Proposal to elect new release rc--2025-06-19_03-24

Governance NNS proposal discussions
,
1

Hello there!

We are happy to announce that voting is now open for a new GuestOS release.
The NNS proposal is here: IC NNS Proposal 137072.

Here is a summary of the changes since the last GuestOS release:

Release Notes for release-2025-06-19_03-24-base (035f978fb5cffaef57f73242e1bb2a56423e84c3)

This release is based on changes since release-2025-06-12_03-23-base (3564b37939f037ba4d051ada88251c13954597d2).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the GuestOS image.
Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

  • 678c57630 Consensus,Interface: proxy application subnet requests via the http gateway (#5597)
  • 1e49d4d21 Execution,Interface: Add System Api for environment variables (#5418)
  • 140fd8eda Execution,Interface: Verify uploaded snapshot before loading (#5556)
  • e90aafee4 Interface,Message Routing: Have XNetPayloadBuilder prioritize signals (#5504)
  • 40fb40a7c Interface,Message Routing: Exclude loopback stream from the certified state (#5508)
  • 5ec9d8184 Node: Remove use of dfinity.system kernel arg (#5516)

Bugfixes:

  • 6618ed24c Execution,Interface: Do not return system state changes on errors for composite queries (#5567)
  • 56b6f0e3b Execution,Interface: Consolidate how caller is extracted from System API (#5542)

Chores:

  • c95f15d32 Consensus,Interface(idkg): add a new metric for the time taken to create an IDkg payload (#5540)
  • 83173d3a8 Execution,Interface: add http outcalls cost metrics (#5562)
  • 0d4f7303e Execution,Interface: Remove mint_cycles API (#5339)
  • eab724998 Execution,Interface: Remove redundant allow clippy (#5555)
  • 2d4aeb95a Execution,Interface: EXC: Update wasmtime to 33.0.0 (#5515)
  • 99da8cb4a Execution,Interface(consensus): Filter for just VetKD keys when building VetKD payloads (#5513)
  • 78fed0772 Interface,Message Routing: Clarify some checkpointing log messages (#5612)
  • 3ef79155d Interface,Message Routing: Enable incremental manifest computation on the NNS (#5573)
  • 60b0e37ea Interface,Node(node): Remove update-config component (#5607)
  • dce3f7254 Interface,Node: Clean up generate-guestos-config (#5590)
  • b62d0d528 Interface,Node: Remove unused channel from GuestVM config (#5544)
  • cf02b539d Owners(ICRC_Ledger): Remove unused ic-cdk dependency from icrc-ledger-types (#5599)
  • 764122818 Owners(IDX): upgrade to bazel 7.6.1 (#5538)
  • 63971ea2b Node: Update Base Image Refs [2025-06-12-0807] (#5519)
  • df3d8c318 Node(IDX): drop unused icos targets (#5489)

Refactoring:

  • 96cd3f914 Execution,Interface: Use CompositeQuery System Api type (#5550)
  • 5f94f7503 Execution,Interface: Drop unnecessary match in is_controller (#5551)
  • 71d1cac70 Interface,Node(node): remove old config pipeline (#5414)
  • dc6e5f6cc Interface,Node: Move Guest VM management script to Rust (#5435)

Other changes:

  • d1c34bc1e Interface,Message Routing: “chore: Enable incremental manifest computation on the NNS” (#5586)
  • bad23c4b4 Owners: “fix(IDX): don’t cache jemalloc build (#5174)” (#5534)

Full list of changes (including the ones that are not relevant to GuestOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS GuestOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 035f978fb5cffaef57f73242e1bb2a56423e84c3 --guestos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new GuestOS version here, you have the option to verify the build reproducibility of the HostOS by passing --hostos to the script above instead of --guestos, or the SetupOS by passing --setupos.

1 Like
2

Hello there!

We are happy to announce that voting is now open for a new HostOS release.
The NNS proposal is here: IC NNS Proposal 137073.

Here is a summary of the changes since the last HostOS release:

Release Notes for release-2025-06-19_03-24-base (035f978fb5cffaef57f73242e1bb2a56423e84c3)

This release is based on changes since release-2025-06-12_03-23-base (3564b37939f037ba4d051ada88251c13954597d2).

Please note that some commits may be excluded from this release if they’re not relevant, or not modifying the HostOS image. Additionally, descriptions of some changes might have been slightly modified to fit the release notes format.

To see a full list of commits added since last release, compare the revisions on GitHub.

Features:

Chores:

  • 60b0e37ea Interface,Node(node): Remove update-config component (#5607)
  • dce3f7254 Interface,Node: Clean up generate-guestos-config (#5590)
  • b62d0d528 Interface,Node: Remove unused channel from GuestVM config (#5544)
  • 63971ea2b Node: Update Base Image Refs [2025-06-12-0807] (#5519)

Refactoring:

  • 71d1cac70 Interface,Node(node): remove old config pipeline (#5414)
  • dc6e5f6cc Interface,Node: Move Guest VM management script to Rust (#5435)

Full list of changes (including the ones that are not relevant to HostOS) can be found on GitHub.

IC-OS Verification

To build and verify the IC-OS HostOS disk image, after installing curl if necessary (sudo apt install curl), run:

# From https://github.com/dfinity/ic#verifying-releases
curl -fsSL https://raw.githubusercontent.com/dfinity/ic/master/ci/tools/repro-check | python3 - -c 035f978fb5cffaef57f73242e1bb2a56423e84c3 --hostos

The two SHA256 sums printed above from a) the downloaded CDN image and b) the locally built image, must be identical, and must match the SHA256 from the payload of the NNS proposal.

While not required for this NNS proposal, as we are only electing a new HostOS version here, you have the option to verify the build reproducibility of the GuestOS by passing --guestos to the script above instead of --hostos, or the SetupOS by passing --setupos.

3

Proposal 137072 & 137073 - Hamish | CodeGov

Vote: Adopt
Reason: I have successfully run the build script and in my opinion all the commits listed look fine and match their descriptions.

Screenshot 2025-06-20 at 23.33.39
Screenshot 2025-06-20 at 23.33.391912×978 201 KB

Features:

  • 678c57630 Consensus,Interface: proxy application subnet requests via the http gateway (#5597)
    Review: Looks fine + matches description
    Notes: Updates the HTTP outcalls adapter on application subnets to fallback to using the SOCKs proxy if the direct request initially fails, for now the proxy will also fail because the domain name resolves to the API boundary nodes which reject requests from application subnets, but in the future the domain name will resolve to machines that will accept these requests.

  • 1e49d4d21 Execution,Interface: Add System Api for environment variables (#5418)
    Review: Looks fine + matches description
    Notes: Extends the system API (ic0) with functions which allow a canister to iterate its environment variables and look up their values.

  • 140fd8eda Execution,Interface: Verify uploaded snapshot before loading (#5556)
    Review: Looks fine + matches description
    Notes: Modifies load_canister_snapshot to verify that the global values exported by the new snapshot match those exported by its wasm module, also checks that the snapshot’s LowWasmMemory hook status is consistent with the canister’s state. If either checks fail, a CanisterSnapshotInconsistent error is returned.

