proposal/136731

2857e0d9d
Can fetch CUPS via http or https.

e0d7421a8
Now log chain_key_subnet_public_keys.

566b26b51
New, configurable timeouts and test-mode flags for connect/send/body-receive. Refactored the I/O logic into a connect helper and wrapped each stage (connect, send, receive) in its own timeout.

c546ec087
Moves ECDSA-secp256r1 code from rs/crypto/ecdsa_secp256r1 into a new standalone crate at packages/ic-secp256r1, renaming it from ic_crypto_ecdsa_secp256r1 to ic_secp256r1 and updating all Cargo.toml.

4be430732
Injects use ic_cdk::{println, eprintln}; into dozens of modules and replaces or introduces println!/eprintln! calls for consistent on-chain debugging output.

1f71efe57
Bumps the icrc-ledger-types crate from 0.1.8 to 0.1.9.
New icrc103 module in packages/icrc-ledger-types—defining GetAllowancesArgs, Allowance, Allowances, and GetAllowancesError.

b0a3d6dc4
Injects a Cache-Control: no-store header into every metrics HTTP response—across Bitcoin checker, ckBTC KYC/minter, CKETH(minter), Ethereum ledger-suite orchestrator, ICP archive/index/ledger services, icrc1 archive/index/ledger.

0eb0a97cf
Bumps the certification schema to V20 by adding V20 = 20 in CertificationVersion. Generalizes the lazy‐tree map traversal by introducing a MapFilter trait (with NoFilter and a new StreamsFilter), extends MapTransformFork to accept a filter, and in streams_as_tree uses StreamsFilter for V20+ to drop the loopback entry (falling back to NoFilter for earlier versions).

6b7e973c6
Tests now distinguish between a sender subnet own_subnet_id and a receiver subnet, explicitly insert a loopback stream for backward-compatibility tests, and update the expected hashes array to match the pre-V20 ordering.

f199fd67d
state_layout changes streamline CheckpointLayout by dropping the PhantomData in its inner impl, unifying the read-only and read-write return types of promote_scratchpad_to_unverified_checkpoint and checkpoint to both use RwPolicy<T>.

70e34ea9c
Adapter now immediately errors out with a SysFatal reject if the serialized or transformed HTTP response exceeds the per‐request max_response_bytes. All hard-coded 2 MB caps and the RESPONSE_OVERHEAD constant have been eliminated in favor of a tunable max_response_bytes argument.

6404cdd34
Disable https in the proxy client if the http flag is true. Matches description.

79472c740
Reverts commit.
Removes the old ic-canister-client and ic-canister-client-sender crates in favor of ic-agent 0.39.3. The HSM and node‐provider signer layers have been refactored to implement the ic_agent::Identity trait directly—via ExternalHsmSender wrapping an HSM‐driven sign function.

6248e2aeb
Fix logs

7922ceb8f
Matches description of fixing snapshot size calculation.

05fdb3a47
Replaces every timestamp_seconds field with timestamp_nanoseconds across the registry canister, transport proto, in-memory registry, chunkify/storage layers, and tests. One-off migration that reads every record’s former timestamp_seconds field and writes it back out as timestamp_nanoseconds = timestamp_seconds * 1_000_000_000 might be necessary.

0dba014c1
Fix CI build by preventing jemalloc from being cached.

e42de0834
Matches description Fixup test boundary TLS cert ownership .

bcc5b84bf
Replaces the brittle ExecCondition+Restart=always loop with a shell-wrapped ExecStart that silently exits 0 if the config file is missing and switches to Restart=on-failure to avoid endless retries.

b55418a22
Matches description of ramp up the new socks proxy discovery to 100%.

917b62727
In verify_pkcs1_sha256 all the manual signature‐length/modulus checks and malleability‐bug workaround comments were removed.

1955ccd84
Removes out all of the old compute_allocation/memory_allocation parameters and their validation from the install/upgrade code paths.

db5fc07c4
Fix err CanisterSnapshotNotEnoughCycles

6511ed5e2
Refactors take_canister_snapshot to return a Result<(Response, NumInstructions), Error> with ?-based error propagation, pulls out the replace-snapshot and removal logic into helpers, and removes the old manual error-plus-instruction-charge paths.

59a4303a9
Removes all async_scoped usages in favor of the TaskTracker/TaskManager from ic-bn-lib.

28d24c288
Drops the cache in ic_boundary in favor of ic-bn-lib’s Cache with a custom BypaserIC. Removes the old cache metrics.

2949c97ba
Move every reference of ic-cdk/ic-cdk-macros from 0.17.1 to 0.17.2.

1f4a5986f
Drops all canister_client/canister_client_sender uses in favor of ic_agent (and ic-ed25519), refactors the signer module to implement ic_agent::Identity via ExternalHsmSender and NodeSender.

830f4caa9
Removes every reference and dependency on the ic-cdk-macros crate and replacing all ic_cdk_macros::{…} imports with the re-exported macros from ic_cdk.

f326b9faf
Refactor get_changes_since in the replay player to be fully async. Test renamed test_registry_get_value_and_changes_since.

proposal/136740

9f031af20
Matches description Remove vm_nr_of_vcpus default value.

c46366cb2
Syntax error causing problems. Good catch!

d0d202f4b
Overhauled the GuestOS service to use a single guestos.sh script.

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

Features:

• 2857e0d9d Consensus,Interface: Use HTTPS to fetch CUPs (#5222)
  Notes: Replaces http_endpoint_to_url with https_endpoint_to_url in CatchUpPackageProvider to ensure CUPs are fetched over HTTPS. And introduces a shared endpoint_to_url function to construct URLs using the specified protocol to enhance security.
  Review: Code changes look good and match release notes.

• e0d7421a8 Consensus,Interface: Log the chain keys on every CUP height (#5150)
  Notes: Adds conditional info! log to deliver_batches to print all available chain_key_subnet_public_keys (including VetKD keys) at CUP heights by checking block.payload.is_summary() and ensuring keys are present.
  Review: Code changes look good and match release notes.

• 566b26b51 Consensus,Interface: add more timeouts to the nns delegation fetching logic (#5153)
  Notes: Adds CONNECTION_TIMEOUT, NNS_DELEGATION_REQUEST_SEND_TIMEOUT, and NNS_DELEGATION_BODY_RECEIVE_TIMEOUT timeout handling to NNS delegation and refactors connection logic into a new connect function and adjusts try_fetch_delegation_from_nns.
  Review: Code changes look good and match release notes.

• c546ec087 Crypto,Interface(crypto): Add ic-secp256r1 package (#5061)
  Notes: This commit introduces a new ic-secp256r1 package under rs/crypto, implementing PublicKey and Signature structs with DER encoding/decoding.
  Review: Code changes look good and match release notes.

• 4be430732 Interface(governance): Added use ic_cdk::println; to files that lack it. (#5233)
  Notes: Integrates the ic-cdk crate into multiple Rust canisters for enhanced logging via println and eprintln.
  Review: Code changes look good and match release notes.

• 1f71efe57 Interface(ICRC-Ledger): Implement the standard (#4840)
  Notes: This commit implements the ICRC-103 standard by adding allowance management functions within the icrc103 module of the ICRC Ledger.
  Review: Code changes look good and match release notes.

• b0a3d6dc4 Interface: Add “Cache-Control: no-store” to all canister /metrics endpoints (#5124)
  Notes: Adds the Cache-Control: no-store header to all canister /metrics endpoints to prevent HTTP/1.1 gateway caching. This ensures Prometheus scrapes receive fresh metrics every 10 seconds without delay.
  Review: Code changes look good and match release notes.

• 0eb0a97cf Interface,Message Routing: Drop loopback stream from certified state (#5195)
  Notes: This commit introduces certification version V20 by updating CertificationVersion enums and MAX_SUPPORTED_CERTIFICATION_VERSION, and modifies streams_as_tree to use a StreamsFilter that excludes the loopback stream based on own_subnet_id during lazy tree construction.
  Review: Code changes look good and match release notes.

