CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these topics and Synapse on most other topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron and KongSwap with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these topics and Synapse on most other topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron and KongSwap with a known neuron and credible Followees.

Learn more about CodeGov and it’s mission at codegov.org.

Features:

8c82f7f0c
New parameter auto_retry is introduced to control whether rsync retries should happen automatically or only when a user explicitly confirms (in interactive mode).

In non-interactive scenarios, the system will retry rsync failures a few times, waiting briefly between attempts before ultimately failing with a new RsyncFailed error if it never succeeds.

4fe73d512
New UploadMethod type that can either be local or a remote IPv6 address. This allows the recovery process to skip uploading large data if it’s already running on the node itself, saving time and bandwidth.

f5786ca2c
New VetKdKeyShare type within the IDkg system, extending support for vetKD shares. Update the artifact pool, consensus, and proto definitions to handle this new variant in the same way as existing ECDSA and Schnorr shares. By adding the VetKdKeyShare message type, new error variants, and relevant methods, the code can now store, transmit, and process vetKD key shares.

2aee5555e
Add a new create_encrypted_vetkd_key_share method and associated data structures (VetKdEncryptedKeyShareContent) to support verifiable threshold key derivation (vetKD). They enable CSP vault implementations (both local and remote) to generate, store, and retrieve vetKD shares using a BLS12-381–based scheme. The code also introduces new error types and updates domain separators for hashing to ensure proper handling and validation of vetKD key shares.

dee4fe020
Add the ability to open and create execution states from compiled Wasm modules stored in files, rather than just in-memory buffers. They introduce new RPC calls (open_wasm_via_file and create_execution_state_via_file) that pass file descriptors into the sandbox, where the sandbox can directly mmap the serialized Wasm for deserialization and instantiation. By handling modules via file descriptors, the code enables on-disk caching of compiled Wasm artifacts, which can reduce memory usage and improve startup performance for larger Wasm binaries.

a3d5146cb
New ic0_mint_cycles128 system call that supports minting more cycles than can fit in a 64-bit integer. Instead of returning a u64, the code now stores the minted amount in a 128-bit representation, which allows for much larger cycle values and avoids overflow. The cycles account manager and the system API track the actually minted cycles. This reverts the revert so that the feature is once again live.

ef3e16a22
Upgrade the ipnet crate to version 2.10.1 with serde support and expand the boundary node’s rate-limiting logic to handle IP prefixes. They introduce a new “sharded” ratelimiter, allowing the system to maintain per-prefix or per-IP rate-limit buckets without storing a separate bucket for every unique address. The RateLimitRule now includes ip and ip_prefix_group fields, enabling more granular control (pass/block/limit) based on IP subnets.

6ab4bec6f
Consolidate the old canister_client crate into a new rate-limiting-canister-client crate, renaming it and updating the dependencies accordingly. Instead of containing numerous example calls, the new crate offers a single command-line tool that reads rate-limit rules from a YAML file and submits them to a canister via submit_config.

4c775dbb9
New optional wasm_memory_threshold field to canister settings across various NNS and SNS modules. Everywhere wasm_memory_limit is tracked, this new field is now similarly stored, serialized, and passed through update/set operations.

b006ae993
Continued migration of ledger approvals to stable structures, allowing the ledger to store allowances in stable memory. The older “arrivals” mechanism and trimming logic are removed, simplifying how approvals are tracked and expiring them solely by expires_at. A multi-step migration process is introduced for large ledgers, so the canister can gradually move existing allowance data into stable storage without exceeding instruction limits.

6015778e4
Rewrote schema version 1 to implement serde parser for Action which now includes to_bytes_yaml and from_bytes_yaml.

New struct CanisterConfigFetcher that fetches and validates rate-limit rules from either a file or a canister.

52e0faca2
Updates on_synced_checkpoint to check weather a snapshot and its metadata for the given height already exist, and if so, it skips re-inserting them, avoiding duplication.

It now differentiates which states should be kept as checkpoints and which should be retained in memory (based on the certified height and any extra heights to keep), rather than lumping them all into a single “heights_to_keep” set, so that checkpoints and in-memory states are managed independently.

c0132ba51
New optional node_reward_type field in the node configuration logic, allowing a user to specify a reward type (e.g. “type3.1”) for a node. The generate-ic-config.sh script now supports a -r argument to set this field and performs relevant template substitutions.

c44f6612a
These changes add two new directives, LogLevelMax=1 and SyslogLevel=2, to each of the listed systemd unit files. The purpose is to disable (or significantly reduce) the logging of start and stop messages from systemd. By keeping LogLevelMax at 1 and SyslogLevel at 2, the units minimize their verbosity in the system journal.

Bugfixes:

da448e8ca
Temporarily increase CUP bounds to reduce noisy alert let cups = 2 + e / k + 1.

215903692
Instead of computing how much memory remains by subtracting stable memory from the canister’s memory allocation, the calculation is done based on overall canister memory usage (excluding Wasm memory).

c7ce2309c
Adds new arg env to spawn_socketed_process. Then disables the capturing in the sandbox by setting the RUST_LIB_BACKTRACE env variable.