  • e90aafee4 Interface,Message Routing: Have XNetPayloadBuilder prioritize signals (#5504)
    Review: Looks fine + matches description
    Notes: Modifies how the XNet payload builder works by making it iterate twice over the input streams, the first time it sets msg_limit to 0 to only extract the headers, then if there is space remaining it iterates again and this time extracts the messages. This way the signals contained in headers are prioritised over messages, these signals are much smaller than messages and many of them allow resources to be freed on the receiving side, so by prioritising them the overall load on the IC can drop.

  • 40fb40a7c Interface,Message Routing: Exclude loopback stream from the certified state (#5508)
    Review: Looks fine + matches description
    Notes: Bumps CURRENT_CERTIFICATION_VERSION to V20 which means the loopback stream will now be excluded from the certified state, then updates the stream builder to skip the is_at_limit check for the loopback stream.

  • 5ec9d8184 Node: Remove use of dfinity.system kernel arg (#5516)
    Review: Looks fine + matches description
    Notes: Removes the dfinity.system boot arg from GuestOS and HostOS by switching to using grubenv to set the CURRENT_SYSTEM value (rather than setting it by reading the dfinity.system boot arg).

Bugfixes:

  • 6618ed24c Execution,Interface: Do not return system state changes on errors for composite queries (#5567)
    Review: Looks fine + matches description
    Notes: Ensures that no system state changes are returned after executing a composite query if the query resulted in an execution error.

  • 56b6f0e3b Execution,Interface: Consolidate how caller is extracted from System API (#5542)
    Review: Looks fine + matches description
    Notes: Updates ic0_msg_caller_size and ic0_msg_caller_copy to grab the caller via .api_type.caller() (as all other System API functions do), rather than using get_msg_caller_id (which has now been removed).

Chores:

  • c95f15d32 Consensus,Interface(idkg): add a new metric for the time taken to create an IDkg payload (#5540)
    Review: Looks fine + matches description
    Notes: Introduces the idkg_payload_duration_seconds metric and updates it within the IDKG payload builder each time create_data_payload is called.

  • 83173d3a8 Execution,Interface: add http outcalls cost metrics (#5562)
    Review: Looks fine + matches description
    Notes: Adds new HTTP outcalls metrics, partially to track request/response sizes, but most notably to track how cycles charges compare between the current fees and a new proposed fee structure. It does this by calculating what the fee would be using each algorithm and then comparing the costs.

  • 0d4f7303e Execution,Interface: Remove mint_cycles API (#5339)
    Review: Looks fine + matches description
    Notes: Removes ic0::mint_cycles which has been supplanted by ic0::mint_cycles128. These functions were only callable by the CMC, and now that the CMC has been switched over to mint_cycles128, the old function can safely be removed.

  • eab724998 Execution,Interface: Remove redundant allow clippy (#5555)
    Review: Looks fine + matches description
    Notes: Removes a clippy #[allow(clippy::too_many_arguments)] attribute which is no longer needed because the linked function now only has 5 args.

  • 2d4aeb95a Execution,Interface: EXC: Update wasmtime to 33.0.0 (#5515)
    Review: Looks fine + matches description
    Notes: Bumps wasmtime from 32.0.0 to 33.0.0.

  • 99da8cb4a Execution,Interface(consensus): Filter for just VetKD keys when building VetKD payloads (#5513)
    Review: Looks fine + matches description
    Notes: Updates how VetKey ids are retrieved by calling the new is_vetkd_key function rather than using !key_id.is_idkg_key(), the old method is less future-proof since subsequent keys may be added which also are not IDKG keys.

  • 78fed0772 Interface,Message Routing: Clarify some checkpointing log messages (#5612)
    Review: Looks fine + matches description
    Notes: Adds more details to checkpointing log messages by replacing “Created checkpoint …” with “Created unverified checkpoint …” and by adding a new log message once the checkpoint has been validated.

  • 3ef79155d Interface,Message Routing: Enable incremental manifest computation on the NNS (#5573)
    Review: Looks fine + matches description
    Notes: Enables incremental manifest computation on the NNS subnet by removing the logic which was specifically excluding it. This will make checkpointing faster, but was previously disabled for safety reasons, but given that all other subnets have been using incremental manifest computations for many years now, it was decided that it was safe to also do it for the NNS subnet.

  • 60b0e37ea Interface,Node(node): Remove update-config component (#5607)
    Review: Looks fine + matches description
    Notes: Removes the deprecated update-config component and its corresponding services. This was just a temporary tool for updating from the old config setup to the new setup, which is now complete.

  • dce3f7254 Interface,Node: Clean up generate-guestos-config (#5590)
    Review: Looks fine + matches description
    Notes: Removes the generate-guestos-config.service and all the code that is no longer used since its deletion.

  • b62d0d528 Interface,Node: Remove unused channel from GuestVM config (#5544)
    Review: Looks fine + matches description
    Notes: Removes the unused QEMU channel from the various GuestVM config files.

  • cf02b539d Owners(ICRC_Ledger): Remove unused ic-cdk dependency from icrc-ledger-types (#5599)
    Review: Looks fine + matches description
    Notes: Exactly what the description says, it removes the unused ic-cdk dependency from icrc-ledger-types.

  • 764122818 Owners(IDX): upgrade to bazel 7.6.1 (#5538)
    Review: Looks fine + matches description
    Notes: Bumps Bazel from 7.6.0 to 7.6.1.

  • 63971ea2b Node: Update Base Image Refs [2025-06-12-0807] (#5519)
    Review: Looks fine + matches description
    Notes: Updates the base IC-OS image references.

  • df3d8c318 Node(IDX): drop unused icos targets (#5489)
    Review: Looks fine + matches description
    Notes: Cleans up a few unused IC-OS build targets then adds the manual tag to the remaining targets so that they are only built if explicitly depended upon.

Refactoring:

  • 96cd3f914 Execution,Interface: Use CompositeQuery System Api type (#5550)
    Review: Looks fine + matches description
    Notes: Introduces the ApiType::CompositeQuery variant and removes the query_kind field from the ApiType::NonReplicatedQuery, so now composite queries are differentiated from normal queries at the ApiType level.

  • 5f94f7503 Execution,Interface: Drop unnecessary match in is_controller (#5551)
    Review: Looks fine + matches description
    Notes: Drops the match statement within ic0_is_controller because it was simply matching with every subtype in a single branch.

  • 71d1cac70 Interface,Node(node): remove old config pipeline (#5414)
    Review: Looks fine + matches description
    Notes: Removes a load of code to do with the old config pipeline because now even if a rollback were to occur, all nodes would still be on the new config pipeline.