• 6b7e973c6 Interface,Message Routing: Use actual cross-subnet streams in state_manager tests (#5152)
  Notes: This commit refactors state_manager tests to use real cross-subnet streams instead of loopback ones, making the encoding and decoding between different subnets more realistic and improving the test helpers to support this.
  Review: Code changes look good and match release notes.

• f199fd67d Interface,Message Routing: Write protobufs asynchronously (#4792)
  Notes: Updates checkpointing to serialize protobufs of canisters and snapshots asynchronously using background tasks, improving performance by not blocking execution.
  Review: Code changes look good and match release notes.

• 4e32733cb Interface,Node: Pipe elasticsearch config through SetupOS (#5219)
  Notes: This commit updates deployment JSON and CLI interfaces to include optional Elasticsearch hosts and tags, modifies SetupOS image creation to pass these settings for nested GuestOS configuration and also refactors related functions to support dynamic Elasticsearch setup through SetupOS.
  Review: Code changes look good and match release notes.

• 4fea8f598 Interface,Node(node): Configuration revamp (GuestOS integration) (#1563)
  Notes: This commit integrates the new IC-OS config tool into the IC-OS node setup to manage configuration sanitization, organization, access, and partial propagation.
  Review: Code changes look good and match release notes.

• 12ade0592 Interface: Allow zero pre_signatures_to_create_in_advance in vetKD ChainKeyConfig (#5014)
  Notes: Updates registry logic to allow VetKd chain keys with pre_signatures_to_create_in_advance = 0, since VetKd doesn’t require pre-signatures. Changes include conditional checks using requires_pre_signatures(), test updates, and relaxed invariant validations across multiple modules.
  Review: Code changes look good and match release notes.

• a7a57d574 Node(IDX): Add prefix to artifact bundles (#5098)
  Notes: This commit refactors artifact_bundle to output a directory with a mandatory prefix for structured CDN uploads, updates build-ic.sh to recursively copy files by dereferencing symlinks, and fixes a guestos path typo.
  Review: Code changes look good and match release notes.

Bugfixes:

• 70e34ea9c Consensus,Interface: canister http response size validation (#5234)
  Notes: Refines HTTP response size validation for canister outcalls by enforcing a strict max_response_bytes limit on transformed responses, ensures transform_timer.observe_duration() runs consistently and updates tests accordingly to validate the new behavior.
  Review: Code changes look good and match release notes.

• 6404cdd34 Consensus,Interface: disable https in the proxy client if the http flag is true. (#5229)
  Notes: This commit configures the proxy client’s HttpsConnectorBuilder to use .https_or_http() when the http feature is enabled, disabling HTTPS-only enforcement.
  Review: Code changes look good and match release notes.

• 79472c740 Consensus,Interface: revert “refactor(orchestrator): Remove dependency to canister_client in orchestrator” (#5224)
  Notes: This commit reverts previous refactor replacing canister_client with ic-agent in the orchestrator due to HTTP/HTTPS inconsistencies, restoring ic-canister-client, ic-canister-client-sender, and original DER key-based signing and Sender logic.
  Review: Code changes look good and match release notes.

• 6248e2aeb Consensus,Interface: properly log the time-out in NNS delegation manager (#5166)
  Notes: Fixes incorrect timeout log messages in nns_delegation_manager.rs by replacing static String::from(…) calls with dynamic format!(…)
  Review: Code changes look good and match release notes.

• 7922ceb8f Execution,Interface,Message Routing: Fix snapshot size calculation (#5148)
  Notes: Corrects snapshot size calculation by replacing memory_usage() with memory_usage_in_snapshot(), excluding custom Wasm sections that aren’t explicitly stored in snapshots.
  Review: Code changes look good and match release notes.

• 05fdb3a47 Interface: timestamps in nanoseconds in the registry (#5076)
  Notes: Modifies registry timestamp naming and units to nanoseconds, updates related calculations by removing +/- 1 adjustments in max delta size, and addresses post-merge review comments for improved consistency and precision.
  Review: Code changes look good and match release notes.

• 0dba014c1 Owners(IDX): don’t cache jemalloc build (#5174)
  Notes: Prevents caching of the jemalloc build by adding no-cache and manual tags in the Bazel build file and modifies the CI workflow to build jemalloc separately to avoid cache pollution and build determinism failures.
  Review: Code changes look good and match release notes.

• cd79ce565 Owners(IDX): Re-enable x86-darwin builds (#5165)
  Notes: Re-enables x86-darwin platform support in rules_rust by restoring it in the Bazel configuration, reversing a prior removal from the upstream rules_rust repository.
  Review: Code changes look good and match release notes.

• e42de0834 Node: Fixup test boundary TLS cert ownership (#5221)
  Notes: Fixes TLS certificate ownership in test boundary setups by adding chown ic-replica:nogroup to the generated key and cert files in generate-ic-config.sh.
  Review: Code changes look good and match release notes.

• bcc5b84bf Node: filebeat exec condition (#5175)
  Notes: Fixes filebeat.service by replacing the ExecCondition with a conditional ExecStart script that runs Filebeat only if the config file /run/ic-node/etc/filebeat/filebeat.yml exists, ensuring proper startup after config generation.
  Review: Code changes look good and match release notes.

• b7e15a5d8 Execution,Interface: make upload_chunk idempotent (#5049)
  Notes: Makes the upload_chunk endpoint idempotent by ignoring duplicate uploads except for charging cycles, refactors cycle charging to use consume_cycles_for_instructions in the cycles account manager, and modifies insert_chunk to accept chunk hashes assuming the chunk is new.
  Review: Code changes look good and match release notes.

• 80d9fc533 Execution,Interface: clear canister logs before instantiating new canister during reinstall (#5064)
  Notes: Modifies the canister reinstall process to clear logs before creating a new execution state by adding a clear_log step in execute_install and InstallCodeHelper.
  Review: Code changes look good and match release notes.

Performance improvements:

• 6b72db3f9 Consensus,Interface(idkg): Performance improvement when building a transcript of a certain ID (#4999)
  Notes: Optimizes IDKG transcript building by iterating only over dealings and support shares matching a specific transcript ID instead of all artifacts, improving scalability under high load.
  Review: Code changes look good and match release notes.

Chores:

• b55418a22 Consensus,Interface: ramp up the new socks proxy discovery to 100% (#5230)
  Notes: Increases the new SOCKS proxy discovery to 100% by updating the NEW_SOCKS_PROXY_ROLLOUT constant in rpc_server.rs, routing all failed HTTP requests from system subnets through an API BN as a SOCKS proxy.
  Review: Code changes look good and match release notes.

• 724ca0463 Consensus,Interface(networking): add http_method label for https outcall client metrics (#5143)
  Notes: Adds an http_method label to HTTPS outcall client metrics and updated code to track request counts and durations by HTTP method for improved monitoring.
  Review: Code changes look good and match release notes.

• 6d6b47200 Crypto: Replace ic_vetkd_utils with ic_vetkeys (#5238)
  Notes: Replaces the ic_vetkd_utils package with the external vetkeys repository by updating dependencies and imports accordingly.
  Review: Code changes look good and match release notes.

• 917b62727 Crypto,Interface(crypto): Remove workaround for RSA signature malleability (#5080)
  Notes: Removes the manual RSA signature malleability checks from verify_pkcs1_sha256 since the upgraded rsa crate now handles them internally.
  Review: Code changes look good and match release notes.

• 1aeb46aef Execution(EXC): Improve UserError assert_contains message (#5090)
  Notes: Improves UserError::assert_contains by adding a detailed panic message to aid debugging when error codes don’t match.
  Review: Code changes look good and match release notes.

• 1955ccd84 Execution,Interface: Remove code handling compute and memory allocations in install_code (#5204)
  Notes: Removes deprecated logic for handling compute and memory allocations in install_code, making the associated fields in InstallCodeArgs no-ops.
  Review: Code changes look good and match release notes.