5f9c28b3e
Previously, push_input returned a simple success or error for message induction, but the code now returns Result<bool, (StateError, RequestOrResponse)>.

The new boolean signals whether the message was truly enqueued (Ok(true)) or was a best-effort response that got silently dropped (Ok(false)).

By adding a bool, the logic distinguishes fully successful inductions, silent drops, and genuine errors in message handling.

03a9b37a0
Matches description of accepting variable length account identifier in account_balance query.

b1f4339d4
All occurrences of length: usize have been changed to length: u64 to ensure the ledger can handle large requests without risking 32-bit overflow.

dfc381085
Modifies get_certified_chain_tip to get certificate from icrc3_get_tip_certificate.

e369646b7
Removes explicit edition = "2021" lines from various Bazel BUILD.bazel files

3e1c367b2
It introduces a separate timing phase (PHASE_TIME_OUT_CALLBACKS) to measure how long it takes to time out callbacks, separating it from the existing phase that times out messages, so that metrics for these two operations can be tracked and reported independently.

a68611e93
New is_best_effort check for responses to identify them by their non-zero deadline. When such responses cannot be delivered they are quietly discarded with no critical error triggered.

5716305a5
Matches description disable hashes in blocks feature.

226870df4
Add a counter peers_removed_total that gets incremented when an active connection is removed, ensuring the code now tracks the number of removed peer connections in addition to the existing metrics.

57205e924
Moved the CLI logic into its own cli.rs module and stopped referencing clap from the library code. Updated the relevant source files so the shared library no longer handles command-line parsing.

235d88fd1
Matches description adjust timeouts and add static asserts.

390eb4fb8
Removed the specialized functions for first and second systemd sockets, consolidating them into a single, parameterized function incoming_from_nth_systemd_socket that takes an index argument.

bc83b42ae
Matches description fix update-config when reward.conf does not exist.

e9ff67e25
Add check in the guest/host OS config update code that, if an existing config.json has its environment set to Testnet, it won’t overwrite it. Add a deployment_environment argument in the “setupos-inject-configuration” tool so the deployment name can be set to, for instance, “Testnet.”

9064779bd
Matches description add node reward type update-config parsing.

209a613ea
Update ic-bn-lib rev.

12775d559
Matches description silence libunwind denials and allow systemd NoNewPrivileges for fstrim_tool.

c25680c49
Fix setupos networking dependency

Chores:

cb47e5b0f
Adds new method sign_message_with_bip341_no_rng and test supporting context.schnorr.

2b5243dce
Replace the older thread::spawn calls with std::thread::Builder::new().name(...) so that each thread in the sandbox is labeled with a descriptive name. That way, logs, stack traces, and debugging tools can more clearly distinguish which threads belong to which part of the canister sandbox.

4dac910f1
Upgrades wasmtime to version 27

65cc20dd0
Increase DEFAULT_MAX_SANDBOX_COUNT to 7_000

4b40553b9
Rename and relocate the ic_async_utils crate, moving it from rs/async_utils to rs/http_endpoints/async_utils, and updating all references in Cargo.toml and Bazel build files accordingly.

7d1825b54
e2e benchmark no longer manipulates the full BlockchainState (adding blocks, etc.), and now simply deals with block headers/forks. start_grpc_server has been refactored to create its own GetSuccessorsHandler using an Arc<Mutex<BlockchainState>>, rather than taking a GetSuccessorsHandler directly.

96861bb86
Quic Transport connection manager is the streamlined handling of connection events by separating successful and failed connection outcomes more explicitly, particularly for inbound and outbound connections.

f42fe638d
Matches description remove legacy mercury.dfinity.systems logging targets.

0f35ac817
Renaming and reorganizing the code. They remove some older functions and streamline the approach for testing IPv6 connectivity.

66f6970a0
Upgrades crates (e.g., bytes, http, tokio, and tokio-metrics).

718723bc5
Update base container image references

baaf25694
Update base container image references

7e8aba748
Update base container image references

a5ee88c56
Update base container image references

c0e353c7c
Update base container image references

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these topics and Synapse on most other topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron and KongSwap with a known neuron and credible Followees.

Learn more about CodeGov and it’s mission at codegov.org.

Features

• 8c82f7f0c
  Summary: Allow skipping nodes during certification downloads
  Notes: Certifications are downloaded and merged for all the nodes in the subnet however due to connectivity issue at times certain nodes may not be able to download the certifications in that case we must skip those nodes.
  Review: Code changes matches the commit message.

• 4fe73d512
  Summary: Avoid rsync on state uploads during local recoveries
  Notes: When performing recoveries on the admin node with this new change we avoid costly data transfer state. Majority of the changes are in steps.rs file. No major changes from operations side.
  Review: Code changes matches the commit message.