  • dc6e5f6cc Interface,Node: Move Guest VM management script to Rust (#5435)
    Review: Looks fine + matches description
    Notes: Rewrites the guestos.sh script which orchestrated starting/stopping GuestOS to Rust, with the bulk of the logic being in the new guest_vm.rs file. Then updates the
    guestos.service to use /opt/ic/bin/hostos_tool run-guest-vm to run GuestOS rather than the new removed guestos.sh.

Other changes:

  • d1c34bc1e Interface,Message Routing: “chore: Enable incremental manifest computation on the NNS” (#5586)
    Review: Looks fine + matches description
    Notes: This simply reverts commit 3ef79155d.

  • bad23c4b4 Owners: “fix(IDX): don’t cache jemalloc build (#5174)” (#5534)
    Review: Looks fine + matches description
    Notes: This reverts commit 0dba014 from last week’s release since it turns out jemalloc is not the root cause of the build determinism failures.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

4

Proposal: 137072 & 137073 - Manvick | ZenithCode

Summary:

  1. Build Hash: The build hash matches
  2. Summary: The release notes matches the code changes
  3. Vote: Adopt

137072
1370721920×900 156 KB

Commits

Features:

  • 678c57630 Consensus,Interface: proxy application subnet requests via the http gateway (#5597)
    Review: Matches description + changes are appropriate
    Notes: This commit adds fallback proxy support for application subnets: if a direct HTTPS request fails, it is retried via a SOCKS5 proxy (socks5h://socks5.ic0.app:1080). This prepares the system to support IPv4-only services like Stripe, without affecting system subnets or successful requests.

  • 1e49d4d21 Execution,Interface: Add System Api for environment variables (#5418)
    Review: Matches description + changes are appropriate
    Notes: This commit introduces a new System API for canisters to access environment variables. It adds functions like ic0.env_var_count, env_var_name_copy, and env_var_value_copy, allowing canisters to read predefined environment variables securely during execution. This feature is behind a flag and includes extensive validation and test coverage.

  • 140fd8eda Execution,Interface: Verify uploaded snapshot before loading (#5556)
    Review: Matches description + changes are appropriate
    Notes: This commit checks that the snapshot’s exported globals match those of the current Wasm module and that the on-low-wasm-memory hook status is consistent with the actual canister state. If discrepancies are detected, the system rejects the snapshot to prevent loading potentially corrupted or invalid state. Comprehensive tests are included to ensure proper enforcement of these consistency checks.

  • e90aafee4 Interface,Message Routing: Have XNetPayloadBuilder prioritize signals (#5504)
    Review: Matches description + changes are appropriate
    Notes: This commit updates the XNetPayloadBuilder to prioritize signal-only stream slices over message-carrying slices when building a payload. The builder now first attempts to include as many header-only slices with new signals as possible. Only after signal slices are included does it attempt to add message-carrying slices, replacing existing ones if space allows. The commit also updates validation logic and test coverage to reflect this behavior change.

  • 40fb40a7c Interface,Message Routing: Exclude loopback stream from the certified state (#5508)
    Review: Matches description + changes are appropriate
    Notes: This commit updates the certified state format (to version V20) by excluding the loopback stream, messages sent from a subnet to itself, from certification. Loopback streams are no longer bounded by size constraints since they are not part of the certified state and won’t be transmitted externally. The change simplifies stream management logic and improves efficiency, especially for system subnets. The commit also updates test infrastructure and hash expectations to reflect this change.

  • 5ec9d8184 Node: Remove use of dfinity.system kernel arg (#5516)
    Review: Matches description + changes are appropriate
    Notes: This commit removes the use of the dfinity.system kernel argument, simplifying boot logic. Instead, it now reads the active boot partition (boot_alternative) directly from the grubenv file, which is more reliable and aligns with recent improvements in boot configuration handling. This change affects both GuestOS and HostOS boot processes, updating templates and mount generator scripts to parse grubenv instead of relying on kernel command-line arguments.

Bugfixes:

  • 6618ed24c Execution,Interface: Do not return system state changes on errors for composite queries (#5567)
    Review: Matches description + changes are appropriate
    Notes: This commit ensures that composite queries do not return any system state changes if an error occurs during their execution. Previously, some changes could still be returned despite the error, which was inconsistent with the isolated and discardable nature of composite query execution. This fix enforces correctness by explicitly clearing all system state modifications upon an error.

  • 56b6f0e3b Execution,Interface: Consolidate how caller is extracted from System API (#5542)
    Review: Matches description + changes are appropriate
    Notes: This commit consolidates and standardizes how the caller’s identity is retrieved within the System API by ensuring all access goes through the ApiType::caller() method. Previously, a separate method in SystemApiImpl (get_msg_caller_id) duplicated this logic but introduced inconsistencies, especially after a past change in the availability of ic0.msg_caller*. This cleanup eliminates the duplicate logic, fixes edge case behavior, and improves maintainability. Associated tests and helper code were also updated accordingly to rely solely on the unified ApiType::caller() method.

Chores:

  • c95f15d32 Consensus,Interface(idkg): add a new metric for the time taken to create an IDkg payload (#5540)
    Review: Matches description + changes are appropriate
    Notes: This commit adds the idkg_payload_duration_seconds metric, a histogram that measures the time taken to create an IDKG payload.

  • 83173d3a8 Execution,Interface: add http outcalls cost metrics (#5562)
    Review: Matches description + changes are appropriate
    Notes: This commit adds detailed metrics to compare current and proposed HTTP outcall cost formulas, including histograms for both pricing models, their difference, ratio, and key size parameters.

  • 0d4f7303e Execution,Interface: Remove mint_cycles API (#5339)
    Review: Matches description + changes are appropriate
    Notes: This commit removes the deprecated ic0.mint_cycles API in favor of mint_cycles128.

  • eab724998 Execution,Interface: Remove redundant allow clippy (#5555)
    Review: Matches description + changes are appropriate
    Notes: This commit removes a now-unnecessary #[allow(clippy::too_many_arguments)] attribute from a function that no longer has excessive parameters.

  • 2d4aeb95a Execution,Interface: EXC: Update wasmtime to 33.0.0 (#5515)
    Review: Matches description + changes are appropriate
    Notes: bumps wasmtime to 33.0.0 across the codebase

  • 99da8cb4a Execution,Interface(consensus): Filter for just VetKD keys when building VetKD payloads (#5513)
    Review: Matches description + changes are appropriate
    Notes: This commit adds a stricter key-type filter when building VetKD payloads.

  • 78fed0772 Interface,Message Routing: Clarify some checkpointing log messages (#5612)
    Review: Matches description + changes are appropriate
    Notes: This commit updates checkpointing log messages to clarify that an unverified checkpoint is initially created, and logs the duration for both creation and validation.

  • 3ef79155d Interface,Message Routing: Enable incremental manifest computation on the NNS (#5573)
    Review: Matches description + changes are appropriate
    Notes: This commit enables incremental manifest computation on the NNS subnet, aligning it with all other subnets.

  • 60b0e37ea Interface,Node(node): Remove update-config component (#5607)
    Review: Matches description + changes are appropriate
    Notes: This commit fully removes the now-obsolete update-config component.