• db5fc07c4 Execution,Interface: Add error doc link for canister snapshot not enough cycles error. (#5145)
  Notes: Adds user suggestion and documentation link for CanisterSnapshotNotEnoughCycles error in CanisterManagerError; also slightly improved the error message formatting for clarity.
  Review: Code changes look good and match release notes.

• 6511ed5e2 Execution,Interface: Refactor take_canister_snapshot (#5184)
  Notes: Refactored take_canister_snapshot to simplify error handling and enable future snapshot upload/download reuse.
  Review: Code changes look good and match release notes.

• 88079a4d7 Interface: bump networking crates (#5188)
  Notes: Bumped versions of networking-related crates to their latest compatible releases.
  Review: Code changes look good and match release notes.

• 59a4303a9 Interface: refactor ic-boundary more (#5209)
  Notes: Refactors ic-boundary by replacing async_scoped with TaskTracker, switching to stable tower_governor, using derive-new, and cleaning up redundant code.
  Review: Code changes look good and match release notes.

• 28d24c288 Interface: ic-boundary: remove own caching, use ic-bn-lib (#5156)
  Notes: Replaces ic-boundary’s custom caching with ic-bn-lib’s cache, removed redundant metrics, moved tests, and updated dependencies to main branch hashes.
  Review: Code changes look good and match release notes.

• d0ca0b423 Interface: upgrade ic-bn-lib & ic-gateway (#5114)
  Notes: Upgrades ic-gateway and ic-bn-lib dependencies, bumps the http crate to 1.3.1, replaces an outdated URL test, and adjusts code to fit the new versions.
  Review: Code changes look good and match release notes.

• 2949c97ba Interface: Revert ic-cdk to 0.17.2 (#5139)
  Notes: This commit reverts the ic-cdk version back to 0.17.2 due to incompatibility issues when mixing 0.17.x and 0.18.x
  Review: Code changes look good and match release notes.

• cc904f521 Node: Update Base Image Refs [2025-05-22-0903] (#5253)
  Notes: Updates the base container image references to newer versions to have secure container images.
  Review: Code changes look good and match release notes.

• 2c3d1cbac Node(IDX): Group artifact uploads (#5142)
  Notes: Adds a unified Bazel target //:upload-artifacts and updates upload.sh to upload all files in artifact_bundle directories with relative paths, simplifying artifact uploads.
  Review: Code changes look good and match release notes.

• afa56c9f3 Node: Update Base Image Refs [2025-05-15-0807] (#5140)
  Notes: Updates the base container image references to newer versions to have secure container images.

• 53ac5a6a1 Consensus,Interface: add more logs to nns delegation manager (#5050)
  Notes: Modifies nns_delegation_manager and connection_manager with detailed TCP/TLS/HTTP logging to debug flaky delegation fetch tests, and simplified get_random_node_from_nns_subnet by converting it from async to sync.
  Review: Code changes look good and match release notes.

• 204e1bda4 Consensus,Interface,Node: renaming mentions of ch1-obsdev1 into testnet (#5085)
  Notes: Renames all references from elasticsearch.ch1-obsdev1.dfinity.network to elasticsearch.testnet.dfinity.network to complete the migration from the development cluster to the production testnet Elasticsearch cluster in dm1.
  Review: Code changes look good and match release notes.

• 97a0e6132 Crypto: Modify VetKD key derivation (#5088)
  Notes: Refactors the VetKD key derivation by splitting it into two distinct methods: one deriving keys using a canister ID and another using a user-provided context string to clarify the derivation process.
  Review: Code changes look good and match release notes.

• 7a72da08c Crypto: Use a fixed length domain separator for IBE message mask (#5028)
  Notes: Updates the IBE message mask domain separator to use a fixed-length for the length field.
  Review: Code changes look good and match release notes.

• 230b080ae Execution,Interface: refine ErrorHelp::ToolchainError (#5122)
  Notes: The commit refines the ErrorHelp::ToolchainError message to advise users to ensure their test environments (e.g., dfx) are up to date before attributing errors to the compiler/CDK toolchain, updating error messages in multiple test files and the error display implementation accordingly.
  Review: Code changes look good and match release notes.

• f8d49eb9c Execution,Interface: Add error doc link for canister snapshot limit error. (#5078)
  Notes: This commit adds a user-friendly suggestion and a documentation link to the CanisterManagerError::SnapshotLimitExceeded error to improve error guidance.
  Review: Code changes look good and match release notes.

• e309dc2af Execution,Interface: Add error doc for CanisterManagerError::ReservedCyclesLimitIsTooLow (#5074)
  Notes: Adds documentation link for the CanisterManagerError::ReservedCyclesLimitIsTooLow error to guide users to set the reserved cycles limit appropriately.
  Review: Code changes look good and match release notes.

• d1dc4c2dc Interface: Update Rust to 1.86.0 (#5059)
  Notes: Upgrades the Rust toolchain from version 1.85.1 to 1.86.0 and documents observed WASM instruction regressions in several governance benchmark tests.
  Review: Code changes look good and match release notes.

• f68a58fab Interface: update Rust to 1.85.1 (#4340)
  Notes: Updates the Rust toolchain from version 1.84.0 to 1.85.1 and includes code refactoring to reduce verbosity and address clippy lints by improving conditional and map operations.
  Review: Code changes look good and match release notes.

• 182119f38 Interface,Message Routing: Don’t deliver ALREADY_EXISTS checkpoint in state sync (#5121)
  Notes: Refines state sync to abort when a checkpoint at the target height already exists to prevent redundant sync delivery.
  Review: Code changes look good and match release notes.

• 7443f1e1c Owners(IDX): rules_rust: 0.56.0 → 0.61.0 (#4574)
  Notes: Upgrades rules_rust from version 0.56.0 to 0.61.0 in Bazel configuration to support Rust toolchain 1.85.1.
  Review: Code changes look good and match release notes.

• dabab3d1c Node: Update boot args key to extra_boot_args_template (#5073)
  Notes: Renames the Bazel key boot_args_template to extra_boot_args_template in image_deps and related references for naming consistency across the build configuration.
  Review: Code changes look good and match release notes.

• 7269994c8 Node(IDX): move ic-os upload to BUILD.bazel (#5070)
  Notes: This commit refactors the icos_build() function by removing the upload_artifacts logic and shifting it into the respective BUILD.bazel files.
  Review: Code changes look good and match release notes.

• f5749622f Node(IDX): extract file size checks from icos_build (#5054)
  Notes: Refactors file_size_check into BUILD files with named targets using output labels to validate file sizes in prod to improve visibility and removing max_file_sizes from icos_build.
  Review: Code changes look good and match release notes.

• ebd587595 Node(IDX): rename checksum_rule to artifact_bundle (#5002)
  Notes: Renames checksum_rule to artifact_bundle and updates Bazel targets and BUILD files to reflect its role in bundling artifacts with symlinks and SHA256 checksums.
  Review: Code changes look good and match release notes.

• f25b30020 Node: Update Base Image Refs [2025-05-08-0807] (#5033)
  Notes: Updates the base container image references to newer versions to have secure container images.
  Review: Code changes look good and match release notes.

Refactoring:

• 1f4a5986f Consensus,Interface(orchestrator): Remove dependency to canister_client in orchestrator (#5104)
  Notes: Swap out the canister_client crate for the now long-standing ic_agent crate in the orchestrator, refactor the signer module to utilize ic_agent::Identity traits to sign messages.
  Review: Code changes look good and match release notes.

• 830f4caa9 Interface: remove direct dependency on ic-cdk-macros (#5144)
  Notes: Drops the direct ic-cdk-macros dependency in favor of its macros re-exported by ic-cdk, which makes the dependency graph simpler.
  Review: Code changes look good and match release notes.

• d2c64c332 Interface,Node: Factor out generate_guestos_config into a library function and add tests (#5256)
  Notes: This commit refactors generate_guestos_config into a library function that derives the GuestOS IPv6 address deterministically from the HostOS config using the deterministic_ips crate, replacing the previous separate IP argument and adding tests for validation.
  Review: Code changes look good and match release notes.

