CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

Features:

• e179d8bba
  Summary: Handle checkpointing for canister snapshot uploads.
  Notes: Add the canister snapshot data API to StateMachineTest and handle checkpointing for partial canister snapshots. This is done by updating the memory pages every time the snapshot memory is uploaded using write_snapshot_data.
  Review: The description matches the code changes.
• 37fa6264b
  Summary: Support canister_ranges_* keys.
  Notes: Add support for new canister_ranges_* keys when
  editing registry entries in ic-regedit using the RoutingTable::transformers().
  Review: The description matches the code changes.
• 8a429f677
  Summary: publish logs over websocket.
  Notes: Add support to publish canister request logs containing request size, id, response size, etc. of canister requests over websockets.
  Review: The description matches the code changes.
• ad4762f2a
  Summary: Support canister ranges in ic-prep.
  Notes: Add support for canister_ranges_* keys in ic-prep for the
  routing table, and should be cross-compatible with the new method of storing routing table records.
  Review: The description matches the code changes.
• 02571e821
  Summary: Implement in the ICRC ledger.
  Notes: Implementation of a feature to look up a ledger’s index canister, by adding the index_principal argument to upgrade_ledger, icrc1_ledger_init_arg and icrc106_get_index_principal to look up a ledger’s index canister according to the ICRC-106 standard.
  Review: The description matches the code changes.
• 89d4e6a21
  Summary: Tool to verify key resharing recovery proposal.
  Notes: Add a new tool cup_explorer to check whether the subnet was halted on a CUP, and whether the generated CUP is valid. It also publishes the height and time once verified.
  Review: The description matches the code changes.
• bb368dc3a
  Summary: Don’t mount grub under boot.
  Notes: Use grubenv directly to figure out boot configuration and remove dependency on /boot. There’s no need to use the kernel command line anymore. This change was possible as /grub was made a top-level directory since earlier grubenv used to depend on /boot, as the grub config was mounted at /boot/grub. Moreover, /boot needs to know the configuration to mount the correct partition.
  Review: The description matches the code changes.

Bugfixes:

• fe0aa7c1f
  Summary: refactor and consolidate grub #2.
  Notes: Refactor and fix the test driver as well as update the documentation. This is an extension of 98f466651.
  Review: The description matches the code changes.
• 914133b80
  Summary: Image tags must be lowercase according to the spec.
  Notes: Update the script build_container_filesystem_tar.py to always use lower-case image tags.
  Review: The description matches the code changes.
• 4f7083647
  Summary: revert “fix(node): refactor and consolidate grub #2”.
  Notes: Revert commit 6446247 as it was breaking the test //rs/tests/nested:registration.
  Review: The description matches the code changes.
• 644624780
  Summary: refactor and consolidate grub #2.
  Notes: This is reverted in commit 4f7083647. This change includes a few changes, such as creating boot_args.template for hostos and guestos, creating a bool requires_root_signing, fixing grub backwards compatibility by continuing to pass extra_boot_args and moving boot_args.template files to bootloader/.
  Review: The description matches the code changes.

Chores:

• 65c05992a
  Summary: Disable pprof endpoints.
  Notes: Disable pprof endpoints due to regression issues. Will be fixed in a future PR.
  Review: The description matches the code changes.
• 7dc75ea49
  Summary: Increase acceptable gap between next pending CUP height and notarized height to 130.
  Notes: Increase ACCEPTABLE_NOTARIZATION_CERTIFICATION_GAP from 70 to 130. Earlier subnets with large state, manifest computation would take a long time, thereby delaying the creation of the CUP and stalling the subnet until the manifest and CUP are created, before notarizing new blocks.
  Review: The description matches the code changes.
• 9711ea8bf
  Summary: disable composite query as canister http transform.
  Notes: Disable composite queries used as transform in canister http outcalls.
  and return an error CompositeQueryCalledInReplicatedMode.
  Review: The description matches the code changes.
• 0939e4e4d
  Summary: validate specified_id for canister creation in test environments.
  Notes: Use the provisional_create_canister_with_cycles endpoint in test environments and validate the specified_id during canister creation to prevent crashes or critical errors at a later point.
  Review: The description matches the code changes.
• 3671acb49
  Summary: upgrade rust: 1.85.1 → 1.86.0 (again).
  Notes: Upgrade rust from 1.85.1 to 1.86.0. This was reverted earlier due to test failures that have now been fixed.
  Review: The description matches the code changes.
• 64bc28ba8
  Summary: remove boundary GuestOs and components.
  Notes: Remove boundary GuestOs version as it was deprecated.
  Review: The description matches the code changes.
• 7f24b841c
  Summary: allow dm1 in the HostOS firewall.
  Notes: Add dm1 to HostOS firewall filter, which will open up the firewall. This change was to prevent further test failures, running bazel test --config=systest
  //rs/tests/nested:hostos_upgrade_smoke_testfromdm1` as it was blocked by the HostOS’ firewall.
  Review: The description matches the code changes.
• 502d0fbfe
  Summary: Update Base Image Refs [2025-06-05-0807].
  Notes: Update the base image references used for IC OS.
  Review: The description matches the code changes.

