proposal - [136567, 136568] Cyberowl | CodeGov
Proposals:
136567
136568
Vote: ADOPT
Reason:
The build was successful, and all the commit descriptions matched the changes in the code. We’ve had other image builds fail in the past—this time it was SetupOS, not GuestOS. In previous cases, the decision was to ADOPT, and I’m following that precedent.
Checks:
Hash Match: MATCH, MATCH
2 Urls: MATCH, MATCH
Proposer Check: MATCH, MATCH
Feedback:
NONE
Overall Summary:
Proposals 136567 and 136568 introduce a series of commits enhancing infrastructure, including a new DroppedMessageMetrics trait for better message-dropping accounting, a fully hermetic C/C++ compilation via Zig’s toolchain, and a new SOCKS-proxy implementation for HTTPS outcalls with a 50% traffic split for testing. They also include automated compatibility testing for rs/ic_os/config_types, refactoring of the ic-os image-building toolchain to eliminate brittle tmpfs plumbing, and relocation of StateManagerError and StateManagerResult to ic-types.
Commits Summary
proposal/136567
c95a256e8
Adds DroppedMessageMetrics trait that abstracts “message‑dropped” accounting and is threaded through canister‑queue, subnet‑queue, replicated‑state and state‑machine. time_out_messages, shed_largest_message, and enforce_best_effort_message_limit stop returning the number/bytes of discarded messages and instead receive an &impl DroppedMessageMetrics. Prometheus counters that were single‑valued IntCounter become labelled IntCounterVec and are split along three new label dimensions—kind (request/response), context (inbound/outbound) and class (guaranteed‑response/best‑effort).
8347b794a
Automated compatibility‑test pipeline for the rs/ic_os/config_types crate.
A new Rust workspace module compatibility_tests contains a small library plus a CLI generate_config_types_fixture that serialises the current HostOSConfig schema into version‑tagged JSON fixtures and adds tests that deserialise every historical fixture to guarantee backward compatibility.
CI is extended with a generate-config-fixtures job (both in the template and the rendered workflow) that runs on PRs touching rs/ic_os/config_types/**; it regenerates fixtures, stages them, and—if differences exist—pushes an “Automatically updated config type fixtures” commit back to the PR and fails the job so the author is forced either to bump CONFIG_VERSION or accept the auto‑update. Every schema change is now caught at review time, ensuring nodes can always read older configs and that fixture drift is surfaced automatically.
2f52f298d
Makee C/C++ compilation fully hermetic via Zig’s “hermetic cc toolchain”. hermetic_cc_toolchain Bazel module, registers Zig‑based toolchains for Linux, macOS and WASM, and adds a global --hermetic_cc flag plus use_hermetic_cc constraint so individual targets can opt out when they still require system compilers.
5d2416d7f
Matches description fix: //ic-os/.../:disk.img targets .
ec33e0169
Begins rolling out a new SOCKS‑proxy implementation for HTTPS outcalls and wires in a temporary feature‑flag to split live traffic between the “old” and “new” paths.
A randomised helper should_only_use_new_socks_proxy() returns true for ≈50 % of calls NEW_SOCKS_PROXY_ROLLOUT = 50, so half the requests bypass the legacy socks_client and are routed exclusively through the new do_https_outcall_socks_proxy code; in the other half both proxies run and their results are compared (with warnings logged on divergence).
0e60d4ed5
Fix matches description Rename IBE parameter from context to identity .
4b4bbc41e
Matches description Upgrade Wasmtime to v.32.
9344ddd22
Matches description Unify message class label values .
cf70f0e99
Finalizes the rollout of “best‑effort response” calls by deleting the BestEffortResponsesFeature gate, hard‑coding the always‑on setting in every configuration path, and stripping out all conditional logic, flags, and test cases that previously guarded the feature.
3490ef2a0
Bumps the default ic‑cdk & ic‑cdk‑macros crates from 0.17.x → 0.18.0 everywhere.
31ec56b2c
Removes bazel/cranelift-codegen-meta.patch
9da8cc52d
Refactors the ic-os image-building toolchain by deduplicating generic Starlark helpers, converting Python helpers into py_binary targets. Potential risks include transitive label churn, verity_sign binary compatibility, and dependency renames, which require thorough checks and CI validation before merging.
ee0cf4ca6
ICOS_TMPDIR refactor by eliminating brittle tmpfs plumbing, enabling helpers to use tempfile.mkdtemp() and centralizing tmpfs mounts in proc_wrapper.sh for hermetic, self-contained builds. Removes obsolete flags, attrs, and the unused inject_files rule, while slimming utils.py to ~80 LOC and improving cleanup with purge_podman() and safer defaults.
8aa575d86
Update base image refs.
40f3cb626
Relocates StateManagerError and StateManagerResult from ic_interfaces_state_manager to a new state_manager.rs module in ic-types.
proposal/136568
8347b794a
Same as proposal 136567.
2f52f298d
Same as proposal 136567.
5d2416d7f
Same as proposal 136567.
9da8cc52d
Same as proposal 136567.
ee0cf4ca6
Same as proposal 136567.
8aa575d86
Same as proposal 136567.
About CodeGov
CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.
Learn more about CodeGov and its mission at codegov.org.