• bb76b8f5a Node: Load entire kernel cmdline from boot partition (#5101)
  Notes: Replaces dynamic boot-time sourcing of extra_boot_args with a build-time generated boot_args file defining partition-specific kernel command lines (BOOT_ARGS_A and BOOT_ARGS_B) sourced by GRUB for stable AMD SEV measurement
  Review: Code changes look good and match release notes.

• b8306005e Node: Refactor partition image targets to remove redundancy (#5127)
  Notes: The icos_build function in ic-os/defs.bzl is optimized by replacing repeated partition handling calls with loops over partition arrays, dynamically generating image and output filenames using formatted strings.
  Review: Code changes look good and match release notes.

• 492fdcea6 Consensus,Interface(replay): Unit test for Player::get_changes_since in rs/replay. (#5022)
  Notes: Adds a unit test for Player::get_changes_since focusing on reconstituting chunked records and also updates the implementation by delegating to a new standalone get_changes_since function.
  Review: Code changes look good and match release notes.

• 59ad18a77 Interface(nervous_system/canister): Test getting large Registry mutations from a canister. (#5043)
  Notes: This commit adds a new test canister, fetch_large_record_test_canister to verify the function registry_changes_since which fetches large Registry mutations.
  Review: Code changes look good and match release notes.

• 4b0953166 Interface: Extend some unit tests with vet keys (#5010)
  Notes: Updates unit tests and key configurations to support the VetKd key type with zero pre-signatures to ensure full integration of VetKdCurve and VetKdKeyId across subnet creation.
  Review: Code changes look good and match release notes.

Tests:

• f326b9faf Consensus,Interface(replay): Integration test for get_changes_since in replay. (#5164)
  Notes: This commit makes get_changes_since an async function to eliminate runtime dependencies and simplify testing and adds an integration test to confirm it.
  Review: Code changes look good and match release notes.

Features:

• 2857e0d9d Consensus,Interface: Use HTTPS to fetch CUPs (#5222)
  Review: Matches description + changes are appropriate
  Notes: This commit updates the orchestrator logic to use HTTPS instead of HTTP when fetching Catch-Up Packages (CUPs), enhancing the security of network communications. It refactors the URL generation logic by introducing a generic endpoint_to_url function that supports both HTTP and HTTPS schemes, and replaces calls to http_endpoint_to_url with the new https_endpoint_to_url.

• e0d7421a8 Consensus,Interface: Log the chain keys on every CUP height (#5150)
  Review: Matches description + changes are appropriate
  Notes: ​​This commit logs all available chain keys at every Catch-Up Package (CUP) height by emitting an INFO message if any chain keys are present in the subnet. Though the original requirement targeted only VetKD keys, the implementation logs all chain keys for broader visibility and debugging ease.

• 566b26b51 Consensus,Interface: add more timeouts to the nns delegation fetching logic (#5153)
  Review: Matches description + changes are appropriate
  Notes: This commit introduces explicit timeouts for both connection and request sending phases in the NNS delegation fetching logic, improving robustness under connectivity issues. It also adds targeted tests to validate timeout behavior, refactors connection logic into a separate function, and conditionally adjusts timeout constants for testing environments.

• c546ec087 Crypto,Interface(crypto): Add ic-secp256r1 package (#5061)
  Review: Matches description + changes are appropriate
  Notes: This commit migrates the ic-crypto-ecdsa-secp256r1 crate to a new standalone ic-secp256r1 package, updates all dependencies and references accordingly, and introduces minor test refactors to decouple from internal test utilities for improved modularity and reuse.

• 4be430732 Interface(governance): Added use ic_cdk::println; to files that lack it. (#5233)
  Review: Matches description + changes are appropriate
  Notes: This commit ensures consistent and functional logging in canisters by explicitly importing println and eprintln from ic_cdk in all relevant files, resolving ambiguities and avoiding dropped logs. It also updates build configurations and dependencies where needed to support these imports.

• 1f71efe57 Interface(ICRC-Ledger): Implement the standard (#4840)
  Review: Matches description + changes are appropriate
  Notes: This commit implements the ICRC-103 standard, adding support for listing allowances in ICRC-ledger canisters. It introduces new types, methods, test coverage, and benchmark updates, along with corresponding metadata fields and integration with the ledger state machine.

• b0a3d6dc4 Interface: Add “Cache-Control: no-store” to all canister /metrics endpoints (#5124)
  Review: Matches description + changes are appropriate
  Notes: This commit ensures all canister /metrics endpoints include a Cache-Control: no-store header to prevent 10-second gateway-level caching, thereby allowing Prometheus and Victoria Metrics scrapes to access up-to-date data every cycle.

• 0eb0a97cf Interface,Message Routing: Drop loopback stream from certified state (#5195)
  Review: Matches description + changes are appropriate
  Notes: This commit introduces CertificationVersion V20, which excludes the loopback stream from the certified state tree, reducing unnecessary certification overhead since loopback streams are only used locally and not transmitted over XNet.

• 6b7e973c6 Interface,Message Routing: Use actual cross-subnet streams in state_manager tests (#5152)
  Review: Matches description + changes are appropriate
  Notes: This commit updates state_manager tests to use cross-subnet streams instead of loopback streams, ensuring test compatibility with certification version V20, which excludes loopback streams from certified state. It also enhances test realism by simulating actual subnet-to-subnet communication.

• f199fd67d Interface,Message Routing: Write protobufs asynchronously (#4792)
  Review: Matches description + changes are appropriate
  Notes: This commit enables asynchronous serialization of canister and snapshot protobufs during checkpointing by moving these operations off the critical execution path, improving runtime performance. It introduces a background workflow and refactors tip handling to support deferred serialization without impacting execution latency.

• 4e32733cb Interface,Node: Pipe elasticsearch config through SetupOS (#5219)
  Review: Matches description + changes are appropriate
  Notes: This commit enables SetupOS to configure Elasticsearch settings for nested GuestOS environments by piping elasticsearch_hosts and optional tags from deployment configuration through the relevant toolchain and CLI interfaces.

• 4fea8f598 Interface,Node(node): Configuration revamp (GuestOS integration) (#1563)
  Review: Matches description + changes are appropriate
  Notes: This commit integrates a revamped IC-OS configuration system into GuestOS, consolidating disparate config sources, refactoring bash scripts to use a Rust-based config tool, and removing legacy files and logic, thereby enabling more robust, structured, and testable config propagation for node initialization and adapter services.

• 12ade0592 Interface: Allow zero pre_signatures_to_create_in_advance in vetKD ChainKeyConfig (#5014)
  Review: Matches description + changes are appropriate
  Notes: This commit allows VetKd keys to be configured with zero pre_signatures_to_create_in_advance by updating the registry invariant logic, aligning it with the fact that VetKd does not use pre-signatures. It includes test updates and ensures proper handling of VetKdCurve validation.

• a7a57d574 Node(IDX): Add prefix to artifact bundles (#5098)
  Review: Matches description + changes are appropriate
  Notes: This commit introduces a prefix option to artifact_bundle, simplifying its implementation and changing outputs to structured directories, enabling direct use with CDN uploads. It also updates build-ic.sh to support nested artifacts and corrects a directory name typo.

Bugfixes:

• 70e34ea9c Consensus,Interface: canister http response size validation (#5234)
  Review: Matches description + changes are appropriate
  Notes: This commit refines canister HTTP response validation by enforcing a max size limit on transformed responses and removing redundant checks on untransformed serialized responses. It also ensures transform timing is always recorded and expands test coverage for edge cases involving size limits.

• 6404cdd34 Consensus,Interface: disable https in the proxy client if the http flag is true. (#5229)
  Review: Matches description + changes are appropriate
  Notes: This commit ensures proper protocol enforcement in the proxy client by disabling HTTPS when the HTTP feature flag is enabled, aligning behavior with expected configuration and fixing reliance on previously unenforced defaults.