  • dce3f7254 Interface,Node: Clean up generate-guestos-config (#5590)
    Review: Matches description + changes are appropriate
    Notes: This commit removes all code and systemd service definitions related to the now-obsolete generate-guestos-config logic

  • b62d0d528 Interface,Node: Remove unused channel from GuestVM config (#5544)
    Review: Matches description + changes are appropriate
    Notes: This commit removes an unused QEMU guest agent communication channel from GuestVM configurations and templates

  • cf02b539d Owners(ICRC_Ledger): Remove unused ic-cdk dependency from icrc-ledger-types (#5599)
    Review: Matches description + changes are appropriate
    Notes: removes redundant dependency ic-cdk

  • 764122818 Owners(IDX): upgrade to bazel 7.6.1 (#5538)
    Review: Matches description + changes are appropriate
    Notes: bumps bazel to 7.6.1

  • 63971ea2b Node: Update Base Image Refs [2025-06-12-0807] (#5519)
    Review: Matches description + changes are appropriate
    Notes: Automated patch. Updates the base image reference for various IC OS components like boundary-guestos, guesos(dev) etcetera.

  • df3d8c318 Node(IDX): drop unused icos targets (#5489)
    Review: Matches description + changes are appropriate
    Notes: This commit removes unused IC-OS build targets and marks remaining icos_build targets as manual

Refactoring:

  • 96cd3f914 Execution,Interface: Use CompositeQuery System Api type (#5550)
    Review: Matches description + changes are appropriate
    Notes: This commit replaces NonReplicatedQueryKind with a new CompositeQuery API type for cleaner query handling.

  • 5f94f7503 Execution,Interface: Drop unnecessary match in is_controller (#5551)
    Review: Matches description + changes are appropriate
    Notes: This commit simplifies ic0_is_controller by removing an unnecessary match on api_type, since the method is valid across all contexts.

  • 71d1cac70 Interface,Node(node): remove old config pipeline (#5414)
    Review: Matches description + changes are appropriate
    Notes: This commit removes the legacy configuration pipeline for IC-OS nodes, completing the migration to the new config system.

  • dc6e5f6cc Interface,Node: Move Guest VM management script to Rust (#5435)
    Review: Matches description + changes are appropriate
    Notes: This commit rewrites the Guest VM management script (guestos.sh) in Rust to improve type safety and testability, eliminating shell-script dependencies and replacing static config assumptions with runtime-generated config files; the legacy Bash script and related service coupling are removed, and supporting CI/docker references are updated.

Other changes:

  • d1c34bc1e Interface,Message Routing: “chore: Enable incremental manifest computation on the NNS” (#5586)
    Review: Matches description + changes are appropriate
    Notes: This commit reverts incremental manifest computation on the NNS subnet to fix a nightly backup test failure caused by state divergence when checkpoint files are modified.

  • bad23c4b4 Owners: “fix(IDX): don’t cache jemalloc build (#5174)” (#5534)
    Review: Matches description + changes are appropriate
    Notes: This commit reverts a prior workaround that built jemalloc separately to avoid cache issues

About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

5

Proposal 137072 & 137073 – LaCosta | CodeGov

Vote: ADOPT

image
image1378×550 82.6 KB

Reason:
Build successful and hashes match, commits look great and match the description. Found no issues.

Features:

[678c57630]: Updates the SOCKS_PROXY URL from socks5 to socks5h making the proxy responsible for resolving the domain name to ip address. Updates the HttpsConnectorBuilder to support https_or_http or only https_only** via a feature flag http`. Adds a fallback for when a hhtp request from a application subnet fails, to send it through the SOCKS5 proxy. Since the SOCKS5 proxy currently resolves to API BNs, this requests will be automatically rejected, however the plan is to resolve it to dedicated machines that accept proxy requests from application subnets.

[1e49d4d21]: Adds a new System API for canisters to access environment variables. Specifically it introduces five new system api functions, ic0_env_var_count, ic0_env_var_name_size, ic0_env_var_name_copy, ic0_env_var_value_sizeand ic0_env_var_value_copy. The feature is controlled by the feature flag environment_variables disabled by default.

[140fd8eda]: Updates load_canister_snapshot by adding validation checks to verify uploaded snapshots before loading. Verifies if the snapshot’s exported globals match the wasm module’s and the snapshot’s memory hook status matches the actual status.

[e90aafee4]: Updates get_xnet_payload_impl to have a 2 phase logic for XNet payload construction. The first phase it iterates over shuffled_stream_positions and adds header_only_slice to stream_slices. In the second phase it iterates again over shuffled_stream_positions, but this time if there is still space in the payload, it replaces headers with the messages. The reason is that headers or signals are much smaller than messages that allows the receiver to free some resources.

[40fb40a7c]: Bumps CURRENT_CERTIFICATION_VERSION from CertificationVersion::V19 to ertificationVersion::V20, to stop certifying the
loopback stream.. Adds a is_loopback_stream check in order to bypass the limit check is_at_limit. Updates StateManagerFixture replacing StateManagerFixture::new with StateManagerFixture::local and StateManagerFixture::remote.

[5ec9d8184]: Removes the dfinity.system boot argument from both the HostOS and GuestOS. Removes the get_boot_arg_value function used to extract the dfinity.system value and adds the function read_grubenv to parse boot_alternative and boot_cycle from /grub/grubenv

Bugfixes:

[6618ed24c]: Modifies take_system_state_modifications to return an empty SystemStateModifications in case of a trap. This fixes a bug where state changes were returned even when an error was encountered during execution of composite queries.

[56b6f0e3b]: A consistency commit to consolidate how the caller is extracted. Updates SystemApiImpl system calls ic0_msg_caller_size and ic0_msg_caller_copy that still used get_msg_caller_id to get the caller_id to use instead api_type.caller() as the others. Since there’s no more need for get_msg_caller_id it was removed.

Chores:

[c95f15d32]: Adds a new metric idkg_payload_duration_seconds to track the time taken to create an IDkg payload. Adds timers for both create_summary_payload and create_data_payload using this metric.

[83173d3a8]: Introduces new metrics to compare the existing and a new proposed pricing formula for HTTP outcalls. Adds a new function http_request_fee_beta to CyclesAccountManager that calculates the http fee using the new formula. Adds a new struct HttpOutcallMetrics to hold several http outcall histograms. Adds two new methods: observe_http_outcall_request records request and response sizes and other, while observe_http_outcall_price_change records the old_price and new_price and the price difference.

[0d4f7303e]: Replaces the deprecated ic0.mint_cycles API with ic0.mint_cycles128. Refactors the code accordingly.

[eab724998]: Removes redundant #[allow(clippy::too_many_arguments)] from ApiType::update.

[2d4aeb95a]: Updates wasmtime version from 32.0.0 to 33.0.0

[99da8cb4a]: Updates the filter in the function get_enabled_keys_and_expiry from VetKdPayloadBuilderImpl from !is_idkg_key() where it was assumed that all non-IDKG keys were VetKD keys which might change in the future. So it uses instead the new function is_vetkd_key to filter only VetKD keys.

