sui_node/
lib.rs

1// Copyright (c) Mysten Labs, Inc.
2// SPDX-License-Identifier: Apache-2.0
3
4use anemo::Network;
5use anemo::PeerId;
6use anemo_tower::callback::CallbackLayer;
7use anemo_tower::trace::DefaultMakeSpan;
8use anemo_tower::trace::DefaultOnFailure;
9use anemo_tower::trace::TraceLayer;
10use anyhow::Context;
11use anyhow::Result;
12use anyhow::anyhow;
13use arc_swap::ArcSwap;
14use fastcrypto_zkp::bn254::zk_login::JwkId;
15use fastcrypto_zkp::bn254::zk_login::OIDCProvider;
16use futures::future::BoxFuture;
17use mysten_common::in_test_configuration;
18use prometheus::Registry;
19use std::collections::{BTreeSet, HashMap, HashSet};
20use std::fmt;
21use std::future::Future;
22use std::path::Path;
23use std::path::PathBuf;
24use std::str::FromStr;
25#[cfg(msim)]
26use std::sync::atomic::Ordering;
27use std::sync::{Arc, Weak};
28use std::time::Duration;
29use sui_core::admission_queue::{
30    AdmissionQueueContext, AdmissionQueueManager, AdmissionQueueMetrics,
31};
32use sui_core::authority::ExecutionEnv;
33use sui_core::authority::authority_store_tables::AuthorityPerpetualTablesOptions;
34use sui_core::authority::backpressure::BackpressureManager;
35use sui_core::authority::epoch_start_configuration::EpochFlag;
36use sui_core::authority::execution_time_estimator::ExecutionTimeObserver;
37use sui_core::consensus_adapter::ConsensusClient;
38use sui_core::consensus_manager::UpdatableConsensusClient;
39use sui_core::epoch::randomness::RandomnessManager;
40use sui_core::execution_cache::build_execution_cache;
41use sui_core::randomness_round_receiver::{RandomnessRoundReceiver, RandomnessRoundReceiverHandle};
42use sui_network::endpoint_manager::{AddressSource, EndpointId};
43use sui_network::validator::server::SUI_TLS_SERVER_NAME;
44use sui_types::full_checkpoint_content::Checkpoint;
45use sui_types::node_role::NodeRole;
46
47use sui_core::global_state_hasher::GlobalStateHashMetrics;
48use sui_core::storage::RestReadStore;
49use sui_json_rpc::bridge_api::BridgeReadApi;
50use sui_json_rpc_api::JsonRpcMetrics;
51use sui_network::randomness;
52use sui_rpc_api::RpcMetrics;
53use sui_rpc_api::ServerVersion;
54use sui_rpc_api::subscription::SubscriptionService;
55use sui_types::base_types::ConciseableName;
56use sui_types::crypto::RandomnessRound;
57use sui_types::digests::{
58    ChainIdentifier, CheckpointDigest, TransactionDigest, TransactionEffectsDigest,
59};
60use sui_types::messages_consensus::AuthorityCapabilitiesV2;
61use sui_types::sui_system_state::SuiSystemState;
62use tap::tap::TapFallible;
63use tokio::sync::oneshot;
64use tokio::sync::{Mutex, broadcast, mpsc};
65use tokio::task::JoinHandle;
66use tower::ServiceBuilder;
67use tracing::{Instrument, error_span, info};
68use tracing::{debug, error, warn};
69
70// Logs at debug level in test configuration, info level otherwise.