• f5786ca2c
  Summary: Implement a stubbed VetKd client as part of the IDKG signer
  Notes: Implements vetKD protocol by extending ThresholdSigner component which already drives tSchnorr and tECDSA protocols. These protocols are very similar so combining them avoids implementation of new client and artifact pool for VetKd protocol.
  Downsides of using this approach:
  A. pointless transition of VetKdContext → ThresholdSigInputsRef → ThresholdSigInputs as there are no pre-signature references that would need to be resolved in Vetkd.
  B. VetKd shares the same thread as IDKG and ECDSA/Schnorr signature generation.
  Review: Code changes matches the commit message.

• 2aee5555e
  Summary: add vault method to create vetKD key share
  Notes: Introduces a new trait VetKdCspVault, which includes the method create_encrypted_vetkd_key_share. This trait is implemented for both the local and remote crypto vaults.
  Additionally, modifies the type of VetKdEncryptedKeyShare::encrypted_key_share from Vec<u8> to a newly defined type, VetKdEncryptedKeyShareContent. This new type is returned by the create_encrypted_vetkd_key_share method of the VetKdCspVault trait. By transitioning to this type, it becomes possible to implement the DomainSeparator trait for it. This change lays the groundwork for leveraging the default infrastructure to sign instances of VetKdEncryptedKeyShareContent in future implementations.
  Review: Code changes matches the commit message.

• 4fe73d512
  Summary: Pass SerializedModule via file descriptor
  Notes: Enhances the sandbox IPC to support passing SerializedModules from the CompilationCache using a file descriptor, instead of serializing the data. However, this functionality is not activated in this update, as the cache continues to operate in “memory” mode rather than “disk” mode.
  Future updates will introduce features to limit the cache size on disk and leverage the new Wasmtime option to directly map the file. These improvements will be implemented before the feature becomes fully enabled.
  Review: Code changes matches the commit message.

• a3d5146cb
  Summary: Add mint_cycles128 API
  Notes: This PR reverts #3125
  Review: Code changes matches the commit message.

• ef3e16a22
  Summary: ic-boundary: add ip filter and ip prefix grouping to generic ratelimiter
  Notes: Adds the following fields to the RateLimitRule schema:

  ip: 10.1.1.0/24
  ip_prefix_group:
    v4: 24
    v6: 64
  

  updates ipnet version from 2.8.0 to 2.10.1
  Review: Code changes matches the commit message.

• 6ab4bec6f
  Summary: client facilitating the submission of rate-limiting rules
  Notes: Pushes new config to the rate limiting canister if it is authorized.
  Review: Code changes matches the commit message.

• 4c775dbb9
  Summary: Add wasm_memory_threshold to ProposeToUpdateCanisterSettingsCmd
  Notes: Added wasm_memory_threshold to the NNS so that users can update it’s value using NNS proposals to support on_low_wasm_memory hook. wasm_memory_threshold is also added to canister settings to canisters in IC repository.
  Review: Code changes matches the commit message.

• b006ae993
  Summary: Implement V3 for ICP ledger - migrate allowances to stable structures
  Notes: updates to ICP ledger migrating approvals and expirations to stable memory.
  Review: Code changes matches the commit message.

• 6015778e4
  Summary: Add rate-limiting canister client to ic-boundary
  Notes: Refactors the rate limit API schema to accommodate all requirements for ic-boundary, including moving of rule tests to this module and the addition of a Bazel test target.
  Refactors the generic rate limiter to utilize objects defined in the API and trait-based objects for fetching rules. This enables loading rules from file or a canister.
  Review: Code changes matches the commit message.

• 52e0faca2
  Summary: More eagerly remove replicated state at checkpoint heights
  Notes: remove_inmemory_states_below can now safely remove in-memory states at previous check point heights. For this we have separated checkpoints_to_keep and
  inmemory_states_keep in remove_states_below_impl.
  Review: Code changes matches the commit message.

• c0132ba51
  Summary: Add node_reward_type field to AddNodePayload and node config
  Notes: node_reward_type field is added to node configuration and
  AddNodePayload structures.
  Review: Code changes matches the commit message.

• c44f6612a
  Summary: Disable start/stop logs for timers
  Notes: Default log level is set to above the max filter to reduce noisy logs such as starting and finished logs for timer units.
  Review: Code changes matches the commit message.

Bugfixes

• da448e8ca
  Summary: Temporarily increase CUP bounds to reduce noisy alert
  Notes: Lagging nodes are creating alerts because of cpu bound violation, This PR temporarily increases the cpu count by 1 to avoid noisy alert messages until a more permanent fix in introduced.
  Review: Code changes matches the commit message.

• da448e8ca
  Summary: Use memory_usage instead of stable_memory_usage in calculation for checking on_low_wasm_memory_hook
  Notes: uses current_usage instead of stable_memory_usage when calculating for on_low_wasm_memory hook since stable_memory_usage does not include all components of memory usage.
  Review: Code changes matches the commit message.