[78fed0772]: Clarify some checkpointing log messages

[3ef79155d]: Allows incremental manifest computation on the NNS

[60b0e37ea]: Removes the update-config component and removes any dependencies

[dce3f7254]:Removes generate-guestos-config.service and all code now unused.

[b62d0d528]: Removes unused channel org.qemu.guest_agent.0 from the GuestOS VM config.

[cf02b539d]: Removes unused ic-cdk dependency from icrc-ledger-types

[764122818]: Updates bazel from version 7.6.0 to 7.6.1

[63971ea2b]: Updates base image references

[df3d8c318]: Removes unused IC-OS build targets and marks all icos_build as manual to prevent them from being built automatically

Refactoring:

[96cd3f914]: Adds the CompositeQuery that decouples it from the enum NonReplicatedQueryKind which essentially distinguished between Stateful (CompositeQuery) and Pure (NonReplicatedQuery). So the field for the kind of enumeration query_kind in NonReplicatedQuery was also removed.

[5f94f7503]: Removes redundant match statement that enumerated all possible ApiType variants in ic0_is_controller since it is available in all system APIs contexts.

[71d1cac70]: The old pipeline was preserved for backwards compatibility but since the system is now on the new config and will not be reverted to a version that does not have the updated config, the old config pipeline can be safely removed.

[dc6e5f6cc]: Rewrites the Guest VM management script guestos.sh to Rust. The new implementation generates the necessary config files before starting the VM and cleans them when the process ends, eliminating dependency on other services.

Other Changes:

[d1c34bc1e]: Reverts commit 3ef79155d since it is breaking a nightly backup test

[bad23c4b4]: Reverts commit 0dba014 which prevented jemalloc from being cached.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

6

Proposal: 137072 & 137073 - Ipsita | ZenithCode

Summary:

  1. Build Hash: Build has from the proposal, local build and CDN matches and is “f532fe42d95f4aa61c9c16a73b464193dddc604e14bc635609062e7198499961”.
  2. Summary: The release notes matches the code changes
  3. Vote: I vote to adopt the proposals

image
image720×331 80.6 KB

Commits

Features:

  • 678c57630 Consensus,Interface: proxy application subnet requests via the http gateway (#5597)
    Notes: This commit enables application subnets to retry failed direct HTTP outcalls using socks5h://socks5.ic0.app:1080 by updating the fallback logic, switching the proxy scheme, and adding a test to validate SOCKS proxy routing via socks_proxy_addrs.
    Review: Code changes look good and match release notes.

  • 1e49d4d21 Execution,Interface: Add System Api for environment variables (#5418)
    Notes: Adds a new System API to support canister environment variables by implementing ic0 host functions (env_var_count, env_var_name_size, env_var_name_copy, env_var_value_size, and env_var_value_copy) with corresponding logic and associated Wasm interfaces.
    Review: Code changes look good and match release notes.

  • 140fd8eda Execution,Interface: Verify uploaded snapshot before loading (#5556)
    Notes: This commit adds validation logic to ensure that uploaded canister snapshots have matching exported Wasm globals and consistent OnLowWasmMemoryHookStatus with the current module and memory state before allowing snapshot loading.
    Review: Code changes look good and match release notes.

  • e90aafee4 Interface,Message Routing: Have XNetPayloadBuilder prioritize signals (#5504)
    Notes: Makes XNetPayloadBuilder prioritize unseen header-only signals over messages to improve payload efficiency and throughput.
    Review: Code changes look good and match release notes.

  • 40fb40a7c Interface,Message Routing: Exclude loopback stream from the certified state (#5508)
    Notes: Bumps the certification version to V20 to exclude the loopback stream from state certification, removes the message count limit check for loopback streams in StreamBuilderImpl, and modifies test fixtures to separate local and remote subnet streams accordingly.
    Review: Code changes look good and match release notes.

  • 5ec9d8184 Node: Remove use of dfinity.system kernel arg (#5516)
    Notes: This commit removes the dfinity.system kernel argument from bootloader templates and updates systemd mount-generator scripts to read the current boot state from the grubenv file by mounting /grub instead of parsing kernel cmdline parameters.
    Review: Code changes look good and match release notes.

Bugfixes:

  • 6618ed24c Execution,Interface: Do not return system state changes on errors for composite queries (#5567)
    Notes: Fixes composite query handling in SystemApiImpl by returning empty SystemStateModifications when execution_error is present which prevents any state changes from being returned on errors, and includes a test verifying no changes are returned after a trap.
    Review: Code changes look good and match release notes.

  • 56b6f0e3b Execution,Interface: Consolidate how caller is extracted from System API (#5542)
    Notes: This commit removes the separate get_msg_caller_id method in SystemApiImpl and unifies caller extraction by using ApiType::caller() throughout the codebase, ensuring consistent retrieval of the caller PrincipalId in all System API contexts.
    Review: Code changes look good and match release notes.

Chores:

  • c95f15d32 Consensus,Interface(idkg): add a new metric for the time taken to create an IDkg payload (#5540)
    Notes: This commit adds a new payload_duration histogram metric to IDkgPayloadMetrics to measure the time spent creating IDKG summary and data payloads by starting a timer at the beginning of create_summary_payload and create_data_payload functions.
    Review: Code changes look good and match release notes.

  • 83173d3a8 Execution,Interface: add http outcalls cost metrics (#5562)
    Notes: This commit adds new metrics to compare current and proposed HTTP outcall cost formulas by implementing http_request_fee_beta() and recording both cost values, their difference, ratio, and input parameters (request size, response limit, payload size) using histograms.
    Review: Code changes look good and match release notes.

  • 0d4f7303e Execution,Interface: Remove mint_cycles API (#5339)
    Notes: The deprecated mint_cycles API is fully removed from the CMC, including all related match arms and logic, following its replacement by mint_cycles128.
    Review: Code changes look good and match release notes.

  • eab724998 Execution,Interface: Remove redundant allow clippy (#5555)
    Notes: This commit removes a redundant #[allow(clippy::too_many_arguments)] annotation from the get_response_bytes function as it no longer accepts excessive parameters.
    Review: Code changes look good and match release notes.

  • 2d4aeb95a Execution,Interface: EXC: Update wasmtime to 33.0.0 (#5515)
    Notes: Updates the wasmtime dependency to version 33.0.0 from 32.0.0 and removes upstreamed deterministic build patches (cranelift_codegen and wasmtime_environ).
    Review: Code changes look good and match release notes.

  • 99da8cb4a Execution,Interface(consensus): Filter for just VetKD keys when building VetKD payloads (#5513)
    Notes: Filtering logic in the VetKD payload builder is refined to explicitly select only VetKd keys using a new is_vetkd_key() method which prevents accidental inclusion of non-VetKD keys if more key types are added in the future.
    Review: Code changes look good and match release notes.