Refactoring:

• 98f466651
  Summary: refactor and consolidate grub.
  Notes: Refactor some files, move all grub.cfg files to
  bootloader/, move bootloader/ grub.cfg to guestos and make grub_config a required parameter and remove extra_boot_args.template and replace it with boot_args.
  Review: The description matches the code changes.

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

Features:

• e179d8bba Execution,Interface,Message Routing: Handle checkpointing for canister snapshot uploads (#5212)
  Review: Matches description + changes are appropriate
  Notes: This commit adds robust support for checkpointing during partial canister snapshot uploads. It introduces metadata and data tracking to enable safe, resumable uploads. It also enhances test coverage via a new test suite and expands the StateMachineTest API to simulate snapshot uploads and validate checkpoint integrity in canister state.

• 37fa6264b Interface(regedit): Support canister_ranges_* keys (#5464)
  Review: Matches description + changes are appropriate
  Notes: This commit adds support for parsing and editing canister_ranges_* keys in ic-regedit, enabling inspection of individual canister range mappings. These keys are interpreted as protobuf-encoded RoutingTable fragments. The change expands key recognition logic and reuses existing RoutingTable deserialization mechanisms for compatibility.

• 8a429f677 Interface: publish logs over websocket (#5470)
  Review: Matches description + changes are appropriate
  Notes: This commit enables real-time log publishing over WebSocket in the boundary node by integrating a log broker and exposing /logs/canister/{id} endpoints. It adds new CLI options for broker configuration, updates middleware to publish structured log messages, and introduces WebSocket support via tokio-tungstenite. New dependencies and feature flags are added for WebSocket handling.

• ad4762f2a Interface(ic-prep): Support canister ranges in ic-prep (#5465)
  Review: Matches description + changes are appropriate
  Notes: This commit enables ic-prep to generate canister_ranges_* registry entries for routing tables, aligning with the updated sharded routing table format. It writes the full routing table under canister_ranges_0, ensuring forward compatibility while still including the legacy routing_table entry for backward support.

• 02571e821 Interface(ICRC_Ledger): Implement in the ICRC ledger (#2857)
  Review: Matches description + changes are appropriate
  Notes: This commit implements ICRC-106 in the ICRC ledger, adding support for specifying and querying the index canister principal. It introduces a new API (icrc106_get_index_principal), tracks the index principal internally, persists it across upgrades, exposes it in metadata, and includes extensive tests for install, upgrade, and downgrade scenarios.

• 89d4e6a21 Interface: Tool to verify key resharing recovery proposal (#5297)
  Review: Matches description + changes are appropriate
  Notes: This commit finalizes ICRC-106 support by tracking and exposing the index canister principal in the ICRC ledger. It updates install/upgrade logic, DID interface, metadata, and tests. The icrc106_get_index_principal query provides access to the index principal, improving ledger-client interoperability in multi-canister ledger deployments.

• bb368dc3a Node: Don’t mount grub under boot (#5426)
  Review: Matches description + changes are appropriate
  Notes: This commit removes the /boot/grub mount, placing GRUB files directly under /grub. It updates bootloader build scripts, fstab configs, systemd generators, Dockerfiles, and documentation accordingly. This simplifies early boot logic and enables direct use of grubenv for boot configuration, eliminating reliance on kernel command-line parsing.

Bugfixes:

• fe0aa7c1f Node: refactor and consolidate grub #2 (#5462)
  Review: Matches description + changes are appropriate
  Notes: This commit consolidates and refactors GRUB configuration and boot argument handling across GuestOS, HostOS, and SetupOS. It standardizes boot argument templates (boot_args) and introduces extra_boot_args for backward compatibility. The change improves maintainability, simplifies boot logic, enables root hash substitution for dm-verity, and updates tests and documentation accordingly.