• c7ce2309c
  Summary: Disable anyhow backtraces in sandbox
  Notes: RUST_LIB_BACKTRACE environment variable is set to 0 to disable anyhow backtraces.
  Review: Code changes matches the commit message.

• 5f9c28b3e
  Summary: Record ‘dropped’ status for silently dropped best-effort responses
  Notes: returns Ok(true) when pushing the item in push_input() if it was successfully queued otherwise if it was silently dropped push_input() method returns Ok(false).
  Review: Code changes matches the commit message.

• 03a9b37a0
  Summary: Accept variable length account identifier in account_balance query
  Notes: Accepts byte array of variable length as input in the account_balance query endpoint of the ICP ledger.
  Review: Code changes matches the commit message.

• b1f4339d4
  Summary: Change length type in GetBlocksArgs
  Notes: Changes the length field in GetBlocksArgs from usize to u64.
  Review: Code changes matches the commit message.

• dfc381085
  Summary: changed certificate version
  Notes: uses icrc3 certificate endpoint for icrc1 agent library.
  Review: Code changes matches the commit message.

• e369646b7
  Summary: Use default rust edition instead of specifying it in the BUILD rules
  Notes: removes edition = "2021" from bazel files to avoid defining rust edition in bazel files and instead uses default rust edition.
  Review: Code changes matches the commit message.

• 3e1c367b2
  Summary: Correctly set best_effort_message_memory_capacity
  Notes: Bugfixes to correctly set best_effort_message_memory_capacity
  Review: Code changes matches the commit message.

• a68611e93
  Summary: Add exceptions for edge cases for best effort responses
  Notes: Avoids raising errors for best effort responses when the second message might arrive late and in the meantime the canister might have stopped or removed which might have raised errors otherwise.
  Review: Code changes matches the commit message.

• 5716305a5
  Summary: disable hashes in blocks feature
  Notes: HASHES_IN_BLOCKS_FEATURE_ENABLED feature flag is set to false.
  Review: Code changes matches the commit message.

• 226870df4
  Summary: have single place where we remove the peer from the peer map
  Notes: Since we want to keep peer map in sync with the active connection joinmap we modify the connection manager to only remove peers from peer map in a single place.
  Review: Code changes matches the commit message.

• 57205e924
  Summary: properly separate library from binary for the https_outcalls adapter
  Notes: Separates libraries from the binary for https_outcalls adapter.
  Review: Code changes matches the commit message.

• 235d88fd1
  Summary: adjust timeouts and add static asserts
  Notes: Increases CONNECT_RETRY_BACKOFF from 3 to 5 and adds static const_assert.
  Review: Code changes matches the commit message.

• 390eb4fb8
  Summary: Use futures::Stream and remove redundant functions in rs/async_utils
  Notes: Removes incoming_from_first_systemd_socket and incoming_from_second_systemd_socket and instead uses incoming_from_nth_systemd_socket which can take in nth integer like incoming_from_nth_systemd_socket(1)
  Review: Code changes matches the commit message.

• bc83b42ae
  Summary: fix update-config when reward.conf does not exist
  Notes: Adds the following check to handle the case where reward.conf does not exist on the
  config partition.

  if !reward_conf_path.exists() {
            return Ok(None);
        }
  

Review: Code changes matches the commit message.

• e9ff67e25
  Summary: update-config in testnet environment
  Notes: updates update-config to prevent overwriting test configurations and support empty hostnames.
  Review: Code changes matches the commit message.

• 9064779bd
  Summary: Add node reward type update-config parsing
  Notes: Add node_reward_type to update-config.
  Review: Code changes matches the commit message.

• 9064779bd
  Summary: Add node reward type update-config parsing
  Notes: Add node_reward_type to update-config.
  Review: Code changes matches the commit message.

• 209a613ea
  Summary: ic-boundary caching
  Notes: Fixes caching issue by pulling updated ic-bn-lib version.
  Review: Code changes matches the commit message.

• 12775d559
  Summary: silence libunwind denials and allow systemd NoNewPrivileges for fstrim_tool
  Notes: Temporary change to silence libunwind-related SELinux denials until RUST_LIB_BACKTRACE=0 is rolled out and reduces the noise.
  Review: Code changes matches the commit message.

• c25680c49
  Summary: setupos networking dependency
  Notes: Updates to make sure that setupos.service depends on
  systemd-networkd-wait-online.service to prevent timing issue where
  setupos.service runs before the networking has been set up.
  Review: Code changes matches the commit message.

Performance improvements

• c25680c49
  Summary: Put canister queues behind Arcs
  Notes: Updates to put canister queues behind Arcs to reduce the cost of cloning unmutated canister queues this significantly reduced message execution time.
  Review: Code changes matches the commit message.

Chores

• cb47e5b0f
  Summary: Add support for Schnorr aux input to state machine tests
  Notes: sign_message_with_bip341_no_rng method added to sign a message with BIP340/BIP341 Schnorr with Taproot derivation.
  Review: Code changes matches the commit message.

