Decentralization of configuration parameters phase 1 - Aggregator local parameters #2736
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Test Results 4 files ± 0 168 suites ±0 23m 58s ⏱️ +6s Results for commit 3f771a3. ± Comparison against base commit c7220be. This pull request removes 3 and adds 9 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
turmelclem
force-pushed
the
ctl/2692-decentralization-of-configuration-parameters-phase-1-local-parameters
branch
from
407ea74 to
bc2e5d5
Compare
mithril-aggregator/src/dependency_injection/builder/enablers/mithril_network_configuration.rs
Fixed
Show fixed
Hide fixed
mithril-aggregator/src/dependency_injection/builder/enablers/mithril_network_configuration.rs
Fixed
Show fixed
Hide fixed
mithril-aggregator/src/dependency_injection/builder/enablers/mithril_network_configuration.rs
Fixed
Show fixed
Hide fixed
mithril-aggregator/src/dependency_injection/builder/enablers/mithril_network_configuration.rs
Fixed
Show fixed
Hide fixed
turmelclem
force-pushed
the
ctl/2692-decentralization-of-configuration-parameters-phase-1-local-parameters
branch
from
120452b to
4e21205
Compare
Alenar
temporarily deployed
to
testing-preview
GitHub Actions
Inactive
Alenar
force-pushed
the
ctl/2692-decentralization-of-configuration-parameters-phase-1-local-parameters
branch
from
1b74219 to
890ad0b
Compare
Alenar
temporarily deployed
to
testing-preview
GitHub Actions
Inactive
Alenar
force-pushed
the
ctl/2692-decentralization-of-configuration-parameters-phase-1-local-parameters
branch
4 times, most recently
from
07d14a3 to
80abe55
Compare
Alenar
temporarily deployed
to
testing-preview
GitHub Actions
Inactive
turmelclem
force-pushed
the
ctl/2692-decentralization-of-configuration-parameters-phase-1-local-parameters
branch
3 times, most recently
from
ea59e83 to
de20459
Compare
…local configuration implementation
…onfiguration and adapt epoch service
…leanup dependency injection
Alenar
force-pushed
the
ctl/2692-decentralization-of-configuration-parameters-phase-1-local-parameters
branch
from
de20459 to
2097da6
Compare
…gning_config optionnal (mandatory for leader)
Rework `init_state_from_fixture` to not save epoch_settings and works with the fixed window of three epoch (aggregate/next aggregate/signer registration), epoch settings should already exists, most of the time they will be inserted by the handle discrepancies system
- run it at the end of the serve dependency container build - retrieve and save data from the network configuration provider instead of the local node configuration - update follower integration test to check that local protocol parameter configuration is not read, instead the configuration is read through the network configuration provider from the leader
Since now the follower read the network config from the leader, this means that the update of the protocol parameters is now a responsability of the leader only. This lead to flakiness because this step was restarting all aggregators, and sometimes the follower started before the leader and had a error when it executed its handle discrepencies because the leader http server was still down.
until we can figure out how to make the logs group work correctly when the e2e is retry by `nick-fields/retry` (currently the group before the retry are lost)
Alenar
force-pushed
the
ctl/2692-decentralization-of-configuration-parameters-phase-1-local-parameters
branch
from
2097da6 to
6319f63
Compare
Alenar
temporarily deployed
to
testing-preview
GitHub Actions
Inactive
…ction between local configuration and network configuration For leader aggregator this does not change anything right now since both value come from the aggregator configuration. For follower this allow them to use a subset of the signed entity types allowed in their leader.
Alenar
temporarily deployed
to
testing-preview
GitHub Actions
Inactive
… `cardano_transactions_signing_config` from `EpochSettingsMessage` - mark both fields as deprecated - make `signer_registration_protocol` optional
…tingsMessage` This ensures that nodes built with this patch won't fails when thoses fields will be removed.
…hSettingsMessage`
Alenar
temporarily deployed
to
testing-preview
GitHub Actions
Inactive
Copilot finished reviewing on behalf of
jpraynaud
November 12, 2025 17:11
There was a problem hiding this comment.
Pull Request Overview
This PR implements phase 1 of configuration parameter decentralization for the Mithril aggregator by introducing a network configuration provider system that enables follower aggregators to retrieve protocol parameters from the leader instead of requiring local configuration.