• 914133b80 Node: Image tags must be lowercase according to the spec (#5477)
  Review: Matches description + changes are appropriate
  Notes: This commit ensures container image tags conform to the OCI spec by converting them to lowercase after replacing disallowed characters. It modifies the generate_image_tag function to call .lower(), preventing invalid tag errors during image publishing or retrieval.

• 4f7083647 Node: revert “fix(node): refactor and consolidate grub #2 (#5437)” (#5455)
  Review: Matches description + changes are appropriate
  Notes: This commit reverts a prior GRUB boot configuration refactor that introduced boot_args templates. The reversion restores the original use of extra_boot_args, simplifying compatibility with existing tests—specifically fixing the failing //rs/tests/nested:registration test. Associated files, aliases, and GRUB logic are rolled back accordingly.

• 644624780 Node: refactor and consolidate grub #2 (#5437)
  Review: Matches description + changes are appropriate
  Notes: This commit refactors and consolidates GRUB boot configuration logic by introducing standardized boot_args.template and extra_boot_args.template files per OS variant. It supports root partition signing with a new requires_root_signing flag, enabling predictable boot measurements while retaining backward compatibility through fallback logic.

Chores:

• 65c05992a Consensus,Interface: Disable pprof endpoints (#5502)
  Review: Matches description + changes are appropriate
  Notes: This commit disables /pprof and /flamegraph routes due to a regression. It replaces handlers with static HTML responses and disables related test coverage temporarily.

• 7dc75ea49 Consensus,Interface: Increase acceptable gap between next pending CUP height and notarized height to 130 (#5448)
  Review: Matches description + changes are appropriate
  Notes: This commit increases the notarization-to-CUP height gap limit to 130 to prevent stalls on large-state subnets. Certified height gap remains 70 for safety.

• 9711ea8bf Consensus,Interface: disable composite query as canister http transform (#5415)
  Review: Matches description + changes are appropriate
  Notes: This commit disables composite queries as canister HTTP transforms, returning an error instead. Related tests are updated to reflect rejection behavior, aligning with spec compliance.

• 0939e4e4d Execution,Interface: validate specified_id for canister creation in test environments (#5269)
  Review: Matches description + changes are appropriate
  Notes: This commit adds validation for specified_id in test environments to prevent invalid canister creation. It rejects IDs within system-reserved allocation ranges, ensuring clarity and robustness.

• 3671acb49 Interface: upgrade rust: 1.85.1 → 1.86.0 (again) (#5453)
  Review: Matches description + changes are appropriate
  Notes: This commit re-applies the Rust upgrade from version 1.85.1 to 1.86.0. The upgrade was previously reverted due to failures on macOS (x86_64-apple-darwin) caused by a linker bug when compiling the hyper crate. A temporary workaround is now implemented: the hyper crate is compiled with opt-level=0 for affected targets.

• 64bc28ba8 Node(boundary): remove boundary GuestOs and components (#5391)
  Review: Matches description + changes are appropriate
  Notes: This commit removes all boundary GuestOs components and related code, simplifying the codebase by eliminating unused build targets, scripts, and configuration. Effectively, it eliminates all traces of boundary-guestos.

• 7f24b841c Node: allow dm1 in the HostOS firewall (#5483)
  Review: Matches description + changes are appropriate
  Notes: This commit updates HostOS firewall rules to allow IPv6 traffic from the dm1 network (2602:fb2b:100::/48), fixing blocked SSH access during testing.

• 502d0fbfe Node: Update Base Image Refs [2025-06-05-0807] (#5425)
  Review: Matches description + changes are appropriate
  Notes: Automated patch. Updates the base image reference for various IC OS components like boundary-guestos, guesos(dev) etcetera

Refactoring:

• 98f466651 Node: refactor and consolidate grub (#5433)
  Review: Matches description + changes are appropriate
  Notes: This commit consolidates GRUB configuration by moving all grub.cfg files to the bootloader/ directory and removing legacy extra_boot_args.

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

proposal/136982

e179d8bba
Matches description disable diff_only

37fa6264b
Adds a new CANISTER_RANGES_PREFIX branch in get_transformer so that keys with that prefix also use the RoutingTable::transformers(), with a TODO to eventually remove the old routing‐table key handling.

8a429f677
Enables Websocket endpoint to subscribe to logs by creating a PubSub broker for the logs subscription.

ad4762f2a
New record is added to the data_provider, whereby the key is make_canister_ranges_key. I do notice that routing_table_record.clone() is now clone() whereby before it wasn’t.

