Features:

e7b16eab4
Increased DYNAMIC_DELAY_MAX_NON_RANK_0_BLOCKS from 5 to 10. With the threshold increased, the additional delay for higher-ranked proposals will trigger less frequently, allowing non-rank-0 blocks to proceed more often without the dynamic delay penalty.

e3c408cd0
Currently, only small ingress messages are pushed directly, while larger ones require an advert and request, adding latency. Expanding direct message pushing could reduce this delay and improve validation efficiency, though it may occasionally increase bandwidth use for unnecessary messages. So is_latency_sensitive is set to true to activate.

c5e9e2af1
This change is in combination with commit e3c408cd0. The refresh_period in the ConsensusBouncer struct defines how frequently the bouncer function checks the pool to identify unnecessary or expired ingress messages. Setting this period to 1 second means the function will check for these messages every second, allowing it to quickly identify and discard expired or unnecessary messages.

237990ccb
Checks for ingress_expiry in Query and ReadState requests when the sender is not anonymous, enhancing validation of expiration times for non-anonymous users.

161b12ce8
derivation path handling through the DerivationIndex and DerivationPath structures, allowing for BIP32-style key derivation in PrivateKey and PublicKey with derive_subkey and derive_subkey_with_chain_code methods. ckd and ckd_pub helper functions to support key derivation along a path, providing SLIP-10-compatible hierarchical deterministic key generation.

d361dd692
Substantial increases in cycle fees across multiple configurations and test files, including UNIVERSAL_CANISTER_CYCLE_MARGIN and various execution fees for operations like update_message_execution_fee and ten_update_instructions_execution_fee. This got discussed at length on the forum FEES$$$.

Message Base Fee: Increasing from 590K cycles to 5M cycles.
Instruction Fee: Increasing from 0.4 cycles to 1 cycle per instruction.

canister_creation_fee stayed the same at 100_000_000_000 even though blog mentions increase.

74751adc0
By skipping the per-canister overhead deduction when total_instructions_used is zero, the system avoids unnecessary overhead for canisters that lack sufficient cycles. Matches description.

71f3b769c
Tracking the ReplicaVersion in various components of the Internet Computer’s execution and scheduling processes. This includes updating structs like Batch to store the replica_version and modifying test utilities and test builders to account for this new field.

b29e83ac7
Enables allowed_viewers for canister log visibility.

3006ab867
Introduce memory-based eviction thresholds for sandbox processes by adding a max_sandboxes_rss limit to manage memory usage, in addition to the existing process count thresholds. The evict_sandbox_processes function and associated sandbox stats are now enhanced to track and handle memory usage per sandbox, with new logic to determine when to evict based on combined RSS limits. Additionally, default values for max_sandbox_count and max_sandboxes_rss are increased.

39f67a628
These are the fun VetKey changes for end to end encryption on the IC. This is the start and more changes are to come. This code introduces a preliminary structure to integrate vetKD (vetKeys) by adding a new variant, VetKd, to the MasterPublicKeyId type used in registry configurations and management canister types. It updates KeyConfig, ChainKeyConfig, and relevant APIs, enabling future support.

0515bc380
The goal of this change is to phase out older certification versions, beginning with setting the minimum supported version to V17, as a step toward simplifying and aligning with the new messaging model.

fa22c9fa9
This change sets a limit on the number of messages that can be inducted in a stream slice to ensure it doesn’t exceed a specified maximum, by calculating an upper bound based on stream indices and halting message induction when that bound is reached.

ac6c9d1e5
More realistic 10,000 limit for handling stream messages, accounting for actual bottlenecks and practical usage patterns.

8c2e0c98e
This change got introduced in a prev proposal but then got reverted. This commit introduces the change again to enable H/2 support for outcalls.

993fc8586
Custom metrics_tool service to the system. This tool collects specific metrics, such as TLB shootdowns, writes them in Prometheus format, and integrates them into the monitoring system by generating metrics files compatible with node_exporter. Metrics collection every minute.

Bugfixes:

f306fcb8c
Adds tracking of an additional metric, certification_share_height, by including it in NodeMetrics and parsing it from lines labeled with artifact_pool_certification_height_stat{pool_type="validated",stat="max",type="certification_share"}.

