* docs(mempool): note peer queue API change

---------

Co-authored-by: roman <roman@osmosis.team>
…tion#378)

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>
* perf(state): precompute checkpoint auth data roots

Move ZIP-244 auth data root work ahead of finalized checkpoint commits while preserving recomputation as a fallback, and reuse shared txid/auth-digest conversion during semantic block preparation.

* comment
…ndation#374)

* perf(network): Zakura block-sync BBR-lite congestion control + O(1) sequencer

Byte-identical extraction of the block-sync performance work from
feat/pre-release-main (ZcashFoundation#290), split out as the first independently
reviewable/testable PR onto ironwood-main. It has no execution-pipeline or
header-sync/VCT dependency: the block-sync reactor commits via the existing
Request::Commit path, so it stands alone on ironwood-main.

Contents (byte-identical to feat):
- zebra-network/src/zakura/block_sync/**: BBR-lite byte-denominated congestion
  control (bbr.rs), per-peer admission control (admission.rs), floor-rescue, the
  O(1) sequencer hot path (work_queue/sequencer/state), and an offline Sequencer
  bench helper (bench.rs, behind the new internal-bench feature).
- zebra-network/src/zakura/testkit/** (blocksync_fuzz, block_sync_peer,
  mock_blocksync, and supporting helpers): the block-sync test harness/fuzzer.
- zebra-network/src/zakura/transport/guard.rs: ByteBudget charge/audit (dep).
- zebra-network/{Cargo.toml, config.rs}: the internal-bench feature and the
  block-sync config clamp wiring in Config deserialize.
- zebrad .../block_sync_driver.rs: the two block-sync perf tweaks (5s -> 200ms
  checkpoint-frontier refresh + needed-block query coalescing).

Shared files kept block-sync-only (their header-sync/VCT parts land with their
own PRs):
- trace.rs: block_sync + commit_state trace consts only; the header_sync
  tree-aux consts are excluded (hunk-split).
- testkit/cluster.rs, config/tests/vectors.rs: held at ironwood-main because
  their feat deltas reference header-sync/VCT symbols not present here.

Tests: 203 block_sync + fuzzer tests pass; zebra-network fmt + clippy -D warnings
clean; zebrad checks clean (CXXFLAGS=-include cstdint for rocksdb under GCC15).

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>

* docs: link block-sync parameter changelog to PR

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>

* test(zebrad): align coalesce test with reordered block-sync driver actions

PR1 took the block_sync_driver coalesce reorder (SubmitBlock now precedes
QueryNeededBlocks: the needed-blocks query is deferred behind ready submits)
but not the paired start.rs test. Replace the stale
block_sync_driver_prioritizes_ready_needed_query_over_submit (which asserted
the old query-first behavior and now panics) with feat's inverted
block_sync_driver_prioritizes_ready_submit_over_needed_query. Byte-identical to
feat/pre-release-main.

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>

* test(network): make checkpoint backfill e2e wait deterministic

---------

Co-authored-by: Roman Akhtariev <ackhtariev@gmail.com>
Co-authored-by: roman <roman@osmosis.team>
Keep the ignored mock reorg scenario compatible with full-coverage CI and fix the restart harness height mapping used by the Zakura header-sync test.
Compare byte-cwnd request density instead of absolute request counts so the mixed-size fuzz test remains valid under slower coverage instrumentation.
* perf(state): limit RocksDB WAL growth

* Update CHANGELOG_PARAMS.md
Store the current generated zebrad config so coverage acceptance tests continue checking config compatibility after the Zakura throughput-control defaults changed.
* fix(network): align NU6.3 protocol version floor

* docs: fix changelog params lint

* test(network): update peer-set fixtures for NU6.2 floor
* feat(state): add VCT docs config and DB storage

Introduce the verified-commitment-trees design doc, hidden state config mirror, and RocksDB storage scaffolding needed before wiring the checkpoint-sync fast path.

* comment

* tests and lint

* comment

* tests

* test

* tests: wait for Zakura body gap observation

* comment

* vct data

* remove db code
* fix(transaction): accept supported V6 branch IDs

* docs: fix changelog params lint

* fix(transaction): accept all V6 NU6.3-or-later branch IDs
* Stabilize Zakura status trace smoke test

* Preserve Zakura status sent trace coverage

* Temporarily ignore flaky Zakura stream-5 trace test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.