71// JWK logs cause significant volume in tests, but are insignificant in prod,
72// so we keep them at info
73macro_rules! jwk_log {
74    ($($arg:tt)+) => {
75        if in_test_configuration() {
76            debug!($($arg)+);
77        } else {
78            info!($($arg)+);
79        }
80    };
81}
82
83use fastcrypto_zkp::bn254::zk_login::JWK;
84pub use handle::SuiNodeHandle;
85use mysten_metrics::{RegistryService, spawn_monitored_task};
86use mysten_service::server_timing::server_timing_middleware;
87use sui_config::node::{DBCheckpointConfig, RunWithRange};
88use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
89use sui_config::node_config_metrics::NodeConfigMetrics;
90use sui_config::{ConsensusConfig, NodeConfig};
91use sui_core::authority::authority_per_epoch_store::AuthorityPerEpochStore;
92use sui_core::authority::authority_store_tables::AuthorityPerpetualTables;
93use sui_core::authority::epoch_start_configuration::EpochStartConfigTrait;
94use sui_core::authority::epoch_start_configuration::EpochStartConfiguration;
95use sui_core::authority::submitted_transaction_cache::SubmittedTransactionCacheMetrics;
96use sui_core::authority_aggregator::AuthorityAggregator;
97use sui_core::authority_server::{ValidatorService, ValidatorServiceMetrics};
98use sui_core::checkpoints::checkpoint_executor::metrics::CheckpointExecutorMetrics;
99use sui_core::checkpoints::checkpoint_executor::{CheckpointExecutor, StopReason};
100use sui_core::checkpoints::{
101    CheckpointMetrics, CheckpointOutput, CheckpointService, CheckpointStore, LogCheckpointOutput,
102    SendCheckpointToStateSync, SubmitCheckpointToConsensus,
103};
104use sui_core::consensus_adapter::{ConsensusAdapter, ConsensusAdapterMetrics};
105use sui_core::consensus_manager::ConsensusManager;
106use sui_core::consensus_throughput_calculator::ConsensusThroughputCalculator;
107use sui_core::consensus_validator::{SuiTxValidator, SuiTxValidatorMetrics};
108use sui_core::db_checkpoint_handler::DBCheckpointHandler;
109use sui_core::epoch::committee_store::CommitteeStore;
110use sui_core::epoch::consensus_store_pruner::ConsensusStorePruner;
111use sui_core::epoch::epoch_metrics::EpochMetrics;
112use sui_core::epoch::reconfiguration::ReconfigurationInitiator;
113use sui_core::global_state_hasher::GlobalStateHasher;
114use sui_core::jsonrpc_index::IndexStore;
115use sui_core::module_cache_metrics::ResolverMetrics;
116use sui_core::overload_monitor::overload_monitor;
117use sui_core::rpc_store_embed::EmbeddedRpcStore;
118use sui_core::signature_verifier::SignatureVerifierMetrics;
119use sui_core::storage::RocksDbStore;
120use sui_core::storage::RpcStoreReadStore;
121use sui_core::transaction_orchestrator::TransactionOrchestrator;
122use sui_core::{
123    authority::{AuthorityState, AuthorityStore},
124    authority_client::NetworkAuthorityClient,
125};
126use sui_json_rpc::JsonRpcServerBuilder;
127use sui_json_rpc::coin_api::CoinReadApi;
128use sui_json_rpc::governance_api::GovernanceReadApi;
129use sui_json_rpc::indexer_api::IndexerApi;
130use sui_json_rpc::move_utils::MoveUtils;
131use sui_json_rpc::read_api::ReadApi;
132use sui_json_rpc::transaction_builder_api::TransactionBuilderApi;
133use sui_json_rpc::transaction_execution_api::TransactionExecutionApi;
134use sui_macros::fail_point;
135use sui_macros::{fail_point_async, replay_log};
136use sui_network::api::ValidatorServer;
137use sui_network::discovery;
138use sui_network::endpoint_manager::EndpointManager;
139use sui_network::state_sync;
140use sui_network::validator::server::ServerBuilder;
141use sui_protocol_config::{Chain, ProtocolConfig, ProtocolVersion};
142use sui_snapshot::uploader::StateSnapshotUploader;
143use sui_storage::{
144    http_key_value_store::HttpKVStore,
145    key_value_store::{FallbackTransactionKVStore, TransactionKeyValueStore},
146    key_value_store_metrics::KeyValueStoreMetrics,
147};
148use sui_types::base_types::{AuthorityName, EpochId};
149use sui_types::committee::Committee;
150use sui_types::crypto::KeypairTraits;
151use sui_types::error::{SuiError, SuiResult};
152use sui_types::messages_consensus::{ConsensusTransaction, check_total_jwk_size};
153use sui_types::storage::RpcStateReader;
154use sui_types::sui_system_state::SuiSystemStateTrait;
155use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemState;