02571e821
Adds initial ICRC-106 support: it introduces Icrc106Error, a new icrc106 module, an index_principal field carried through init/upgrade args, ledger state, metadata, and exposes the icrc106_get_index_principal query while registering the standard in supported_standards(). The scheduler now creates the index canister up front and passes its principal to the ledger.

89d4e6a21
New CLI crate that can download, inspect, cryptographically verify Catch-Up Packages, including detecting whether a subnet is still running, halted, or already recovered. Swaps the old routines for the explorer/verify workflow with structured clap sub-commands. Wraps the RegistryCanister so the tool can authenticate with the NNS public key, read registry keys, and pull the full node list for a subnet.

bb368dc3a
Eliminates the boot directory path associated with grub from build-bootloader-tree.sh. In the creation of directories under grub, the boot parent directory is excluded for guestos, hostos, and setupos. Also, removes grub entry from mount-generator.

914133b80
Force lowercase to generate_image_tag.

fe0aa7c1f
Continues the refactoring work from commit 98f466651, including additional code improvements, documentation updates, and modifications to the test driver.

4f7083647
This reverts that commit 64462478095a7f339559ab6350830d8cf13ce890 that is later followed by changes done in commit fe0aa7c1f.

644624780
Similar changes to commit fe0aa7c1f and 4f7083647

65c05992a
Disable HTTP routes let you trigger and fetch CPU performance profiles for testing and diagnostics.

7dc75ea49
Moved the ACCEPTABLE_NOTARIZATION_ const from notary to consensus. Increased ACCEPTABLE_NOTARIZATION_CUP_GAP to 130.
Bouncer rule any non-CUP artifact whose height is more than ACCEPTABLE_NOTARIZATION_CUP_GAP above the next pending CUP or more than ACCEPTABLE_NOTARIZATION_CERTIFICATION_GAP above the latest certified height will be deferred.

9711ea8bf
Composite queries are no longer permitted to serve as transformations in canister HTTP outcalls.

0939e4e4d
Extra check to validate_specified_id. Good check for better crash errors.

3671acb49
Bumps the Rust toolchain from 1.85.1 to 1.86.0.
Patches the macOS hyper-crate linker bug by applying opt-level=0 on x86_64-apple-darwin in external_crates.bzl.

64bc28ba8
Removes all boundary-guestos entries from code in many files. 114 files deleted.

502d0fbfe
Update base image refs.

98f466651
Rename the single grub.cfg into three explicit exports—guestos_grub.cfg, hostos_grub.cfg, and setupos_grub.cfg. The build_grub_partition macro signature was tightened to require an explicit grub_config label. The icos_build rule now enforces that exactly one of boot_args_template or extra_boot_args is provided.

proposal/136983

bb368dc3a
Same as proposal/136982

fe0aa7c1f
Same as proposal/136982

914133b80
Same as proposal/136982

7f24b841c
Matches description allow dm1 in the HostOS firewall.

502d0fbfe
Same as proposal/136982

98f466651
Same as proposal/136982

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

Features:

• e179d8bba Execution,Interface,Message Routing: Handle checkpointing for canister snapshot uploads (#5212)
  Notes: Adds checkpoint offset tracking for partial canister snapshot uploads and extends StateMachineTest with snapshot data APIs for improved test support.
  Review: Code changes look good and match release notes.

• 37fa6264b Interface(regedit): Support canister_ranges_* keys (#5464)
  Notes: This commit enables ic-regedit to support canister_ranges_* registry keys by matching them with CANISTER_RANGES_PREFIX and applying RoutingTable transformers.
  Review: Code changes look good and match release notes.

• 8a429f677 Interface: publish logs over websocket (#5470)
  Notes: The commit adds WebSocket support to the IC boundary node to enable streaming of logs, improving monitoring and debugging capabilities.
  Review: Code changes look good and match release notes.

• ad4762f2a Interface(ic-prep): Support canister ranges in ic-prep (#5465)
  Notes: Adds support for canister_ranges_* registry keys in ic-prep by writing canister ID range entries using make_canister_ranges_key to enable compatibility with the new routing table storage format.
  Review: Code changes look good and match release notes.

• 02571e821 Interface(ICRC_Ledger): Implement in the ICRC ledger (#2857)
  Notes: Adds support for configuring index_principal during SNS ledger install and upgrade to enable ICRC-106 compatibility, including updated args, tests, and a new icrc106_get_index_principal endpoint.
  Review: Code changes look good and match release notes.