  • 78fed0772 Interface,Message Routing: Clarify some checkpointing log messages (#5612)
    Notes: Updates checkpointing log messages in state_manager to clearly indicate the creation of unverified checkpoints and the timing of checkpoint validation for improved traceability.
    Review: Code changes look good and match release notes.

  • 3ef79155d Interface,Message Routing: Enable incremental manifest computation on the NNS (#5573)
    Notes: This commit removes the is_nns check in StateManagerImpl so that incremental manifest computation (manifest_delta) is enabled for the NNS subnet by always computing the manifest delta instead of returning None.
    Review: Code changes look good and match release notes.

  • 60b0e37ea Interface,Node(node): Remove update-config component (#5607)
    Notes: This commit removes all files and references related to the update-config component from the node, reflecting the migration to the new configuration path.
    Review: Code changes look good and match release notes.

  • dce3f7254 Interface,Node: Clean up generate-guestos-config (#5590)
    Notes: This commit removes all code related to generate-guestos-config
    Review: Code changes look good and match release notes.

  • b62d0d528 Interface,Node: Remove unused channel from GuestVM config (#5544)
    Notes: This commit removes the unused sections from guest VM XML configs , cleaning up unnecessary VM configuration.
    Review: Code changes look good and match release notes.

  • cf02b539d Owners(ICRC_Ledger): Remove unused ic-cdk dependency from icrc-ledger-types (#5599)
    Notes: This commit removes the unused ic-cdk dependency from the icrc-ledger-types crate.
    Review: Code changes look good and match release notes.

  • 764122818 Owners(IDX): upgrade to bazel 7.6.1 (#5538)
    Notes: Upgrades Bazel from version 7.6.0 to 7.6.1 to prepare for a future migration to Bazel 8.
    Review: Code changes look good and match release notes.

  • 63971ea2b Node: Update Base Image Refs [2025-06-12-0807] (#5519)
    Notes: Updates the base container image references to newer versions to have secure container images.
    Review: Code changes look good and match release notes.

  • df3d8c318 Node(IDX): drop unused icos targets (#5489)
    Notes: Removes unused IC-OS targets by deleting bundle-disk artifact bundles from guestos and hostos prod/dev environments and marks all icos_build targets as manual to prevent them from building with bazel build //… .
    Review: Code changes look good and match release notes.

Refactoring:

  • 96cd3f914 Execution,Interface: Use CompositeQuery System Api type (#5550)
    Notes: Introduces a new CompositeQuery variant in SystemApiImpl, replacing the use of NonReplicatedQueryKind, and simplifies the SystemApiCallType by decoupling composite queries from NonReplicatedQuery.
    Review: Code changes look good and match release notes.

  • 5f94f7503 Execution,Interface: Drop unnecessary match in is_controller (#5551)
    Notes: The match on api_type in ic0_is_controller is removed since is_controller is supported across all system API contexts, simplifying the logic by directly validating and parsing the principal ID before checking controller status.
    Review: Code changes look good and match release notes.

  • 71d1cac70 Interface,Node(node): remove old config pipeline (#5414)
    Notes: Removes the old config pipeline from the node codebase as backward compatibility is no longer required, aligning with the transition to the fully adopted new configuration system.
    Review: Code changes look good and match release notes.

  • dc6e5f6cc Interface,Node: Move Guest VM management script to Rust (#5435)
    Notes: This commit replaces the guestos.sh script with a Rust-based implementation that handles VM lifecycle management with built-in config generation and cleanup, improving testability and reducing inter-service dependencies.
    Review: Code changes look good and match release notes.

Other changes:

  • d1c34bc1e Interface,Message Routing: “chore: Enable incremental manifest computation on the NNS” (#5586)
    Notes: This commit introduces the check for NNS subnet in StateManagerImpl, disabling incremental manifest computation by returning None for manifest delta on the NNS subnet to prevent backup test failures.
    Review: Code changes look good and match release notes.

  • bad23c4b4 Owners: “fix(IDX): don’t cache jemalloc build (#5174)” (#5534)
    Notes: Reverts the separate jemalloc build and cache-avoidance tags in Bazel scripts, as different zig-caches per config eliminate the need for that workaround.
    Review: Code changes look good and match release notes.

About Zenith Code

Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

7

proposals - [137072, 137073] Cyberowl | CodeGov

ic_os
ic_os2048×800 239 KB

Proposals:

137072
137073

Vote: [ADOPT, ADOPT]

Reason & Feedback:

I successfully built and verified the hash for Guest and HostOS. All the commit descriptions match their code changes.

Checks:

Hash Match: [PASS, PASS]
2 Urls: [PASS, PASS]
Proposer Check: [PASS, PASS]

Overall Summary:

This release spans 29 commits in total: 4 feature additions, 2 new tests, 3 bug fixes, 6 refactors, 13 cleanup/chore tasks, 1 instrumentation tweak, and 1 revert. The four new features are a sharded‐routing‐table invariant check (with accompanying tests), a payload_duration metric for payload creation, detailed HTTP‐outcall cost tracking metrics, and a fully asynchronous Rust‐based GuestOS VM management service.

Commits Summary

proposal/137072

678c57630
Refactors the HTTPS outcall logic to explicitly treat socks_proxy_allowed == false as an application subnet branch—after a direct request failure it now always falls back to the SOCKS proxy.

1e49d4d21
The check_routing_table_invariants function now verifies that sharded canister ranges match the routing table record, with a test added to ensure this consistency. Additionally, the canbench-rs feature flag is integrated to support benchmarking.

140fd8eda
Updates the load_canister_snapshot function to ensure the snapshot’s exported globals match the WASM module’s. If they don’t match, it returns CanisterSnapshotInconsistent. It also ensures new_canister.is_low_wasm_memory_hook_condition_satisfied is verified. Additionally, it includes tests for loading snapshots with inconsistent hook status.

e90aafee4
The inter-subnet call “router” has been updated. A new field, message_count, has been introduced in the response of the validate_signals function. The process now involves two passes: the first pass gathers header-only slices (signals only), while the second pass attempts to upgrade each header slice to complete message slices for each.

40fb40a7c
Refactor to do the is_loopback_stream check before is_at_limit is executed for build_streams_impl func.

5ec9d8184
Matches description to remove use of dfinity.system kernel arg.

6618ed24c
Fix for composite query, in case of a trap, no changes are returned.

56b6f0e3b
Update ApiType.system_task to remove arg caller. Now caller is assigned via IC_00.get(). Now gets caller_id from api_type.caller().

c95f15d32
New metric payload_duration. The metric is executed in create_summary_payload and create_data_payload.

83173d3a8
Add metrics for HTTP outcalls costs. Main change is to add metric to old_price, new_price.

0d4f7303e
Remove ic0_mint_cycles. Mint cycles is now mint_cycles128.

eab724998
Removes clippy from update func.

2d4aeb95a
Update wasmtime to 33.0.0.

99da8cb4a
When get_enabled_keys_and_expiry the key_ids now filter by is_vetkd_key !key_id.is_idkg_key().