• 2b5243dce
  Summary: Name canister sandbox reader threads
  Notes: assign names to canister sandbox reader thread so that the cpu profiles are not confusing and can be differentiated.
  Review: Code changes matches the commit message.

• 4dac910f1
  Summary: Upgrade wasmtime to 27.0.0
  Notes: upgrades wasmtime from 26.0.0 to 27.0.0
  Review: Code changes matches the commit message.

• 65cc20dd0
  Summary: Increase max number of sandboxes to 7k
  Notes: Increases DEFAULT_MAX_SANDBOX_COUNT from 5_000 to 7_000.
  Review: Code changes matches the commit message.

• 4b40553b9
  Summary: move async_utils
  Notes: Moves async_utils from rs to rs/http_endpoints
  Review: Code changes matches the commit message.

• 7d1825b54
  Summary: the adapter lib should expose just a simple function that starts the server
  Notes: Moves GetSuccessorsHandler inside start_grpc_server to make it easier to start the server just by calling one simple function.
  Review: Code changes matches the commit message.

• 96861bb86
  Summary: Streamline error handling when a connection or connection attempt fails
  Notes: Updates in ConnectionManager to streamline error handling for failed inbound and outbound connections.
  Review: Code changes matches the commit message.

• f42fe638d
  Summary: Remove legacy mercury.dfinity.systems logging targets
  Notes: Removes logs for *.mercury.dfinity.systems machines since they have been decommissioned for over a year and they only cause spam entries in the system logs.
  Review: Code changes matches the commit message.

• 0f35ac817
  Summary: networking touch-ups
  Notes: Small updates and refactoring to the networking code.
  Review: Code changes matches the commit message.

• 66f6970a0
  Summary: upgrade crates
  Notes: Upgrades bunch of dependencies version.
  Review: Code changes matches the commit message.

• 718723bc5
  Summary: Update Base Image Refs [2025-01-02-0807]
  Notes: Updates ic-os container image references.
  Review: Code changes matches the commit message.

• baaf25694
  Summary: Update Base Image Refs [2024-12-26-0807]
  Notes: Updates ic-os container image references.
  Review: Code changes matches the commit message.

• 7e8aba748
  Summary: Update Base Image Refs [2024-12-19-0807]
  Notes: Updates ic-os container image references.
  Review: Code changes matches the commit message.

• a5ee88c56
  Summary: Update Base Image Refs [2024-12-17-0145]
  Notes: Updates ic-os container image references.
  Review: Code changes matches the commit message.

• c0e353c7c
  Summary: Update Base Image Refs [2024-12-12-0807]
  Notes: Updates ic-os container image references.
  Review: Code changes matches the commit message.

Refactoring

• f9c4fb832
  Summary: Update README.adoc and metrics
  Notes: Updates the README.adoc file in quic_transport and some minor updates/changes in metrics.rs file.
  Review: Code changes matches the commit message.

Tests

• 50fee78b4
  Summary: Test some bench targets
  Notes: Updates to auto generate benchmark tests corresponding to test targets ensuring their execution on each pipeline run.
  Review: Code changes matches the commit message.

• 299bdc559
  Summary: Cover monitor and evict thread with tests
  Notes: Adds test cases for monitor and evict thread, a fixed revert of #3133
  Review: Code changes matches the commit message.

• 91dd6b3f0
  Summary: Cover monitor and evict thread with tests
  Notes: Adds test cases for monitor and evict thread.
  Review: Code changes matches the commit message.

Other changes

• 5da8abf3c
  Summary: test: Cover monitor and evict thread with tests
  Notes: Reverts #3133 since build failed on master on intel darwin.
  Review: Code changes matches the commit message.

Features

1. 8c82f7f0c
   Summary: Allow skipping nodes during certification downloads.
   Notes: Improved consensus recovery by allowing manual skipping of problematic nodes during certification downloads in interactive mode to handle connection issues.
   Review: The description matches the code changes.

2. 4fe73d512b
   Summary: Avoid rsync on state uploads during local recoveries.
   Notes: Optimized local recovery by avoiding costly resync of the entire state, making the process more efficient.
   Review: The description matches the code changes.

3. f5786ca2c
   Summary: Implement a stubbed VetKd client as part of the IDKG signer.
   Notes: Implemented a stubbed VetKd client for the IDKG signer, with further work needed on ThresholdSigInputs and IDkgMessageId::VetKdKeyShare.
   Review: The description matches the code changes.

4. 2aee5555e
   Summary: add vault method to create vetKD key share.
   Notes: Added a vault method to create VetKD key shares within the Crypto module.
   Review: The description matches the code changes.

5. dee4fe020
   Summary: Pass SerializedModule via file descriptor.
   Notes: Improved sandbox IPC by enabling passing SerializedModules via file descriptor, with future plans to optimize cache size on disk.
   Review: The description matches the code changes.

6. a3d5146cb
   Summary: Add mint_cycles128 API.
   Notes: Reintroduced the mint_cycles128 API, which was previously reverted due to test failures.
   Review: The description matches the code changes.