156use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemStateTrait;
157use sui_types::supported_protocol_versions::SupportedProtocolVersions;
158use typed_store::DBMetrics;
159use typed_store::rocks::default_db_options;
160
161use crate::metrics::{GrpcMetrics, SuiNodeMetrics};
162
163pub mod admin;
164pub mod db_shell;
165mod handle;
166pub mod metrics;
167
168pub struct ValidatorComponents {
169    validator_server_handle: Option<SpawnOnce>,
170    validator_overload_monitor_handle: Option<JoinHandle<()>>,
171    consensus_manager: Arc<ConsensusManager>,
172    consensus_store_pruner: ConsensusStorePruner,
173    consensus_adapter: Arc<ConsensusAdapter>,
174    checkpoint_metrics: Arc<CheckpointMetrics>,
175    sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
176    admission_queue: Option<AdmissionQueueContext>,
177}
178pub struct P2pComponents {
179    p2p_network: Network,
180    known_peers: HashMap<PeerId, String>,
181    discovery_handle: discovery::Handle,
182    state_sync_handle: state_sync::Handle,
183    randomness_handle: randomness::Handle,
184    endpoint_manager: EndpointManager,
185}
186
187#[cfg(msim)]
188mod simulator {
189    use std::sync::atomic::AtomicBool;
190    use sui_types::error::SuiErrorKind;
191
192    use super::*;
193    pub(super) struct SimState {
194        pub sim_node: sui_simulator::runtime::NodeHandle,
195        pub sim_safe_mode_expected: AtomicBool,
196        _leak_detector: sui_simulator::NodeLeakDetector,
197    }
198
199    impl Default for SimState {
200        fn default() -> Self {
201            Self {
202                sim_node: sui_simulator::runtime::NodeHandle::current(),
203                sim_safe_mode_expected: AtomicBool::new(false),
204                _leak_detector: sui_simulator::NodeLeakDetector::new(),
205            }
206        }
207    }
208
209    type JwkInjector = dyn Fn(AuthorityName, &OIDCProvider) -> SuiResult<Vec<(JwkId, JWK)>>
210        + Send
211        + Sync
212        + 'static;
213
214    fn default_fetch_jwks(
215        _authority: AuthorityName,
216        _provider: &OIDCProvider,
217    ) -> SuiResult<Vec<(JwkId, JWK)>> {
218        use fastcrypto_zkp::bn254::zk_login::parse_jwks;
219        // Just load a default Twitch jwk for testing.
220        parse_jwks(
221            sui_types::zk_login_util::DEFAULT_JWK_BYTES,
222            &OIDCProvider::Twitch,
223            true,
224        )
225        .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
226    }
227
228    thread_local! {
229        static JWK_INJECTOR: std::cell::RefCell<Arc<JwkInjector>> = std::cell::RefCell::new(Arc::new(default_fetch_jwks));
230    }
231
232    pub(super) fn get_jwk_injector() -> Arc<JwkInjector> {
233        JWK_INJECTOR.with(|injector| injector.borrow().clone())
234    }
235
236    pub fn set_jwk_injector(injector: Arc<JwkInjector>) {
237        JWK_INJECTOR.with(|cell| *cell.borrow_mut() = injector);
238    }
239}
240
241#[cfg(msim)]
242pub use simulator::set_jwk_injector;
243#[cfg(msim)]
244use simulator::*;
245use sui_core::authority::authority_store_pruner::PrunerWatermarks;
246use sui_core::{
247    consensus_handler::ConsensusHandlerInitializer, safe_client::SafeClientMetricsBase,
248};
249
250const DEFAULT_GRPC_CONNECT_TIMEOUT: Duration = Duration::from_secs(60);
251
252pub struct SuiNode {
253    config: NodeConfig,
254    validator_components: Mutex<Option<ValidatorComponents>>,
255
256    /// The http servers responsible for serving RPC traffic (gRPC and JSON-RPC)
257    #[allow(unused)]
258    http_servers: HttpServers,
259
260    state: Arc<AuthorityState>,
261    transaction_orchestrator: Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
262    registry_service: RegistryService,
263    metrics: Arc<SuiNodeMetrics>,
264    checkpoint_metrics: Arc<CheckpointMetrics>,
265
266    _discovery: discovery::Handle,
267    _connection_monitor_handle: mysten_network::anemo_connection_monitor::ConnectionMonitorHandle,
268    state_sync_handle: state_sync::Handle,
269    randomness_handle: randomness::Handle,
270    checkpoint_store: Arc<CheckpointStore>,
271    global_state_hasher: Mutex<Option<Arc<GlobalStateHasher>>>,
272
273    /// Broadcast channel to send the starting system state for the next epoch.