• 79472c740 Consensus,Interface: revert “refactor(orchestrator): Remove dependency to canister_client in orchestrator” (#5224)
  Review: Matches description + changes are appropriate
  Notes: This commit reverts a prior refactor that replaced canister_client with ic-agent in the orchestrator due to inconsistent HTTP/HTTPS usage, restoring the original client and resolving related test failures.

• 6248e2aeb Consensus,Interface: properly log the time-out in NNS delegation manager (#5166)
  Review: Matches description + changes are appropriate
  Notes: This commit fixes incorrect log formatting in NNS delegation timeout errors by replacing String::from with format!, ensuring proper variable interpolation in timeout messages.

• 7922ceb8f Execution,Interface,Message Routing: Fix snapshot size calculation (#5148)
  Review: Matches description + changes are appropriate
  Notes: This commit corrects snapshot size calculation by excluding the custom Wasm section, which is not stored explicitly in snapshots, thus aligning memory accounting with actual snapshot content.

• 05fdb3a47 Interface: timestamps in nanoseconds in the registry (#5076)
  Review: Matches description + changes are appropriate
  Notes: This commit standardizes timestamp fields to use nanoseconds across the registry codebase, replacing prior inconsistencies with seconds. It updates protocol buffers, implementations, and tests to reflect this change, improving clarity, precision, and consistency in timestamp handling.

• 0dba014c1 Owners(IDX): don’t cache jemalloc build (#5174)
  Review: Matches description + changes are appropriate
  Notes: This commit disables caching for the jemalloc build to prevent CI cache corruption caused by non-deterministic artifacts, isolating jemalloc compilation and reducing impact on subsequent builds.

• cd79ce565 Owners(IDX): Re-enable x86-darwin builds (#5165)
  Review: Matches description + changes are appropriate
  Notes: This commit re-enables x86-darwin builds by restoring platform-specific entries for x86_64-apple-darwin across Cargo.Bazel JSON lockfiles and updating Bazel Rust rules to reflect upstream changes, significantly cleaning up redundant platform entries and removing obsolete Windows and NixOS target references.

• e42de0834 Node: Fixup test boundary TLS cert ownership (#5221)
  Review: Matches description + changes are appropriate
  Notes: This commit restores the expected file ownership for generated boundary TLS certs by adding a chown command, aligning permissions with previous behavior and aiding test consistency.

• bcc5b84bf Node: filebeat exec condition (#5175)
  Review: Matches description + changes are appropriate
  Notes: This commit moves the Filebeat configuration existence check from ExecCondition to ExecStart, ensuring the config file has been generated before attempting to start the service and preventing premature failure.

• b7e15a5d8 Execution,Interface: make upload_chunk idempotent (#5049)
  Review: Matches description + changes are appropriate
  Notes: This commit makes the upload_chunk endpoint idempotent by avoiding redundant chunk storage while still charging cycles, and refactors chunk validation and insertion for clarity and efficiency.

• 80d9fc533 Execution,Interface: clear canister logs before instantiating new canister during reinstall (#5064)
  Review: Matches description + changes are appropriate
  Notes: This commit ensures canister logs are cleared before reinstalling, preserving logs from start/init hooks and aligning behavior with the IC interface specification.

Performance improvements:

• 6b72db3f9 Consensus,Interface(idkg): Performance improvement when building a transcript of a certain ID (#4999)
  Review: Matches description + changes are appropriate
  Notes: This commit optimizes transcript building by introducing efficient iteration over dealings and support shares using transcript ID prefixes, significantly improving IDKG performance under high load.

Chores:

• b55418a22 Consensus,Interface: ramp up the new socks proxy discovery to 100% (#5230)
  Review: Matches description + changes are appropriate
  Notes: This commit ramps up the new SOCKS proxy discovery to 100%, routing all failed HTTP requests via API boundary nodes for improved reliability and performance parity.

• 724ca0463 Consensus,Interface(networking): add http_method label for https outcall client metrics (#5143)
  Review: Matches description + changes are appropriate
  Notes: This commit adds http_method as a metric label for HTTPS outcall client metrics, enabling more granular performance and frequency insights per HTTP method.

• 6d6b47200 Crypto: Replace ic_vetkd_utils with ic_vetkeys (#5238)
  Review: Matches description + changes are appropriate
  Notes: This commit replaces the deprecated ic_vetkd_utils crate with the external ic_vetkeys library, streamlining VetKD functionality and reducing internal code maintenance.

• 917b62727 Crypto,Interface(crypto): Remove workaround for RSA signature malleability (#5080)
  Review: Matches description + changes are appropriate
  Notes: This commit removes outdated RSA signature malleability checks that are no longer needed due to an upstream fix in the rsa crate.

• 1aeb46aef Execution(EXC): Improve UserError assert_contains message (#5090)
  Review: Matches description + changes are appropriate
  Notes: This commit enhances the assert_contains failure message by printing the full actual error, aiding debugging of mismatched error codes in tests.

• 1955ccd84 Execution,Interface: Remove code handling compute and memory allocations in install_code (#5204)
  Review: Matches description + changes are appropriate
  Notes: This commit removes deprecated handling of compute and memory allocations during install_code, simplifying logic and eliminating related tests, with follow-up removal of unused fields planned.

• db5fc07c4 Execution,Interface: Add error doc link for canister snapshot not enough cycles error. (#5145)
  Review: Matches description + changes are appropriate
  Notes: This commit adds a documentation link and suggestion for the CanisterSnapshotNotEnoughCycles error, improving clarity and guidance for developers encountering this issue.

• 6511ed5e2 Execution,Interface: Refactor take_canister_snapshot (#5184)
  Review: Matches description + changes are appropriate
  Notes: This commit refactors take_canister_snapshot for clearer logic and reuse, improves error handling, and ensures no instruction charges occur on early failure paths.

• 88079a4d7 Interface: bump networking crates (#5188)
  Review: Matches description + changes are appropriate
  Notes: This commit updates multiple networking-related crates to newer versions, including aide, socket2, and axum, improving compatibility, security, and performance.

• 59a4303a9 Interface: refactor ic-boundary more (#5209)
  Review: Matches description + changes are appropriate
  Notes: This commit refactors ic-boundary by removing async_scoped, introducing TaskManager and derive-new, simplifying runner management, and updating tower_governor to stable.

• 28d24c288 Interface: ic-boundary: remove own caching, use ic-bn-lib (#5156)
  Review: Matches description + changes are appropriate
  Notes: This commit removes the custom caching logic in ic-boundary, switching to the centralized ic-bn-lib cache with standardized bypass reasons and updated dependencies.

• d0ca0b423 Interface: upgrade ic-bn-lib & ic-gateway (#5114)
  Review: Matches description + changes are appropriate
  Notes: This commit upgrades ic-bn-lib, ic-gateway, and related crates (e.g., http), removing deprecated tests and updating code for compatibility with new versions.

• 2949c97ba Interface: Revert ic-cdk to 0.17.2 (#5139)
  Review: Matches description + changes are appropriate
  Notes: This commit reverts the upgrade to ic-cdk 0.18.0, restoring 0.17.2 to prevent incompatibilities caused by mixed CDK versions across the monorepo.

• cc904f521 Node: Update Base Image Refs [2025-05-22-0903] (#5253)
  Review: Matches description + changes are appropriate
  Notes: Automated patch. Updates the base image reference for various IC OS components like boundary-guestos, guesos(dev) etcetera

• 2c3d1cbac Node(IDX): Group artifact uploads (#5142)
  Review: Matches description + changes are appropriate
  Notes: This commit consolidates artifact upload logic by introducing a unified //:upload-artifacts target, simplifying upload paths and reducing redundancy across upload rules.