• 89d4e6a21 Interface: Tool to verify key resharing recovery proposal (#5297)
  Notes: Adds a verify-cup-of-halted-subnet feature to the cup_explorer tool that validates a subnet’s CUP file by checking its integrity, signature, and halted state using NNS registry data to ensure it’s suitable for recovery proposals.
  Review: Code changes look good and match release notes.

• bb368dc3a Node: Don’t mount grub under boot (#5426)
  Notes: This commit relocates grub files and mount points from /boot/grub to /grub, updating scripts to enable direct use of grubenv without mounting grub under /boot.
  Review: Code changes look good and match release notes.

Bugfixes:

• fe0aa7c1f Node: refactor and consolidate grub #2 (#5462)
  Notes: This commit refines the grub consolidation by fixing test driver scripts to ensure proper test execution and updates documentation to reflect the latest changes
  Review: Code changes look good and match release notes.

• 914133b80 Node: Image tags must be lowercase according to the spec (#5477)
  Notes: The code change updates the generate_image_tag function to convert the image tag to lowercase according to the specification.
  Review: Code changes look good and match release notes.

• 4f7083647 Node: revert “fix(node): refactor and consolidate grub #2 (#5437)” (#5455)
  Notes: This commit reverts the grub bootloader refactor that unified boot argument handling due to test failures, restoring separate Bazel build rules and grub.cfg scripts for distinct boot_args and extra_boot_args processing
  Review: Code changes look good and match release notes.

• 644624780 Node: refactor and consolidate grub #2 (#5437)
  Notes: This refactor standardizes kernel boot argument handling across GuestOS, HostOS, and SetupOS to enhance AMD SEV measurement support, and lay the groundwork for improved SELinux enforcement.
  Review: Code changes look good and match release notes.

Chores:

• 65c05992a Consensus,Interface: Disable pprof endpoints (#5502)
  Notes: The commit temporarily disables the pprof profiling endpoints and related tests due to a regression by replacing them with a static message.
  Review: Code changes look good and match release notes.

• 7dc75ea49 Consensus,Interface: Increase acceptable gap between next pending CUP height and notarized height to 130 (#5448)
  Notes: This commit raises the gap between notarized heights and pending CUP that can be accommodated from 70 to 130 in order to prevent subnet stalls for long manifest calculations, whereas the gap between notarized and certified height is still 70 but with corrected logic.
  Review: Code changes look good and match release notes.

• 9711ea8bf Consensus,Interface: disable composite query as canister http transform (#5415)
  Notes: This commit modifies QueryContext to return a UserError with ErrorCode::CompositeQueryCalledInReplicatedMode and a specific error message when a composite query is used as a canister HTTP transform, and updates the test test_composite_transform_function_is_not_allowed to verify that such calls fail with a RejectCode::CanisterError and the expected rejection message.
  Review: Code changes look good and match release notes.

• 0939e4e4d Execution,Interface: validate specified_id for canister creation in test environments (#5269)
  Notes: This commit adds validation for the specified_id parameter in the management canister’s provisional_create_canister_with_cycles endpoint during canister creation in test environments to prevent crashes or critical errors caused by invalid IDs.
  Review: Code changes look good and match release notes.

• 3671acb49 Interface: upgrade rust: 1.85.1 → 1.86.0 (again) (#5453)
  Notes: This commit reapplies the Rust upgrade to 1.86.0 and works around macOS test failures by building the hyper crate with opt-level=0 to avoid a linker bug causing bad code generation.
  Review: Code changes look good and match release notes.

• 64bc28ba8 Node(boundary): remove boundary GuestOs and components (#5391)
  Notes: This commit removes the boundary GuestOs and its related components from the codebase.
  Review: Code changes look good and match release notes.

• 502d0fbfe Node: Update Base Image Refs [2025-06-05-0807] (#5425)
  Notes: Updates the base container image references to newer versions to have secure container images.
  Review: Code changes look good and match release notes.

Refactoring:

• 98f466651 Node: refactor and consolidate grub (#5433)
  Notes: This commit refactors the grub configuration by moving all grub.cfg files into the ic-os/bootloader/ directory, making grub_config a required parameter in the build macro and removing extra_boot_args.template in favor of a unified boot_args.template with SELinux options.
  Review: Code changes look good and match release notes.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, API Boundary Node Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.