274    end_of_epoch_channel: broadcast::Sender<SuiSystemState>,
275
276    /// EndpointManager for updating peer network addresses.
277    endpoint_manager: EndpointManager,
278
279    backpressure_manager: Arc<BackpressureManager>,
280
281    _db_checkpoint_handle: Option<tokio::sync::broadcast::Sender<()>>,
282
283    #[cfg(msim)]
284    sim_state: SimState,
285
286    _state_snapshot_uploader_handle: Option<broadcast::Sender<()>>,
287    // Channel to allow signaling upstream to shutdown sui-node
288    shutdown_channel_tx: broadcast::Sender<Option<RunWithRange>>,
289
290    /// Handle shared with RandomnessManager and the consensus layer.
291    randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
292
293    /// AuthorityAggregator of the network, created at start and beginning of each epoch.
294    /// Use ArcSwap so that we could mutate it without taking mut reference.
295    // TODO: Eventually we can make this auth aggregator a shared reference so that this
296    // update will automatically propagate to other uses.
297    auth_agg: Arc<ArcSwap<AuthorityAggregator<NetworkAuthorityClient>>>,
298
299    subscription_service_checkpoint_sender: Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
300
301    /// The embedded `sui-rpc-store`, present when the node is a fullnode
302    /// with indexing enabled. Held for the node's lifetime so its tip
303    /// indexer keeps running (dropping it aborts the indexer). Exposed
304    /// through [`SuiNode::embedded_rpc_store`] for introspection.
305    embedded_rpc_store: Option<EmbeddedRpcStore>,
306}
307
308impl fmt::Debug for SuiNode {
309    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
310        f.debug_struct("SuiNode")
311            .field("name", &self.state.name.concise())
312            .finish()
313    }
314}
315
316static MAX_JWK_KEYS_PER_FETCH: usize = 100;
317
318impl SuiNode {
319    pub async fn start(
320        config: NodeConfig,
321        registry_service: RegistryService,
322    ) -> Result<Arc<SuiNode>> {
323        Self::start_async(
324            config,
325            registry_service,
326            ServerVersion::new("sui-node", "unknown"),
327        )
328        .await
329    }
330
331    fn start_jwk_updater(
332        config: &NodeConfig,
333        metrics: Arc<SuiNodeMetrics>,
334        authority: AuthorityName,
335        epoch_store: Arc<AuthorityPerEpochStore>,
336        consensus_adapter: Arc<ConsensusAdapter>,
337    ) {
338        let epoch = epoch_store.epoch();
339
340        let supported_providers = config
341            .zklogin_oauth_providers
342            .get(&epoch_store.get_chain_identifier().chain())
343            .unwrap_or(&BTreeSet::new())
344            .iter()
345            .map(|s| OIDCProvider::from_str(s).expect("Invalid provider string"))
346            .collect::<Vec<_>>();
347
348        let fetch_interval = Duration::from_secs(config.jwk_fetch_interval_seconds);
349
350        info!(
351            ?fetch_interval,
352            "Starting JWK updater tasks with supported providers: {:?}", supported_providers
353        );
354
355        fn validate_jwk(
356            metrics: &Arc<SuiNodeMetrics>,
357            provider: &OIDCProvider,
358            id: &JwkId,
359            jwk: &JWK,
360        ) -> bool {
361            let Ok(iss_provider) = OIDCProvider::from_iss(&id.iss) else {
362                warn!(
363                    "JWK iss {:?} (retrieved from {:?}) is not a valid provider",
364                    id.iss, provider
365                );
366                metrics
367                    .invalid_jwks
368                    .with_label_values(&[&provider.to_string()])
369                    .inc();
370                return false;
371            };
372
373            if iss_provider != *provider {
374                warn!(
375                    "JWK iss {:?} (retrieved from {:?}) does not match provider {:?}",
376                    id.iss, provider, iss_provider
377                );
378                metrics
379                    .invalid_jwks
380                    .with_label_values(&[&provider.to_string()])
381                    .inc();
382                return false;
383            }
384
385            if !check_total_jwk_size(id, jwk) {
386                warn!("JWK {:?} (retrieved from {:?}) is too large", id, provider);
387                metrics
388                    .invalid_jwks
389                    .with_label_values(&[&provider.to_string()])
390                    .inc();
391                return false;
392            }
393
394            true
395        }
396
397        // metrics is:
398        //  pub struct SuiNodeMetrics {
399        //      pub jwk_requests: IntCounterVec,
400        //      pub jwk_request_errors: IntCounterVec,
401        //      pub total_jwks: IntCounterVec,
402        //      pub unique_jwks: IntCounterVec,
403        //  }
404
405        for p in supported_providers.into_iter() {
406            let provider_str = p.to_string();
407            let epoch_store = epoch_store.clone();
408            let consensus_adapter = consensus_adapter.clone();
409            let metrics = metrics.clone();
410            spawn_monitored_task!(epoch_store.clone().within_alive_epoch(
411                async move {
412                    // note: restart-safe de-duplication happens after consensus, this is
413                    // just best-effort to reduce unneeded submissions.