• afa56c9f3 Node: Update Base Image Refs [2025-05-15-0807] (#5140)
  Review: Matches description + changes are appropriate
  Notes: Automated patch. Updates the base image reference for various IC OS components like boundary-guestos, guesos(dev) etcetera

• 53ac5a6a1 Consensus,Interface: add more logs to nns delegation manager (#5050)
  Review: Matches description + changes are appropriate
  Notes: This commit improves debug visibility in the NNS delegation fetch path by adding detailed logging for TCP, TLS, and HTTP connection stages, and logs successful QUIC connections.

• 204e1bda4 Consensus,Interface,Node: renaming mentions of ch1-obsdev1 into testnet (#5085)
  Review: Matches description + changes are appropriate
  Notes: This commit renames all mentions of the obsolete ch1-obsdev1 Elasticsearch cluster to the current testnet cluster across configs, code, and test infra.

• 97a0e6132 Crypto: Modify VetKD key derivation (#5088)
  Review: Matches description + changes are appropriate
  Notes: This commit updates VetKD key derivation to distinguish canister-level and context-level stages, introducing MasterPublicKey and refactoring serialization and derivation logic accordingly.

• 7a72da08c Crypto: Use a fixed length domain separator for IBE message mask (#5028)
  Review: Matches description + changes are appropriate
  Notes: This commit standardizes IBE message mask domain separators by enforcing a fixed-length format using zero-padded 20-digit lengths.

• 230b080ae Execution,Interface: refine ErrorHelp::ToolchainError (#5122)
  Review: Matches description + changes are appropriate
  Notes: This commit improves error messaging by clarifying that outdated test environments like dfx might cause toolchain-related issues, guiding users to update them before reporting.

• f8d49eb9c Execution,Interface: Add error doc link for canister snapshot limit error. (#5078)
  Review: Matches description + changes are appropriate
  Notes: This commit adds user guidance and documentation link to the SnapshotLimitExceeded error, enhancing clarity and directing users to the spec for resolution.

• e309dc2af Execution,Interface: Add error doc for CanisterManagerError::ReservedCyclesLimitIsTooLow (#5074)
  Review: Matches description + changes are appropriate
  Notes: This commit adds documentation for the ReservedCyclesLimitIsTooLow error.

• d1dc4c2dc Interface: Update Rust to 1.86.0 (#5059)
  Review: Matches description + changes are appropriate
  Notes: This commit upgrades the Rust toolchain to 1.86.0 and adjusts code and configs accordingly, acknowledging minor WASM instruction count regressions in select benchmarks.

• f68a58fab Interface: update Rust to 1.85.1 (#4340)
  Review: Matches description + changes are appropriate
  Notes: This commit updates Rust to 1.85.1 and refactors various code sections to reduce verbosity and satisfy clippy across multiple modules.

• 182119f38 Interface,Message Routing: Don’t deliver ALREADY_EXISTS checkpoint in state sync (#5121)
  Review: Matches description + changes are appropriate
  Notes: This commit prevents redundant state sync delivery when a checkpoint at the same height already exists due to execution progress.

• 7443f1e1c Owners(IDX): rules_rust: 0.56.0 → 0.61.0 (#4574)
  Review: Matches description + changes are appropriate
  Notes: This commit upgrades rules_rust from version 0.56.0 to 0.61.0 to support Rust toolchain 1.85.1 and updates related Bazel lockfiles.

• dabab3d1c Node: Update boot args key to extra_boot_args_template (#5073)
  Review: Matches description + changes are appropriate
  Notes: This commit renames boot_args_template to extra_boot_args_template in Bazel image configuration for consistency across OS build scripts.

• 7269994c8 Node(IDX): move ic-os upload to BUILD.bazel (#5070)
  Review: Matches description + changes are appropriate
  Notes: This commit moves artifact upload logic from the icos_build() function into specific BUILD.bazel files.

• f5749622f Node(IDX): extract file size checks from icos_build (#5054)
  Review: Matches description + changes are appropriate
  Notes: This commit moves file size checks from the icos_build macro into BUILD.bazel files, improving transparency and simplifying macro logic.

• ebd587595 Node(IDX): rename checksum_rule to artifact_bundle (#5002)
  Review: Matches description + changes are appropriate
  Notes: This commit renames the checksum_rule to artifact_bundle for clarity and updates all related usage, reflecting its broader functionality beyond checksumming.

• f25b30020 Node: Update Base Image Refs [2025-05-08-0807] (#5033)
  Review: Matches description + changes are appropriate
  Notes: Automated update to refresh the base container image references for the ICOS components

Refactoring:

• 1f4a5986f Consensus,Interface(orchestrator): Remove dependency to canister_client in orchestrator (#5104)
  Review: Matches description + changes are appropriate
  Notes: This commit removes the dependency on the unmaintained canister_client crate in the orchestrator, replacing it with the better-supported ic-agent crate and refactoring signer logic accordingly.

• 830f4caa9 Interface: remove direct dependency on ic-cdk-macros (#5144)
  Review: Matches description + changes are appropriate
  Notes: This commit removes the explicit dependency on ic-cdk-macros across all crates, simplifying the dependency graph by relying solely on the re-exports provided by ic-cdk.

• d2c64c332 Interface,Node: Factor out generate_guestos_config into a library function and add tests (#5256)
  Review: Matches description + changes are appropriate
  Notes: This commit extracts generate_guestos_config into a reusable library function, improves test coverage, and simplifies config generation by computing the GuestOS IP from the HostOS config directly.

• bb76b8f5a Node: Load entire kernel cmdline from boot partition (#5101)
  Review: Matches description + changes are appropriate
  Notes: This commit moves kernel command line logic from GRUB to a build-time-generated boot_args file on the boot partition, improving determinism and SEV-SNP support.

• b8306005e Node: Refactor partition image targets to remove redundancy (#5127)
  Review: Matches description + changes are appropriate
  Notes: This commit refactors the icos_build logic by eliminating redundant code for partition and update image targets through structured loops and dynamic naming.

• 492fdcea6 Consensus,Interface(replay): Unit test for Player::get_changes_since in rs/replay. (#5022)
  Review: Matches description + changes are appropriate
  Notes: This commit adds a unit test for Player::get_changes_since to verify chunked registry records are correctly reconstituted using mocked Registry canister responses.

• 59ad18a77 Interface(nervous_system/canister): Test getting large Registry mutations from a canister. (#5043)
  Review: Matches description + changes are appropriate
  Notes: This commit adds an integration test canister to verify registry_changes_since handles large Registry mutations correctly from within a canister environment.

• 4b0953166 Interface: Extend some unit tests with vet keys (#5010)
  Review: Matches description + changes are appropriate
  Notes: This commit extends unit tests to support VetKD keys by configuring them with zero pre-signatures, ensuring broader cryptographic coverage across subnet configuration scenarios.

Tests:

• f326b9faf Consensus,Interface(replay): Integration test for get_changes_since in replay. (#5164)
  Review: Matches description + changes are appropriate
  Notes: This commit adds an integration test for get_changes_since in replay, refactors it to be async for cleaner usage, and reuses setup logic from existing registry tests.

Features:

• 2857e0d9d
  Summary: Use HTTPS to fetch CUP.
  Notes: Use HTTPS for its security features instead of the HTTP web communication protocol to fetch CUP.
  Review: The description matches the code changes.

• e0d7421a8
  Summary: Log the chain keys on every CUP height.
  Notes: Log an info message, public keys of the subnet for chain keys present on the subnet.
  Review: The description matches the code changes.

• 566b26b51
  Summary: add more timeouts to the nns delegation fetching logic.
  Notes: Add a 10-second timeout for connecting to an nns node and another 10-second timeout when sending a request to an nns node. These additional timeouts should help when there are connectivity problems between the replica and nns node. This functionality has been tested through the tests.
  Review: The description matches the code changes.

• c546ec087
  Summary: Add ic-secp256r1 package.
  Notes: Move package rs/crypto/ecdsa_secp256r1 to packages/ic-secp256r1.
  Review: The description matches the code changes.

• 4be430732
  Summary: Added use ic_cdk::println; to files that lack it.
  Notes: Normalize usages of println to ic_cdk::println in cases where it was behaving ambiguously. At times, Rust wouldn’t be able to distinguish which version of println to use.
  Review: The description matches the code changes.