3d590ec5a
Use synchronous RwLock operations across several modules, simplifying the handling of shared state by replacing tokio::RwLock with std::sync::RwLock. This matches the description. Removes async locks.
e70f04d9f
UX changes to enter key

55297ccfd
Field fix to match spec.

ec12a4eea
Increase MAX_HEADER_LIST_SIZE because it broke sending of headers greater than 16KB. This fixes that.

218fdbcaa
Reverts the idle changes from commit 52bc5275e.

52bc5275e
Allows the adapter to remain idle until activity is detected, thus reducing resource usage when no new events are received.

b56d5e1ba
AdapterState to use a watch channel, allowing it to track the time of the last received request asynchronously and avoid panics on MacOS related to time calculations. This update introduces two new asynchronous methods, idle and active, that leverage the watch channel to monitor and manage adapter idle and active states based on the idle_seconds threshold. The improvement is a more responsive idle-state management system, allowing the adapter to efficiently await activity and transition in and out of idle mode without unnecessary delays.

582ce51a6
Detailed error context message in the get_ipmi_mac function for failed ipmitool executions, capturing the status and standard error output to aid debugging if parsing the IPMI LAN MAC address fails.

677aa6862
Update thiserror

7be43416d
Update typenum

53f97714f
rustix patch to fix determinism issues

dac2f36f9
Stricter matching criteria for filtering IPv6 addresses.

361d09aeb
Improve perf by adding timing measurements to the tool, specifically by recording and printing the total elapsed time in milliseconds, from the start to the end of processing.

3753b4388
Updates the IPv6 network configuration by modifying the ipv6_prefix and ipv6_gateway values to a new subnet, adjusting them from 2a00:fb01:400:200 to 2a00:fb01:400:44.

Chores:

80dc25b52
Change relates to commit chore(consensus): move notary related functions from consensus_utils crate to notary.rs in consensus crate (#2310). It relocates notary-related functions from the consensus_utils crate directly into the notary.rs file within the consensus crate, effectively consolidating notary logic into a more specific module and reducing dependencies on consensus_utils.

d3cfffac1
Addition of a PerTypeMetrics struct, which tracks the minimum, maximum, and count metrics for both certification and certification share artifacts. These metrics are integrated into the PoolMetrics struct, allowing for enhanced observability of certification pool states.

4f7cebee1
Remove the current_replica_version parameter from several functions in the consensus modules, instead using the replica_version directly obtained from the Block structure. This refactor reduces redundancy by accessing the version dynamically within each function.

10150fb34
Renaming persistent_pool to validated throughout the code, emphasizing that the pool stores only validated certification data.

c5e6242f5
Remove the #![allow(clippy::unwrap_used)] directive from various test files, ensuring that unwrapping operations are avoided where possible for better error handling practices. clippy.toml file is modified to allow expect and unwrap in tests.

4899bba2c
Upgrade tower dependency from version 0.4.13 to 0.5.1 and tower-http from 0.5.2 to 0.6.1, along with adjustments to dependencies and configurations to align with these versions. Mutex and RwLock, are now used directly instead of tower::buffer::Buffer wrappers in several places.

54f0fae1c
Add #![allow(clippy::disallowed_types)] to multiple modules to suppress specific Clippy lint warnings related to the use of discouraged types, particularly asynchronous locks like tokio::sync::Mutex and tokio::sync::RwLock.

c84916512
remove_inmemory_states_below function now accepts an additional parameter, extra_heights_to_keep, allowing specific states to be retained even if they are below the standard height threshold. The goal is to optimize memory usage by discarding in-memory states more promptly at checkpointed heights, while selectively retaining necessary states for current CUP creation and validation.

619190192
Bump rules_rust-v0.53.0

35a25eaf6
Update of the proc-macro2 dependency from version 1.0.88 to 1.0.89 across multiple entries in the dependency files, updating the corresponding checksum for integrity verification. URLs associated with the proc-macro2 package download have been updated to match the new version reference.

7dede601c
Enhancement of the eval_command_with_retries function in the updated script, which now captures and logs additional diagnostic information (such as the output of ip -6 addr show, ip -6 route show, and configured DNS servers) when a command fails after multiple retries.

60ce9d351
Revert for remove existing certificates

36cbd803b
Update base image refs