414                    let mut seen = HashSet::new();
415                    loop {
416                        jwk_log!("fetching JWK for provider {:?}", p);
417                        metrics.jwk_requests.with_label_values(&[&provider_str]).inc();
418                        match Self::fetch_jwks(authority, &p).await {
419                            Err(e) => {
420                                metrics.jwk_request_errors.with_label_values(&[&provider_str]).inc();
421                                warn!("Error when fetching JWK for provider {:?} {:?}", p, e);
422                                // Retry in 30 seconds
423                                tokio::time::sleep(Duration::from_secs(30)).await;
424                                continue;
425                            }
426                            Ok(mut keys) => {
427                                metrics.total_jwks
428                                    .with_label_values(&[&provider_str])
429                                    .inc_by(keys.len() as u64);
430
431                                keys.retain(|(id, jwk)| {
432                                    validate_jwk(&metrics, &p, id, jwk) &&
433                                    !epoch_store.jwk_active_in_current_epoch(id, jwk) &&
434                                    seen.insert((id.clone(), jwk.clone()))
435                                });
436
437                                metrics.unique_jwks
438                                    .with_label_values(&[&provider_str])
439                                    .inc_by(keys.len() as u64);
440
441                                // prevent oauth providers from sending too many keys,
442                                // inadvertently or otherwise
443                                if keys.len() > MAX_JWK_KEYS_PER_FETCH {
444                                    warn!("Provider {:?} sent too many JWKs, only the first {} will be used", p, MAX_JWK_KEYS_PER_FETCH);
445                                    keys.truncate(MAX_JWK_KEYS_PER_FETCH);
446                                }
447
448                                for (id, jwk) in keys.into_iter() {
449                                    jwk_log!("Submitting JWK to consensus: {:?}", id);
450
451                                    let txn = ConsensusTransaction::new_jwk_fetched(authority, id, jwk);
452                                    consensus_adapter.submit(txn, None, &epoch_store, None, None)
453                                        .tap_err(|e| warn!("Error when submitting JWKs to consensus {:?}", e))
454                                        .ok();
455                                }
456                            }
457                        }
458                        tokio::time::sleep(fetch_interval).await;
459                    }
460                }
461                .instrument(error_span!("jwk_updater_task", epoch)),
462            ));
463        }
464    }
465
466    pub async fn start_async(
467        config: NodeConfig,
468        registry_service: RegistryService,
469        server_version: ServerVersion,
470    ) -> Result<Arc<SuiNode>> {
471        NodeConfigMetrics::new(&registry_service.default_registry()).record_metrics(&config);
472        let mut config = config.clone();
473        if config.supported_protocol_versions.is_none() {
474            info!(
475                "populating config.supported_protocol_versions with default {:?}",
476                SupportedProtocolVersions::SYSTEM_DEFAULT
477            );
478            config.supported_protocol_versions = Some(SupportedProtocolVersions::SYSTEM_DEFAULT);
479        }
480
481        let run_with_range = config.run_with_range;
482        let prometheus_registry = registry_service.default_registry();
483        let node_role = config.intended_node_role();
484
485        info!(node =? config.protocol_public_key(),
486            "Initializing sui-node listening on {} with role {:?}", config.network_address, node_role
487        );
488
489        // Initialize metrics to track db usage before creating any stores
490        DBMetrics::init(registry_service.clone());
491
492        // Initialize db sync-to-disk setting from config (falls back to env var if not set)
493        typed_store::init_write_sync(config.enable_db_sync_to_disk);
494
495        // Initialize Mysten metrics.