7. ef3e16a22
   Summary: add ip filter and ip prefix grouping to generic ratelimiter.
   Notes: Enhanced boundary node rate limiting by adding IP filtering and IP prefix grouping to the generic rate limiter, enabling more flexible and granular rate limiting rules.
   Review: The description matches the code changes.

8. 6ab4bec6f
   Summary: client facilitating the submission of rate-limiting rules.
   Notes: Implemented a client-side mechanism for submitting rate-limiting rules to the canister, allowing only authorized identities to do so.
   Review: The description matches the code changes.

9. 4c775dbb9
   Summary: Add wasm_memory_threshold to ProposeToUpdateCanisterSettingsCmd.
   Notes: Added the wasm_memory_threshold field to the NNS, which will be used to support the on_low_wasm_memory hook in the future.
   Review: The description matches the code changes.

10. b006ae993
    Summary: Implement V3 for ICP ledger - migrate allowances to stable structures.
    Notes: Improved ICP ledger performance by migrating all approvals and their expiration dates to stable memory in batches.
    Review: The description matches the code changes.

11. 6015778e4
    Summary: Add rate-limiting canister client to ic-boundary.
    Notes: Enhanced the ic-boundary node with a new rate-limiting API, allowing configuration to be read from a generic file or the rate-limiting canister.
    Review: The description matches the code changes.

12. 52e0faca2
    Summary: More eagerly remove replicated state at checkpoint heights.
    Notes: Improved state management by more eagerly removing replicated state at checkpoint heights.
    Review: The description matches the code changes.

13. c0132ba51
    Summary: Add node_reward_type field to AddNodePayload and node config.
    Notes: Added the node_reward_type field to the node configuration, allowing for more flexible reward configurations beyond the default type 3.1.
    Review: The description matches the code changes.

14. c44f6612a
    Summary: Disable start/stop logs for timers.
    Notes: Reduced log noise by disabling start/stop logs for timers by default.
    Review: The description matches the code changes.

Bugfixes:

1. da448e8ca
   Summary : Temporarily increase CUP bounds to reduce noisy alert.
   Notes: Temporarily increased CPU bounds to reduce noisy alerts in the consensus module, pending a permanent fix.
   Review: The description matches the code changes.

2. 215903692
   Summary : Use memory_usage instead of stable_memory_usage in calculation for checking on_low_wasm_memory_hook.
   Notes: Corrected the on_low_wasm_memory_hook to use memory_usage instead of stable_memory_usage for accurate memory usage checks.
   Review: The description matches the code changes.

3. c7ce2309c
   Summary: Disable anyhow backtraces in sandbox.
   Notes: Disabled anyhow backtraces in the sandbox to improve performance and reduce overhead.
   Review: The description matches the code changes.

4. 5f9c28b3e
   Summary: Record ‘dropped’ status for silently dropped best-effort responses.
   Notes: Improved message routing by recording the “dropped” status for silently dropped best-effort responses.
   Review: The description matches the code changes.

5. 03a9b37a0
   Summary: Accept variable length account identifier in account_balance query.
   Notes: Fixed the ICP ledger to accept variable-length account identifiers in the account_balance query.
   Review: The description matches the code changes.

6. b1f4339d4
   Summary: Change length type in GetBlocksArgs.
   Notes: Updated the GetBlocksArgs structure in the ICP ledger by changing the length field type from usize to u64 to maintain compatibility.
   Review: The description matches the code changes.

7. dfc381085
   Summary : changed certificate version.
   Notes: Updated the certificate version in the ledger canister to load data certificates from agent.icrc3_get_tip_certificate instead of agent.get_data_certificate().
   Review: The description matches the code changes.

8. e369646b7
   Summary: Use default rust edition instead of specifying it in the BUILD rules.
   Notes: Removed the explicit Rust edition specification in BUILD rules, allowing the use of the default Rust edition.
   Review: The description matches the code changes.

9. 3e1c367b2
   Summary: Correctly set best_effort_message_memory_capacity.
   Notes: Corrected the setting of best_effort_message_memory_capacity in message routing to use the correct configuration value.
   Review: The description matches the code changes.

10. a68611e93
    Summary: Add exceptions for edge cases for best effort responses.
    Notes: Added exceptions for expected edge cases in best-effort response handling to prevent unnecessary critical errors.
    Review: The description matches the code changes.

11. 5716305a5
    Summary: disable hashes in blocks feature.
    Notes: Temporarily disabled the “hashes in blocks” feature due to issues in the current implementation.
    Review: The description matches the code changes.

12. 226870df4
    Summary: have single place where we remove the peer from the peer map.
    Notes: Improved peer management by removing peers from the peer map in a single, consistent location.
    Review: The description matches the code changes.

13. 57205e924
    Summary: properly separate library from binary for the https_outcalls adapter.
    Notes: Improved the https_outcalls_adapter by separating the library from the binary.
    Review: The description matches the code changes.