Key Changes:
- Introduced
MithrilNetworkConfigurationProviderwith two implementations:LocalMithrilNetworkConfigurationProviderfor leader aggregators (reads from database with local config fallback) andHttpMithrilNetworkConfigurationProviderfor follower aggregators (fetches from leader) - Reworked
EpochServiceto use the configuration provider, eliminating theupdate_epoch_settingsmethod and consolidating epoch settings insertion intoinform_epoch - Made
protocol_parametersandcardano_transactions_signing_configoptional in configuration, with manual validation for leader aggregators
Reviewed Changes
Copilot reviewed 47 out of 48 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| openapi.yaml | Deprecated signer_registration_protocol and cardano_transactions_signing_config fields in EpochSettingsMessage, making them optional for backward compatibility |
| mithril-test-lab/mithril-end-to-end/src/utils/formatting.rs | Added LogGroup utility for formatting test logs with optional GitHub Actions group support |
| mithril-test-lab/mithril-end-to-end/src/utils/mithril_command.rs | Refactored to use LogGroup for consistent log formatting |
| mithril-test-lab/mithril-end-to-end/src/end_to_end_spec.rs | Made update_protocol_parameters leader-only to prevent follower flakiness |
| mithril-common/src/messages/epoch_settings.rs | Made signer_registration_protocol_parameters optional and deprecated it along with cardano_transactions_signing_config |
| mithril-common/src/test/double/dummies.rs | Updated dummy implementation for optional signer_registration_protocol_parameters |
| mithril-aggregator/src/services/network_configuration_provider.rs | New file implementing LocalMithrilNetworkConfigurationProvider for leader aggregators |
| mithril-aggregator/src/services/epoch_service.rs | Reworked to use MithrilNetworkConfigurationProvider and consolidated epoch settings insertion into inform_epoch |
| mithril-aggregator/src/services/message.rs | Updated to handle optional deprecated fields in EpochSettingsMessage |
| mithril-aggregator/src/store/epoch_settings_storer.rs | Changed handle_discrepancies_at_startup to use MithrilNetworkConfiguration and store settings for work epoch window |
| mithril-aggregator/src/database/repository/epoch_settings_store.rs | Changed from insert or replace to insert or ignore to treat stored epoch settings as final |
| mithril-aggregator/src/database/query/epoch_settings/*.rs | Replaced UpdateEpochSettingsQuery with InsertOrIgnoreEpochSettingsQuery |
| mithril-aggregator/src/dependency_injection/builder/*.rs | Moved handle_discrepancies_at_startup to run after building ServeCommandDependenciesContainer and added network configuration provider building |
| mithril-aggregator/src/configuration.rs | Made protocol_parameters and cardano_transactions_signing_config optional with manual validation for leaders; added preload_security_parameter config |
| mithril-aggregator/src/runtime/*.rs | Removed update_epoch_settings calls from state machine |
| mithril-aggregator/src/entities/*.rs | Removed protocol parameters and signing config from LeaderAggregatorEpochSettings |
| mithril-aggregator/src/tools/single_signature_authenticator.rs | Enhanced error logging to include authentication failure reasons |
| mithril-aggregator/tests/*.rs | Updated integration tests to handle optional protocol parameters and simplified test setup |
| docs/website/root/manual/develop/nodes/mithril-aggregator.md | Added documentation for new preload_security_parameter configuration |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ) -> StdResult<AggregatorEpochSettings> { | ||
| Ok(AggregatorEpochSettings { | ||
| protocol_parameters: self.protocol_parameters().with_context( | ||
| || "Configuration `protocol_parameter` is mandatory for a Leader Aggregator", |
There was a problem hiding this comment.
Typo in the configuration field name: the error message refers to protocol_parameter (singular) but the actual field name is protocol_parameters (plural). This should be corrected to match the actual field name for clarity.
Suggested change
| || "Configuration `protocol_parameter` is mandatory for a Leader Aggregator", | |
| || "Configuration `protocol_parameters` is mandatory for a Leader Aggregator", |
Comment on lines
44
to
48
| /// call and the epoch service call. | ||
| async fn handle_discrepancies_at_startup( | ||
| &self, | ||
| current_epoch: Epoch, | ||
| epoch_settings_configuration: &AggregatorEpochSettings, | ||
| network_configuration: &MithrilNetworkConfiguration, | ||
| ) -> StdResult<()> { |
There was a problem hiding this comment.
The doc comment refers to "recording epoch window (-1, 0, +1)" but this appears to be incorrect based on the implementation. The code stores settings for three epochs:
signer_retrieval_epoch(current epoch - 1)current_epoch(epoch)recording_epoch(current epoch + 1)
This is actually epochs at offsets (-1, 0, +1) relative to the current epoch. The comment should be updated to clarify that these are relative to the network_configuration.epoch parameter, not a "recording epoch".
|
|
||
| use crate::database::record::EpochSettingsRecord; | ||
|
|
||
| /// Query to update [EpochSettingsRecord] in the sqlite database |
There was a problem hiding this comment.
The doc comment on line 7 states "Query to update [EpochSettingsRecord]" but this is actually an insert operation (insert or ignore), not an update. The comment should be corrected to "Query to insert [EpochSettingsRecord]" or "Query to insert [EpochSettingsRecord] if it doesn't exist".