496        mysten_metrics::init_metrics(&prometheus_registry);
497        // Unsupported (because of the use of static variable) and unnecessary in simtests.
498        #[cfg(not(msim))]
499        mysten_metrics::thread_stall_monitor::start_thread_stall_monitor();
500
501        let genesis = config.genesis()?.clone();
502
503        let secret = Arc::pin(config.protocol_key_pair().copy());
504        let genesis_committee = genesis.committee();
505        let committee_store = Arc::new(CommitteeStore::new(
506            config.db_path().join("epochs"),
507            &genesis_committee,
508            None,
509        ));
510
511        let pruner_watermarks = Arc::new(PrunerWatermarks::default());
512        let checkpoint_store = CheckpointStore::new(
513            &config.db_path().join("checkpoints"),
514            pruner_watermarks.clone(),
515        );
516        let checkpoint_metrics = CheckpointMetrics::new(&registry_service.default_registry());
517
518        if node_role.runs_consensus() {
519            Self::check_and_recover_forks(
520                &checkpoint_store,
521                &checkpoint_metrics,
522                config.fork_recovery.as_ref(),
523            )
524            .await?;
525        }
526
527        // By default, only enable write stall on nodes that run consensus.
528        let enable_write_stall = config
529            .enable_db_write_stall
530            .unwrap_or(node_role.runs_consensus());
531        // The tidehunter objects compactor retains only the latest version per
532        // ObjectID and is mutually exclusive with the object pruner. Enable it
533        // for validators (which always disable the pruner), and also for any
534        // node configured with `num_epochs_to_retain = 0` — that aggressive
535        // setting is what the compactor replaces. The pruner is force-disabled
536        // in `AuthorityStorePruner::new` whenever this is true.
537        let enable_objects_compactor = node_role.is_validator()
538            || config.authority_store_pruning_config.num_epochs_to_retain == 0;
539        let perpetual_tables_options = AuthorityPerpetualTablesOptions {
540            enable_write_stall,
541            enable_objects_compactor,
542        };
543        let perpetual_tables = Arc::new(AuthorityPerpetualTables::open(
544            &config.db_store_path(),
545            Some(perpetual_tables_options),
546            Some(pruner_watermarks.epoch_id.clone()),
547        ));
548        let is_genesis = perpetual_tables
549            .database_is_empty()
550            .expect("Database read should not fail at init.");
551
552        let backpressure_manager =
553            BackpressureManager::new_from_checkpoint_store(&checkpoint_store);
554
555        let store =
556            AuthorityStore::open(perpetual_tables, &genesis, &config, &prometheus_registry).await?;
557
558        let cur_epoch = store.get_recovery_epoch_at_restart()?;
559        let committee = committee_store
560            .get_committee(&cur_epoch)?
561            .expect("Committee of the current epoch must exist");
562        let epoch_start_configuration = store
563            .get_epoch_start_configuration()?