14. 235d88fd
    Summary: adjust timeouts and add static asserts.
    Notes: Adjusted connection retry backoff timeouts and added static asserts to ensure the correctness of constants.
    Review: The description matches the code changes.

15. 390eb4fb8
    Summary: Use futures::Stream and remove redundant functions in rs/async_utils.
    Notes: Updated the rs/async_utils module to use futures::Stream and removed redundant functions.
    Review: The description matches the code changes.

16. bc83b42ae
    Summary: fix update-config when reward.conf does not exist.
    Notes: Fixed the update-config command to handle cases where the reward configuration file does not exist.
    Review: The description matches the code changes.

17. e9ff67e25
    Summary: update-config in testnet environment.
    Notes: Improved testnet compatibility in the update-config process.
    Review: The description matches the code changes.

18. 9064779bd
    Summary: Add node reward type update-config parsing.
    Notes: Enhanced node configuration handling by adding parsing for the node reward type from the reward configuration file.
    Review: The description matches the code changes.

19. 209a613ea
    Summary: ic-boundary caching.
    Notes: Fixed a caching issue in the ic-boundary component by using the updated ic-bn-lib.
    Review: The description matches the code changes.

20. 12775d559
    Summary: silence libunwind denials and allow systemd NoNewPrivileges for fstrim_tool.
    Notes: Silenced libunwind denials and allowed systemd NoNewPrivileges for the fstrim_tool to improve system integration.
    Review: The description matches the code changes.

21. c25680c49
    Summary: setupos networking dependency.
    Notes: Improved systemd integration by waiting for systemd-networkd-wait-online.service to complete before starting the setupos.service.
    Review: The description matches the code changes.

Performance improvements:

1. ab29295b3
   Summary: Put canister queues behind Arcs .
   Notes: Enhanced message routing performance by placing canister queues behind Arcs, significantly reducing the cost of cloning them.
   Review: The description matches the code changes.

Chores:

1. cb47e5b0f
   Summary: Add support for Schnorr aux input to state machine tests.
   Notes: Enhanced unit testing in the Crypto module by adding the sign_message_with_bip341_no_rng method to the secp256k1 library for generating deterministic signatures.
   Review: The description matches the code changes.

2. 2b5243dce
   Summary: Name canister sandbox reader threads.
   Notes: Improved CPU profiling capabilities in the Execution module by renaming individual sandbox threads for better identification and analysis.
   Review: The description matches the code changes.

3. 4dac910f1
   Summary: Upgrade wasmtime to 27.0.0.
   Notes: Updated the Wasmtime version used in the Execution module from 26.0.0 to 27.0.0, along with necessary dependency upgrades.
   Review: The description matches the code changes.

4. 65cc20dd0
   Summary: Increase max number of sandboxes to 7k.
   Notes: Increased the maximum number of concurrently running sandboxes from 5k to 7k in the Execution module by modifying the DEFAULT_MAX_SANDBOX_COUNT constant.
   Review: The description matches the code changes.

5. 4b40553b9
   Summary: move async_utils.
   Notes: Refactored the ic_async_utils library within the Execution module by renaming it to ic_http_endpoints_async_utils and moving its location to the /rs/http/endpoints directory.
   Review: The description matches the code changes.

6. 7d1825b54
   Summary: the adapter lib should expose just a simple function that starts the server.
   Notes: Simplified the Bitcoin adapter by exposing a single start_grpc_server function to initiate the gRPC server.
   Review: The description matches the code changes.

7. 96861bb86
   Summary: Streamline error handling when a connection or connection attempt fails.
   Notes: Improved error handling in the Networking module by modifying the Connection_Manager.rs to differentiate between inbound and outbound connection failures.
   Review: The description matches the code changes.

8. f42fe638d
   Summary: Remove legacy mercury.dfinity.systems logging targets.
   Notes: Removed obsolete logging targets for the decommissioned *.mercury.dfinity.systems machines from the Node module.
   Review: The description matches the code changes.

9. 0f35ac817
   Summary: networking touch-ups.
   Notes: Performed various minor improvements and updates to the networking code within the Node module, including updates to comments and preparation for future networking enhancements.
   Review: The description matches the code changes.

10. 66f6970a0
    Summary: upgrade crates.
    Notes: Updated numerous dependencies across the codebase.
    Review: The description matches the code changes.

11. 718723bc5
    Summary: Update Base Image Refs [2025-01-02-0807].
    Notes: Updated base image references for the Node module.
    Review: The description matches the code changes.

12. baaf25694
    Summary: Update Base Image Refs [2024-12-26-0807].
    Notes: Updated base image references for the Node module.
    Review: The description matches the code changes.

13. 7e8aba748
    Summary: Update Base Image Refs [2024-12-19-0807].
    Notes: Updated base image references for the Node module.
    Review: The description matches the code changes.

14. a5ee88c56
    Summary: Update Base Image Refs.
    Notes: Updated base image references for the Node module.
    Review: The description matches the code changes.

15. c0e353c7c
    Summary: Update Base Image Refs [2024-12-12-0807].
    Notes: Updated base image references for the Node module.
    Review: The description matches the code changes.