• 1f71efe57
  Summary: Implement the standard.
  Notes: Implement the ICRC-103 standard icrc103_get_allowances in the icrc-ledger-types package, which will update the version to 0.1.9.
  Review: The description matches the code changes.

• b0a3d6dc4
  Summary: Add “Cache-Control: no-store” to all canister /metrics endpoints.
  Notes: Add Cache-Control: no-store header to all canister /metrics endpoints to prevent default caching, which was causing fresh metrics to be seen only every 20 seconds.
  Review: The description matches the code changes.

• 0eb0a97cf
  Summary: Drop loopback stream from certified state.
  Notes: Add MapFilter, which can be used with MapTransformFork, to optionally filter out specific map entries (e.g. the loopback stream). And introduce a new certification V20, which uses this filter to exclude the loopback stream from the certified state tree.
  Review: The description matches the code changes.

• 6b7e973c6
  Summary: Use actual cross-subnet streams in state_manager tests.
  Notes: Refactor state_manager tests to use 2 test subnets to encode and decode cross-subnet streams instead of using a loopback stream, which comprises of 1 subnet.
  Review: The description matches the code changes.

• f199fd67d
  Summary: Write protobufs asynchronously.
  Notes: Improve checkpointing performance by serializing protobufs of canisters and snapshots on the critical path in the background in parallel with the execution, implemented in serialize_protos_to_tip.
  Review: The description matches the code changes.

• 4e32733cb
  Summary: Pipe elasticsearch config through SetupOS.
  Notes: Configure Elasticsearch for a nested GuestOS through SetupOS config (elasticsearch_hosts, elasticsearch_tags).
  Review: The description matches the code changes.

• 4fea8f598
  Summary: Configuration revamp (GuestOS integration).
  Notes: Integrate the config tool into the IC-OS, which can be used for config sanitization, organization, access, and propagation.
  Review: The description matches the code changes.

• 12ade0592
  Summary: Allow zero pre_signatures_to_create_in_advance in vetKD ChainKeyConfig.
  Notes: Allow chain keys that don’t need pre-signatures to be configured with 0 pre_signatures_to_create_in_advance.
  Review: The description matches the code changes.

• a7a57d574
  Summary: Add prefix to artifact bundles
  Notes: Introduce prefix option when creating artifact bundles. This will allow us to use the bundles directly when uploading artifacts to the
  CDN, instead of duplicating the logic of listing artifacts & computing checksums. Update build-ic.sh to support nested build artifacts the same, and a typo.
  Review: The description matches the code changes.

Bugfixes:

• 70e34ea9c
  Summary: canister http response size validation.
  Notes: Update HTTP response if the transformed response size must not exceed max_response_bytes and drop the check for the serialized response size (MAX_CANISTER_HTTP_RESPONSE_BYTES) if no transform is requested.
  Review: The description matches the code changes.

• 6404cdd34
  Summary: disable https in the proxy client if the http flag is true.
  Notes: When the http feature flag is disabled, use let builder = builder.https_only() instead of let builder = builder.https_or_http().
  Review: The description matches the code changes.

• 79472c740
  Summary: revert “refactor(orchestrator): Remove dependency to canister_client in orchestrator”.
  Notes: Revert #5104, commit - 1f4a5986f due to test failures.
  Review: The description matches the code changes.

• 6248e2aeb
  Summary: properly log the time-out in NNS delegation manager.
  Notes: Fix errors in NNS delegation manager since the error messages weren’t being constructed properly, and arguments weren’t being resolved. Use format! instead of String::from.
  Review: The description matches the code changes.

• 7922ceb8f
  Summary: Fix snapshot size calculation.
  Notes: Exclude custom waasm section memory usage as it is not stored in the snapshot, so it shouldn’t be used in the snapshot size calculation as implemented in ExecutionState::memory_usage_in_snapshot.
  Review: The description matches the code changes.

• 05fdb3a47
  Summary: timestamps in nanoseconds in the registry.
  Notes: Use consistent timestamp units (nanoseconds) in the registry.
  Review: The description matches the code changes.

• 0dba014c1
  Summary: don’t cache jemalloc build.
  Notes: Refactor jellmalloc bazel build to prevent the build from caching, build jellmalloc separately to avoid determinism and linking errors.
  Review: The description matches the code changes.

• cd79ce565
  Summary: Re-enable x86-darwin builds.
  Notes: Add x86-darwin platform to supported_platform_triples as it is supported by rust_rules.
  Review: The description matches the code changes.

• e42de0834
  Summary: Fixup test boundary TLS cert ownership.
  Notes: Keep permissions consistent and set ownership of the test boundary TLS certification to ic-replica:nogroup.
  Review: The description matches the code changes.

• bcc5b84bf
  Summary: filebeat exec condition.
  Notes: Move the conditional if the /run/ic-node/etc/filebeat/filebeat.yml file exists to ExecStart, which occurs after ExecCondition, and the file should exist by this point.
  Review: The description matches the code changes.

• b7e15a5d8
  Summary: make upload_chunk idempotent.
  Notes: Make the management canister endpoint upload_chunk idempotent, and refactor consume_cycles_for_instructions and insert_chunk.
  Review: The description matches the code changes.

• 80d9fc533
  Summary: clear canister logs before instantiating new canister during reinstall.
  Notes: Clear canister logs before instantiating the new canister when reinstalling the canister to ensure logs produced during canister start and init hooks aren’t lost.
  Review: The description matches the code changes.

• 9f031af20
  Summary: Remove vm_nr_of_vcpus default value.
  Notes: Remove vm_nr_of_vcpus default value (64) in generate-guestos-config.sh for simplicity.
  Review: The description matches the code changes.

• c46366cb2
  Summary: grub syntax error.
  Notes: Resolves the syntax error causing a node to be rolled back from A to A instead of A to B.
  Review: The description matches the code changes.

Performance improvements:

• 6b72db3f9
  Summary: Performance improvement when building a transcript of a certain ID.
  Notes: Improve performance by iterating over all dealings and support shares of a particular transcript ID only, instead of going over all dealings and support shares in the artifact pool and then sorting by the transcript ID.
  Review: The description matches the code changes.

Chores:

• b55418a22
  Summary: ramp up the new socks proxy discovery to 100%.
  Notes: Update NEW_SOCKS_PROXY_ROLLOUT from 50 to 100 for all HTTP requests, go via an API BN as a socks proxy.
  Review: The description matches the code changes.

• 724ca0463
  Summary: add http_method label for https outcall client metrics.
  Notes: Add http_method to existing HTTP outcall metrics, such as http_request_duration and request_total.
  Review: The description matches the code changes.

• 6d6b47200
  Summary: Replace ic_vetkd_utils with ic_vetkeys.
  Notes: Replace packages/ic-vetkd-utils with ic-vetkeys, which is moved here and is used as a git dependency.
  Review: The description matches the code changes.

• 917b62727
  Summary: Remove workaround for RSA signature malleability.
  Notes: Remove old workaround to check for the malformed rsa crate signatures. This is no longer needed as the issue has been fixed.
  Review: The description matches the code changes.

• 1aeb46aef
  Summary: Improve UserError assert_contains message.
  Notes: Log detailed error in UserError::assert_contains when error codes don’t match for easier debugging.
  Review: The description matches the code changes.

• 1955ccd84
  Summary: Remove code handling compute and memory allocations in install_code.
  Notes: Remove install_code deprecated fields such as memory_allocation and compute_allocation along with their usages/associated tests. In a follow-up PR, InstallCodeArgs will also be removed; for now, it is ignored.
  Review: The description matches the code changes.

• db5fc07c4
  Summary: Add error doc link for canister snapshot not enough cycles error.
  Notes: Improve error logging for CanisterManagerError::CanisterSnapshotNotEnoughCycles.
  Review: The description matches the code changes.