78fed0772
Adds some log around checkpoint when ValidateReplicatedStateAndFinalize.

3ef79155d
During create_checkpoint_and_switch the function now removes the conditional of is_nns for assigning manifest_delta.

60b0e37ea
Remove update-config.service. Remove ic_os/config/src/update_config.rs and update config for guestos and hostos. There is a new path for config now.

dce3f7254
Removes the ic-metrics-tool dependency, deletes the standalone generate-guestos-config systemd service and CLI commands.

b62d0d528
Removes channel0 channel from guestos_vm config.

cf02b539d
Remove ic-cdk dep from icrc-ledger-types.

764122818
Update bazel to 7.6.1.

63971ea2b
Update base image refs.

df3d8c318
Removes the legacy “bundle-disk” artifact targets for GuestOS and HostOS (prod) from the Bazel build.

96cd3f914
Removes the old NonReplicatedQueryKind enum and instead introduces a unified CompositeQuery variant on ApiType. Refactors all related constructors to handle stateful non-replicated queries via CompositeQuery.

5f94f7503
Removes the match on self.api_type, so that ic0_is_controller no longer conditionally gates on API type but always performs the check directly.

71d1cac70
Removes the old multi-file config migration and bootstrap options, consolidating everything to the new single config.json. In the process_bootstrap func we now only have for FILE in config.json; do whereas before we had many more configs.

dc6e5f6cc
The Guest VM management script guestos.sh has been rewritten in Rust. This new version generates the necessary configuration files before the VM starts and removes them after the process terminates. It now automatically retries and cleans up any stale guestos domain if creation fails. Reports both successful and unexpected-shutdown metrics back to systemd.

d1c34bc1e
This reverts change from commit 3ef79155d.

bad23c4b4
@@jemalloc//:libjemalloc not needed anymore.

proposal/137073

All commits similar to proposal/137072.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neuron’s Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralization of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.

8

Proposal 137072 & 137073 - Yuvika | ZenithCode

Summary

  1. Vote: Adopt
  2. Hash: Hashes match
  3. Reasons to adopt: Builds fine + hashes match + release notes match the commits.
    image
    image720×340 111 KB
Commits

Features:

  • 678c57630
    Summary: proxy application subnet requests via the http gateway.
    Notes: Enable application subnets outcalls to use a fallback socks proxy socks5h://socks5.ic0.app:1080. This also adds support for replicas to make requests to Stripe, which only supports IPv4.
    Review: The description matches the code changes.
  • 1e49d4d21
    Summary: Add System Api for environment variables.
    Notes: Add new System API’s for canister variables which is controlled by the environment_variables flag. The following API’s were added - ic0_env_var_count, ic0_env_var_name_size, ic0_env_var_name_copy, ic0_env_var_value_size and ic0_env_var_value_copy.
    Review: The description matches the code changes.
  • 140fd8eda
    Summary: Verify uploaded snapshot before loading.
    Notes: Add additional checks to load_canister_snapshot to verify there are no inconsistencies in the snapshots between the uploaded metadata and actual canister data. As exported globals can be inconsistent with the Wasm module or the OnLowWasmMemoryHookStatus.
    Review: The description matches the code changes.
  • e90aafee4
    Summary: Have XNetPayloadBuilder prioritize signals.
    Notes: Update XNetPayloadBuilder to add header-only stream slices first and then start including messages. A new field, message_count, was also added.
    Review: The description matches the code changes.
  • 40fb40a7c
    Summary: Exclude loopback stream from the certified state.
    Notes: Update CURRENT_CERTIFICATION_VERSION from V19 to V20.
    Review: The description matches the code changes.
  • 5ec9d8184
    Summary: Remove use of dfinity.system kernel arg.
    Notes: Remove the dfinity.system kernel arg from both GuestOS and HostOS since now we rely on grubenv.
    Review: The description matches the code changes.

Bugfixes:

  • 6618ed24c
    Summary: Do not return system state changes on errors for composite queries.
    Notes: Improves the error handling on complex queries. This change asserts that no system state changes are returned in case an error is encountered during the execution of composite queries, and no changes are returned.
    Review: The description matches the code changes.
  • 56b6f0e3b
    Summary: Consolidate how caller is extracted from System API.
    Notes: This change ensures all System API’s go through ApiType::caller for all cases. Update ic0_msg_caller_size and ic0_msg_caller_copy to go through the caller via .api_type.caller() instead of get_msg_caller_id.This is to ensure there is consistency when the caller needs to be extracted from the System API, and ApiType::caller is covered now through our usual system api availability tests for future proofing.
    Review: The description matches the code changes.

Chores:

  • c95f15d32
    Summary: add a new metric for the time taken to create an IDkg payload.
    Notes: Add a new histogram metric idkg_payload_duration_seconds to monitor the time taken to create an IDkg payload.
    Review: The description matches the code changes.
  • 83173d3a8
    Summary: add http outcalls cost metrics.
    Notes: Add a new metric to compare the current and new HTTP outcall request cost formulas. This is implemented by http_request_fee_beta. It also records a histogram for both models, which includes their cost, price difference, ratio and other key size parameters.
    Review: The description matches the code changes.
  • 0d4f7303e
    Summary: Remove mint_cycles API.
    Notes: Replace ic0.mint_cycles API with ic0.mint_cycles128 since it is deprecated.
    Review: The description matches the code changes.
  • eab724998
    Summary: Remove redundant allow clippy.
    Notes: Removes #[allow(clippy::too_many_arguments)] from ApiType::update since it is not needed anymore.
    Review: The description matches the code changes.
  • 2d4aeb95a
    Summary: Update wasmtime to 33.0.0.
    Notes: Upgrade wasmtime from 32.0.0 to 33.0.0.
    Review: The description matches the code changes.
  • 99da8cb4a
    Summary: Filter for just VetKD keys when building VetKD payloads.
    Notes: Use is_vetkd_key instead of is_idkg_key for stricter key-type filtering of VetKD keys only. This is because all non-IDKG keys were VetKD keys, but another non-IDKG key type may be added in the future.
    Review: The description matches the code changes.
  • 78fed0772
    Summary: Clarify some checkpointing log messages.
    Notes: Update some checkpointing log messages to better reflect that an unverified checkpoint is first created as Created checkpoint …, and is replaced with Created unverified checkpoint … and add a log after it is validated as well.
    Review: The description matches the code changes.
  • 3ef79155d
    Summary: Enable incremental manifest computation on the NNS.
    Notes: Enable incremental manifest computation on all subnets, including the NNS. The logic for it is also simplified.
    Review: The description matches the code changes.
  • 60b0e37ea
    Summary: Remove update-config component.
    Notes: Remove the update-config component as we are using the new config path and the old one is deprecated.
    Review: The description matches the code changes.
  • dce3f7254
    Summary: Clean up generate-guestos-config.
    Notes: Remove generate-guestos-config and all the code that is now unused.
    Review: The description matches the code changes.
  • b62d0d528
    Summary: Remove unused channel from GuestVM config.
    Notes: Update the various GuestVM config files by removing the unused QEMU channel.
    Review: The description matches the code changes.
  • cf02b539d
    Summary: Remove unused ic-cdk dependency from icrc-ledger-types.
    Notes: Remove ic-cdk dependency from icrc-ledger-types since it is unused.
    Review: The description matches the code changes.
  • 764122818
    Summary: upgrade to bazel 7.6.1.
    Notes: Upgrade Bazel to version 7.6.1 from 7.6.0.
    Review: The description matches the code changes.
  • 63971ea2b
    Summary: Update Base Image Refs [2025-06-12-0807].
    Notes: Update the base image references used for IC OS..
    Review: The description matches the code changes.
  • df3d8c318
    Summary: drop unused icos targets.
    Notes: Remove some unused IC-OS targets and mark them as icos_build as manual by default to avoid them being built with bazel build //....
    Review: The description matches the code changes.