Refactoring:

1. f9c4fb832
   Summary: Update README.adoc and metrics.
   Notes: Refactored the QUIC transport module by updating the README.adoc and adjusting some metric labels for improved clarity and maintainability.
   Review: The description matches the code changes.

Tests:

1. 50fee78b4
   Summary: Test some bench targets.
   Notes: Enhanced test coverage in the Execution module by adding corresponding tests for specific benchmark targets to ensure their execution during each pipeline run.
   Review: The description matches the code changes.

2. 299bdc559
   Summary: Cover monitor and evict thread with tests.
   Notes: Improved test coverage for the SandboxedExecutionController in the Execution module by adding additional tests for the monitor and evict threads.
   Review: The description matches the code changes.

3. 91dd6b3f0
   Summary: Cover monitor and evict thread with tests.
   Notes: Adjusted the test execution platform for certain tests in the Execution module, building upon changes introduced in a previous commit.
   Review: The description matches the code changes.

Other changes:

1. 5da8abf3c
   Summary: “test: Cover monitor and evict thread with tests”.
   Notes: Reverted the changes made in commit 91dd6b3f0 in the Execution module.
   Review: The description matches the code changes.

Performance improvements:
ab29295b3 Execution,Interface,Message Routing:
Canister input and output queues get wrapped in ARC’s for cheap cloning, this also improves message execution time.

Chores:
cb47e5b0f Crypto,Interface(crypto):
Adds sign_message_with_bip341_no_rng and uses it in the state_machine_tests to handle signing a message using Schnorr signatures, with support for both BIP-340 (standard Schnorr signatures) and BIP-341 (Taproot-specific Schnorr signatures).
-Check for taproot_tree_root: context.schnorr_args().taproot_tree_root is an optional value (Option).
If it is Some, the Taproot-specific signing method (BIP-341) is used.
If it is None, the standard Schnorr signing method (BIP-340) is used.
-BIP-341 Signature: dk.sign_message_with_bip341_no_rng:
Signs the message using BIP-341, which includes Taproot-related auxiliary data.
-Parameters:
context.schnorr_args().message: The message to be signed.
aux: Auxiliary data, presumably the Taproot Merkle tree root.
-Error Handling:
If the signing fails, an error is returned using UserError::new.
The error message includes the key ID (context.key_id()) to help diagnose which key was used.
-BIP-340 Signature: dk.sign_message_with_bip340_no_rng:
Signs the message without auxiliary data.
Simpler process since it does not depend on the Taproot tree.
-Output Conversion:
Both signing methods return a vector (Vec) representing the signature.
The BIP-341 signature explicitly calls .to_vec() after success to standardize the format.
Also adds validation logic to ensure compatibility between the cryptographic context and the signing mechanism with the error message that explains the specific issue: “Ed25519 does not use BIP341 aux parameter.”
2b5243dce Execution,Interface:
Adds a specific name to all CanisterSandbox threads in order to keep CPU profiles clean.
4dac910f1 Execution,Interface:
Upgrades wasmtime from version 26.0.0 to 27.0.0.
65cc20dd0 Execution,Interface,Networking:
Bumps DEFAULT_MAX_SANDBOX_COUNT from 5k to 7k.
4b40553b9 Interface,Networking:
Moves async_utils to /rs/http_endpoints and ic_async_utils is renamed to ic_http_endpoints_async_utils
7d1825b54 Interface,Networking:
GetSuccessorsHandler is moved from the btc adapter to the rpc_server in order to simplify the adapter lib, and also removes some unused code.
96861bb86 Interface,Networking:
The connection_manager for quic_transport now differentiates between Failed to establish outbound/inbound connection.
f42fe638d Interface,Node(node):
Removes the node0-node3 mercury.dfinity.systems machines from logging targets, since they are not used anymore for over a year now.
0f35ac817 Interface,Node(node):
Small refactors and updates to the networking code in preparation for a larger one.
66f6970a0 Owners:
Upgrade crates matches description.
718723bc5 Node:
Update Base Image Refs
baaf25694 Node:
Update Base Image Refs
7e8aba748 Node:
Update Base Image Refs
a5ee88c56 Node:
Update Base Image Refs
c0e353c7c Node:
Update Base Image Refs

Refactoring:
f9c4fb832 Interface,Networking:
Updates the README for quic_transport and renames some metrics labels.

Tests:
50fee78b4 Execution,Interface:
Test bench targets matches description.
299bdc559 Execution,Interface:
This is the fix for commit 91dd6b3f0 that was reverted. It removes target apple.
91dd6b3f0 Execution,Interface:
Matches description, but fails to build on intel based apple.

Other changes:
5da8abf3c Execution,Interface:
This reverts commit 91dd6b3f0 due to build issues on intel based apple.

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these topics and Synapse on most other topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron and KongSwap with a known neuron and credible Followees.


Learn more about CodeGov and it’s mission at codegov.org.