564            .expect("EpochStartConfiguration of the current epoch must exist");
565        let cache_metrics = Arc::new(ResolverMetrics::new(&prometheus_registry));
566        let signature_verifier_metrics = SignatureVerifierMetrics::new(&prometheus_registry);
567
568        let cache_traits = build_execution_cache(
569            &config.execution_cache,
570            &prometheus_registry,
571            &store,
572            backpressure_manager.clone(),
573        );
574
575        let auth_agg = {
576            let safe_client_metrics_base = SafeClientMetricsBase::new(&prometheus_registry);
577            Arc::new(ArcSwap::new(Arc::new(
578                AuthorityAggregator::new_from_epoch_start_state(
579                    epoch_start_configuration.epoch_start_state(),
580                    &committee_store,
581                    safe_client_metrics_base,
582                ),
583            )))
584        };
585
586        let chain_id = ChainIdentifier::from(*genesis.checkpoint().digest());
587        let chain = match config.chain_override_for_testing {
588            Some(chain) => chain,
589            None => ChainIdentifier::from(*genesis.checkpoint().digest()).chain(),
590        };
591
592        let highest_executed_checkpoint = checkpoint_store
593            .get_highest_executed_checkpoint_seq_number()
594            .expect("checkpoint store read cannot fail")
595            .unwrap_or(0);
596
597        let previous_epoch_last_checkpoint = if cur_epoch == 0 {
598            0
599        } else {
600            checkpoint_store
601                .get_epoch_last_checkpoint_seq_number(cur_epoch - 1)
602                .expect("checkpoint store read cannot fail")
603                .unwrap_or(highest_executed_checkpoint)
604        };
605
606        let epoch_options = default_db_options().optimize_db_for_write_throughput(4, false);
607        let epoch_store = AuthorityPerEpochStore::new(
608            config.protocol_public_key(),
609            committee.clone(),
610            &config.db_store_path(),
611            Some(epoch_options.options),
612            EpochMetrics::new(&registry_service.default_registry()),
613            epoch_start_configuration,
614            cache_traits.backing_package_store.clone(),
615            cache_traits.object_store.clone(),
616            cache_metrics,
617            signature_verifier_metrics,
618            &config.expensive_safety_check_config,
619            (chain_id, chain),
620            highest_executed_checkpoint,
621            previous_epoch_last_checkpoint,
622            Arc::new(SubmittedTransactionCacheMetrics::new(
623                &registry_service.default_registry(),
624            )),
625            config.fullnode_sync_mode,
626        )?;
627
628        info!("created epoch store");
629
630        replay_log!(
631            "Beginning replay run. Epoch: {:?}, Protocol config: {:?}",
632            epoch_store.epoch(),
633            epoch_store.protocol_config()
634        );
635
636        // the database is empty at genesis time
637        if is_genesis {
638            info!("checking SUI conservation at genesis");
639            // When we are opening the db table, the only time when it's safe to
640            // check SUI conservation is at genesis. Otherwise we may be in the middle of
641            // an epoch and the SUI conservation check will fail. This also initialize
642            // the expected_network_sui_amount table.
643            cache_traits
644                .reconfig_api
645                .expensive_check_sui_conservation(&epoch_store)
646                .expect("SUI conservation check cannot fail at genesis");
647        }
648
649        let effective_buffer_stake = epoch_store.get_effective_buffer_stake_bps();
650        let default_buffer_stake = epoch_store
651            .protocol_config()
652            .buffer_stake_for_protocol_upgrade_bps();
653        if effective_buffer_stake != default_buffer_stake {
654            warn!(
655                ?effective_buffer_stake,
656                ?default_buffer_stake,
657                "buffer_stake_for_protocol_upgrade_bps is currently overridden"
658            );
659        }
660
661        checkpoint_store.insert_genesis_checkpoint(
662            genesis.checkpoint(),
663            genesis.checkpoint_contents().clone(),
664            &epoch_store,
665        );
666
667        info!("creating state sync store");
668        let state_sync_store = RocksDbStore::new(
669            cache_traits.clone(),
670            committee_store.clone(),
671            checkpoint_store.clone(),
672        );
673
674        let index_store = if node_role.is_fullnode() && config.enable_index_processing {
675            info!("creating jsonrpc index store");
676            Some(Arc::new(IndexStore::new(
677                config.db_path().join("indexes"),
678                &prometheus_registry,
679                epoch_store
680                    .protocol_config()
681                    .max_move_identifier_len_as_option(),
682                config.remove_deprecated_tables,
683            )))
684        } else {
685            None
686        };
687
688        let chain_identifier = epoch_store.get_chain_identifier();
689
690        // The embedded `sui-rpc-store` is the node's index backend: when
691        // indexing is enabled it builds the derived-index and ledger-history
692        // column families (indexed independently of the authority store) and
693        // serves the index read paths from the embedded store. Raw chain data
694        // is still served from the perpetual store.
695        let mut embedded_rpc_store =
696            if node_role.is_fullnode() && config.rpc().is_some_and(|rpc| rpc.enable_indexing()) {
697                info!("creating embedded rpc-store");
698                // The embedded `sui-rpc-store` replaced the legacy `rpc-index`
699                // backend; remove its now-dead on-disk directory if a prior
700                // version left one behind.
701                remove_legacy_rpc_index_store(&config.db_path());
702                // The tip indexer pulls checkpoints from the node's local
703                // checkpoint / perpetual stores via a dedicated read handle.