Refactoring:

  • 96cd3f914
    Summary: Use CompositeQuery System Api type.
    Notes: Decouple ApiType::CompositeQuery from ApiType::NonReplicatedQuery
    and remove the query_kind field.
    Review: The description matches the code changes.
  • 5f94f7503
    Summary: Drop unnecessary match in is_controller.
    Notes: Remove redundant match statement on api_type in is_controller is available.
    Review: The description matches the code changes.
  • 71d1cac70
    Summary: remove old config pipeline.
    Notes: Cleanup/remove code relating to the old configuration pipeline since the migration to the new config system is complete.
    Review: The description matches the code changes.
  • dc6e5f6cc
    Summary: Move Guest VM management script to Rust.
    Notes: Rewrite the Guest VM management script guestos.sh to
    Rust to add typesafety and test common scenarios. Remove some of the metrics that are no longer meaningful and update the guestos.service to use /opt/ic/bin/hostos_tool run-guest-vm. Moreover, it generates the necessary config files before starting the VM and cleans them when the process ends.
    Review: The description matches the code changes.

Other changes:

  • d1c34bc1e
    Summary: “chore: Enable incremental manifest computation on the NNS”.
    Notes: Revert commit 3ef79155d to fix a failed nightly backup test.
    Review: The description matches the code changes.
  • bad23c4b4
    Summary: "fix(IDX): don’t cache jemalloc build.
    Notes: Revert commit 0dba014 which served as a workaround for jemalloc cache issues.
    Review: The description matches the code changes.
About Zenith Code Zenith Code is a comprehensive platform dedicated to advancing the Internet Computer ecosystem. It offers an interactive live coding and learning environment tailored for Motoko and ICP, making it easy for new developers to onboard through hands-on challenges and real-time code execution.

Beyond education, Zenith Code actively supports the decentralization and governance of the Internet Computer. As a registered node provider, we help run the network’s infrastructure, and through our known neuron, we actively review and vote on IC OS version election proposals.

Explore more at zenithcode.ai.

9

Proposals 137072 & 137073 | Tim - CodeGov

Screenshot 2025-06-23 142441
Screenshot 2025-06-23 1424411242×329 15.5 KB

Vote: Adopt

Reason: Build is successful, hashes match, commits match descriptions and the reasoning behind the changes is sound. The HostOS commits (proposal 137073) are a subset of the GuestOS commits (proposal 137072). I’ve reviewed commits for Consensus, Interface, Node and Owners as detailed below.

Review

Features:

[678c57630]
Adapts CanisterHttp::https_outcall so that in the case of an application subnet making the call, if the initial attempt to connect directly fails it will try connecting through the SOCKS proxy. The SOCKS address has been modified to “socks5h://socks5.ic0.app:1080” and the https_only restriction has been removed.

[e90aafee4]
Adapts XNetPayloadBuilderImpl::get_xnet_payload_impl so that instead of continuing to add slices until payload space is exhausted, it first takes slices within a specified byte_limit so as to prioritise header-only slices.

[40fb40a7c]
Changes CURRENT_CERTIFICATION_VERSION to V20, designating that the loopback stream is excluded from the certified state. Adapts StreamBuilderImpl::build_streams_impl to remove the is_at_limit condition for the loopback stream.

[5ec9d8184]
Removes dfinity.system parameter from GuestOS boot args definition, and changes the related code to rely instead on grubenv for this information.

Chores:

[c95f15d32]
Adds field payload_duration to type IDkgPayloadMetrics, indicating the time taken to create an IDkg payload in histogram form.

[99da8cb4a]
Changes filtering out key_id.is_idkg_key() to more specifically filtering in key_id.is_vetkd_key() in VetKD payload building in order to account for any other key types that might be added in the future.

[78fed0772]
Adds more detail to state manager checkpointing log messages.

[3ef79155d]
Changes StateManagerImpl::create_checkpoint_and_switch to allow incremental manifest computation on the NNS subnet, rather than specifically disallowing it on this subnet.

[60b0e37ea]
Removes update_guestos_config and update_hostos_config functionality. @andrewbattat Please note that Atlassian links in commit notes are not accessible to non-permissioned users.

[dce3f7254]
Removes several now redundant code sections relating to generate_guest_vm_config and generate_guestos_config.

[b62d0d528]
Removes unused channels from GuestVM config XML files.

[cf02b539d]
Removes unused ic-cdk dependency from icrc-ledger-types.

[764122818]
Upgrades Bazel to version 7.6.1.

[63971ea2b]
Updates GuestOS, HostOS and SetupOS base image container references.

[df3d8c318]
Removes various unused IC-OS targets and marks icos_build targets as manual.

Refactoring:

[71d1cac70]
Removes the old config pipeline. Code removed includes copying of config.ini and deployment.json, several fields from type BootstrapOptions and sections of BootstrapOptions logic for file system writing and generation of network configuration content.

[dc6e5f6cc]
Rewrites and replaces the Guest VM management script from ic-os/components/hostos-scripts/guestos/guestos.sh into a new Rust file rs/ic_os/os_tools/hostos_tool/src/guest_vm.rs and expands the functionality as outlined in the commit notes.

Other changes:

[d1c34bc1e]
Reverts 3ef79155d above, which enabled incremental manifest computation on the NNS subnet, as this change was causing backup test failures.

[bad23c4b4]
Reverts commit 0dba014, which stopped the jemalloc build from being cached during Bazel tests, because the test failures related to this have now been solved by another means.

About CodeGov

CodeGov has a team of developers who review and vote independently on the following proposal topics: IC-OS Version Election, Protocol Canister Management, Subnet Management, API Boundary Node Management, Node Admin, and Participant Management. The CodeGov NNS known neuron is configured to follow our reviewers on these technical topics. We also have a group of Followees who vote independently on the Governance and the SNS & Neurons’ Fund topics. We strive to be a credible and reliable Followee option that votes on every proposal and every proposal topic in the NNS. We also support decentralisation of SNS projects such as WaterNeuron, KongSwap, and Alice with a known neuron and credible Followees.

Learn more about CodeGov and its mission at codegov.org.