• 6511ed5e2
  Summary: Refactor take_canister_snapshot.
  Notes: Refactor take_canister_snapshot and simplify error handling by not charging cycles on error.
  Review: The description matches the code changes.

• 88079a4d7
  Summary: bump networking crates
  Notes: Upgrade networking crates such as hyper, reqwest andaxum etc.
  Review: The description matches the code changes.

• 59a4303a9
  Summary: refactor ic-boundary more.
  Notes: Clean up redundant code, replace async_scoped with TaskTracker from ic-bn-lib, use derive-new .
  Review: The description matches the code changes.

• 28d24c288
  Summary: remove own caching, use ic-bn-lib.
  Notes: Replace the caching module with the one from ic-bn-lib, remove custom caching metrics, move cache tests into their own module, and update ic-bn-lib and ic-gateway dependencies to correct hashes.
  Review: The description matches the code changes.

• d0ca0b423
  Summary: upgrade ic-bn-lib & ic-gateway.
  Notes: Update ic-bn-lib and ic-gateway dependencies, upgrade html create to 1.3.1 , remove test_non_ascii_url_is_rejected since html now allows ASCII URLs.
  Review: The description matches the code changes.

• 2949c97ba
  Summary: Revert ic-cdk to 0.17.2
  Notes: Revert the ic-cdk from v0.18.0 to v0.17.2 due to some unexpected issues observed.
  Review: The description matches the code changes.

• cc904f521
  Summary: Update Base Image Refs [2025-05-22-0903].
  Notes: Update the base image references used for IC OS.
  Review: The description matches the code changes.

• 2c3d1cbac
  Summary: Group artifact uploads.
  Notes: Groups all artifact upload jobs into a single target, //:upload-artifacts so that a single runnable target can be called separately from the build.
  Review: The description matches the code changes.

• afa56c9f3
  Summary: Update Base Image Refs [2025-05-15-0807]
  Notes: Update the base image references used for IC OS.
  Review: The description matches the code changes.

The below changes are reviewed as part of Proposal 136664.

• 53ac5a6a1
  Summary: add more logs to nns delegation manager.
  Notes: Improve info logs in the NNS delegation manager to help with debugging for flaky tests related to HTTPS delegation by tracing networking layers, including TCP, TLS, and HTTP.
  Review: The description matches the code changes.

• 204e1bda4
  Summary: renaming mentions of ch1-obsdev1 into testnet.
  Notes: Completes the migration to the dm1 cluster by updating naming references from ch1-obsdev1 to testnet.
  Review: The description matches the code changes.

• 97a0e6132
  Summary: Modify VetKD key derivation.
  Notes: Clearly distinguish between the derivation of a canister ID and a user-provided context string into distinct functions. Improve derivation error logging by adding PublicKeyDeserializationError.
  Review: The description matches the code changes.

• 7a72da08c
  Summary: Use a fixed length domain separator for IBE message mask.
  Notes: Pad message lengths to 20 digits for consistent IBE domain separation, avoiding issues from variable-length identifiers.
  Review: The description matches the code changes.

• 230b080ae
  Summary: refine ErrorHelp::ToolchainError.
  Notes: Improve ErrorHelp::ToolchainError log to notify users running in test environments to distinguish compiler issues from test misconfigurations.
  Review: The description matches the code changes.

• f8d49eb9c
  Summary: Add error doc link for canister snapshot limit error.
  Notes: Provides documentation and guidance in the error message for SnapshotLimitExceeded, enhancing user experience and debugging.
  Review: The description matches the code changes.

• e309dc2af
  Summary: Add error doc for CanisterManagerError::ReservedCyclesLimitIsTooLow.
  Notes: Incorporates helpful error messaging and documentation to guide users facing low reserved cycles issues.
  Review: The description matches the code changes.

• d1dc4c2dc
  Summary: Update Rust to 1.86.0.
  Notes: Bumps Rust version across the codebase, Dockerfiles, Bazel rules, and CI pipelines to 1.86.0.
  Review: The description matches the code changes.

• f68a58fab
  Summary: update Rust to 1.85.1.
  Notes: Updates the Rust toolchain from 1.84.0 to 1.85.1 and synchronizes all related configuration files.
  Review: The description matches the code changes.

• 182119f38
  Summary: Don’t deliver ALREADY_EXISTS checkpoint in state sync.
  Notes: Avoids redundant processing in state sync by detecting and skipping existing checkpoints.
  Review: The description matches the code changes.

• 7443f1e1c
  Summary: rules_rust: 0.56.0 → 0.61.0.
  Notes: Upgrades Bazel’s rules_rust to align with Rust 1.85.1 and updates dependencies accordingly.
  Review: The description matches the code changes.

• dabab3d1c
  Summary: Update boot args key to extra_boot_args_template.
  Notes: Standardizes naming across Bazel files by changing boot_args_template to extra_boot_args_template.
  Review: The description matches the code changes.

• 7269994c8
  Summary: move ic-os upload to BUILD.bazel.
  Notes: Moves logic to BUILD.bazel and clarifies the naming to indicate additive boot arguments.
  Review: The description matches the code changes.

• f5749622f
  Summary: extract file size checks from icos_build.
  Notes: Improves readability by relocating file size validation out of macros into BUILD files and enhancing diagnostic messages.
  Review: The description matches the code changes.

• ebd587595
  Summary: rename checksum_rule to artifact_bundle.
  Notes: Refactors Bazel rules for clarity, renaming checksum_rule to artifact_bundle to better reflect its dual role in bundling and checksumming.
  Review: The description matches the code changes.

• f25b30020
  Summary: Update Base Image Refs [2025-05-08-0807].
  Notes: Update the base image references used for IC OS.
  Review: The description matches the code changes.

Refactoring:

• 1f4a5986f
  Summary: Remove dependency to canister_client in orchestrator.
  Notes: Remove unmaintained canister_client dependency and replace it with ic_agent crate which is consistently maintained. However, this has been reverted in 79472c740.
  Review: The description matches the code changes.

• 830f4caa9
  Summary: remove direct dependency on ic-cdk-macros.
  Notes: Refactor the project to rely solely on ic-cdk since ic-cdk-macros are re-exported by ic-cdk and won’t be a direct dependency.
  Review: The description matches the code changes.

• d2c64c332
  Summary: Factor out generate_guestos_config into a library function and add tests.
  Notes: Calculate IP address from the passed config instead of taking it as a separate argument.
  Review: The description matches the code changes.

• bb76b8f5a
  Summary: Load entire kernel cmdline from boot partition.
  Notes: Implement a new mechanism to handle kernel boot arguments
  across GuestOS, HostOS and SetupOS.
  Review: The description matches the code changes.

• b8306005e
  Summary: Refactor partition image targets to remove redundancy.
  Notes: Refactor and simplify the icos_build function in ic-os/defs.bzl.
  Review: The description matches the code changes.

The below changes are reviewed as part of Proposal 136664.

• 492fdcea6
  Summary: Unit test for Player::get_changes_since in rs/replay.
  Notes: Tests registry reconstruction through chunked responses. Also refactors code for testability by isolating core logic.
  Review: The description matches the code changes.

• 59ad18a77
  Summary: Test getting large Registry mutations from a canister.
  Notes: Adds a test canister to verify correct handling of large and small registry mutations via chunked access.
  Review: The description matches the code changes.

• 4b0953166
  Summary: Extend some unit tests with vet keys.
  Notes: Enhances tests to validate zero pre-signature behaviour for VetKD keys alongside ECDSA and Schnorr, including serialization and validation.
  Review: The description matches the code changes.

• d0d202f4b
  Summary: Refactor GuestOS lifecycle management script.
  Notes: Refactor start and stop scripts into a single guestos.sh for improved lifecycle management, since it has several benefits.
  Review: The description matches the code changes.

Tests:

• f326b9faf
  Summary: Integration test for get_changes_since in replay.
  Notes: Add a new integration test for get_changes_since and reuse the setup logic. get_changes_since is refactored for simplicity.
  Review: The description matches the code changes.

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, API Boundary Node Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.