Suggested change
| /// Query to update [EpochSettingsRecord] in the sqlite database | |
| /// Query to insert [EpochSettingsRecord] into the sqlite database if it doesn't exist |
| .cardano_transactions | ||
| .clone() | ||
| .ok_or(anyhow!( | ||
| "missing cardano transactions signing config for epoch {epoch}" |
There was a problem hiding this comment.
The error message format is inconsistent with others in the same file. Lines 307-309, 321-323, and 335-337 in epoch_service.rs all use the format "Missing cardano transactions signing config for <description> epoch {:?}" with debug formatting ({:?}), while this line uses "missing cardano transactions signing config for epoch {epoch}" with regular formatting and lowercase "missing". Consider using consistent capitalization and formatting across all related error messages.
Suggested change
| "missing cardano transactions signing config for epoch {epoch}" | |
| "Missing cardano transactions signing config for epoch {:?}", | |
| epoch |
Comment on lines
+132
to
+134
| /// | ||
| /// Note: `epoch_settings` store must have data for the inserted epochs, this should be done | ||
| /// automatically when building the [ServeCommandDependenciesContainer] by `handle_discrepancies_at_startup` |
There was a problem hiding this comment.
[nitpick] The method comment on lines 132-134 mentions that epoch_settings store must be filled beforehand by handle_discrepancies_at_startup, but this introduces a circular dependency in understanding: the test helper depends on handle_discrepancies being run first, but it's not clear from the code structure when/where that happens. Consider adding a reference to where handle_discrepancies_at_startup is called (in DependenciesBuilder::build_serve_dependencies_container) to make the dependency chain clearer.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Content
This PR includes a rework of the retrieval of the network configuration parameters in the
mithril-aggregatorin order to prepare their decentralization.Details
Mithril-aggregator
Changes on both leader and follower:
EpochServiceto use theMithrilNetworkConfigurationProvidersystem frominternal/mithril-protocol-configinform_epochnow fetch its current/next/registration AggregatorEpochSettings from the configuration providerupdate_epoch_settingsthat is run by the state machine after runninginform_new_epoch, it's now done withininform_epochright after retrieving the parameters from the configuration provider and at an offset of +1. This means that the parameters are now stored at the last moment right before their usage instead of ahead of time.insert or ignoreinstead of aninsert or replacewhen storing the epoch settings. Now stored epoch settings are considered final, that's why we moved the time of their insertion to right before their usage.handle_discrepancies_at_startupwith the aim of making it ready for decentralization:MithrilNetworkConfigurationProviderinstead of the aggregator configurationServeCommandDependenciesContainerinstead of after building the epoch setting store. This changes limits its call to theservecommand, previously other commands could call it even if they did not need it at all.protocol_parametersandcardano_transactions_signing_configare now options, but still mandatory for a leader aggregator (the missing configuration error is now handled manually instead of automatically by theconfigcrate)preload_security_parameterwith a default value of2160. Used to configure the transactions preloader instead of fetching the security parameter in thecardano_transactions_signing_configconfiguration.create_certificate_followerintegration test by making it check that the follower aggregator works without configuredprotocol_parametersServeCommandDependenciesContainer:epoch_settingstable, but only in thesignerandsigner_registrationtable. This means that theepoch_settingsmust have been filled beforehand (either by running handle discrepancies or manually).Leader aggregator specific:
LocalMithrilNetworkConfigurationProvider: aMithrilNetworkConfigurationProviderthat fetch its data first from theepoch_settingstable in the sqlite database, and if an entry is missing for an epoch, it fallback to the usual configuration parameters (protocol_parametersandcardano_transactions_signing_config)Follower aggregator specific:
mithril-protocol-config::http::HttpMithrilNetworkConfigurationProvideras its network configuration provider, fetching data from its configured leader aggregatorMithril-common & openapi
EpochSettingsMessage:signer_registration_protocolfield optional so future node won't fails when we remove itsigner_registration_protocolandcardano_transactions_signing_configfieldsMithril-end-to-end
update_protocol_parametersstep leader only. Now it doesn't matter for the follower since it retrieve its configuration from the leader and no longer read its configuration, and keeping it introduced a flakiness since sometimes the follower aggregator restarted before the leader could restart its http server, making the handle discrepancies of the follower fails (since it do a call to the configuration provider).::group::when running in github action. Disabled for now as there's an remaining issue to tackle first: when the e2e is retry the logs in those groups for the previous iteration are missing in the action output.Pre-submit checklist
Comments
There's a know issue for the updated
handle_discrepancies_at_startup: it run twice.This is because the
ServeCommandDependenciesContaineris also built twice, once for its purpose, a second time for the http server.This is harmless as this will record twice the same epoch settings and the second recording will be ignored, but we should probably construct a
HttpServerDependenciesContainerinstead of reusing the one of the serve command.Issue(s)
Relates to #2692