704                let ingestion_source = RocksDbStore::new(
705                    cache_traits.clone(),
706                    committee_store.clone(),
707                    checkpoint_store.clone(),
708                );
709                let embedded_rpc_store = EmbeddedRpcStore::bootstrap(
710                    &config,
711                    &store,
712                    &checkpoint_store,
713                    ingestion_source,
714                    chain_identifier,
715                    &prometheus_registry,
716                )
717                .await?;
718                Some(embedded_rpc_store)
719            } else {
720                None
721            };
722
723        info!("creating archive reader");
724        // Create network
725        let (randomness_tx, randomness_rx) = mpsc::channel(
726            config
727                .p2p_config
728                .randomness
729                .clone()
730                .unwrap_or_default()
731                .mailbox_capacity(),
732        );
733        let P2pComponents {
734            p2p_network,
735            known_peers,
736            discovery_handle,
737            state_sync_handle,
738            randomness_handle,
739            endpoint_manager,
740        } = Self::create_p2p_network(
741            &config,
742            state_sync_store.clone(),
743            chain_identifier,
744            randomness_tx,
745            &prometheus_registry,
746        )?;
747
748        // Inject configured peer address overrides.
749        for peer in &config.p2p_config.peer_address_overrides {
750            endpoint_manager
751                .update_endpoint(
752                    EndpointId::P2p(peer.peer_id),
753                    AddressSource::Config,
754                    peer.addresses.clone(),
755                )
756                .expect("Updating peer address overrides should not fail");
757        }
758
759        // Send initial peer addresses to the p2p network.
760        update_peer_addresses(
761            &config,
762            &endpoint_manager,
763            epoch_store.epoch_start_state(),
764            None,
765        );
766
767        info!("start snapshot upload");
768        // Start uploading state snapshot to remote store
769        let state_snapshot_handle = Self::start_state_snapshot(
770            &config,
771            &prometheus_registry,
772            checkpoint_store.clone(),
773            chain_identifier,
774        )?;
775
776        // Start uploading db checkpoints to remote store
777        info!("start db checkpoint");
778        let (db_checkpoint_config, db_checkpoint_handle) = Self::start_db_checkpoint(
779            &config,
780            &prometheus_registry,
781            state_snapshot_handle.is_some(),
782        )?;
783
784        if !epoch_store
785            .protocol_config()
786            .simplified_unwrap_then_delete()
787        {
788            // We cannot prune tombstones if simplified_unwrap_then_delete is not enabled.
789            config
790                .authority_store_pruning_config
791                .set_killswitch_tombstone_pruning(true);
792        }
793
794        let authority_name = config.protocol_public_key();
795
796        info!("create authority state");
797        let state = AuthorityState::new(
798            authority_name,
799            secret,
800            config.supported_protocol_versions.unwrap(),
801            store.clone(),
802            cache_traits.clone(),
803            epoch_store.clone(),
804            committee_store.clone(),
805            index_store.clone(),
806            embedded_rpc_store.as_ref().map(|embedded| embedded.store()),
807            checkpoint_store.clone(),
808            &prometheus_registry,
809            genesis.objects(),
810            &db_checkpoint_config,
811            config.clone(),
812            chain_identifier,
813            config.policy_config.clone(),
814            config.firewall_config.clone(),
815            pruner_watermarks,
816        )
817        .await;
818        // ensure genesis txn was executed
819        if epoch_store.epoch() == 0 {
820            let txn = &genesis.transaction();
821            let span = error_span!("genesis_txn", tx_digest = ?txn.digest());
822            let transaction =
823                sui_types::executable_transaction::VerifiedExecutableTransaction::new_unchecked(
824                    sui_types::executable_transaction::ExecutableTransaction::new_from_data_and_sig(
825                        genesis.transaction().data().clone(),
826                        sui_types::executable_transaction::CertificateProof::Checkpoint(0, 0),
827                    ),
828                );
829            let _enter = span.enter();
830            state
831                .try_execute_immediately(&transaction, ExecutionEnv::new(), &epoch_store)
832                .unwrap();
833        }
834
835        // Start the loop that receives new randomness and generates transactions for it.
836        // The returned is long-lived (node lifetime).
837        let randomness_receiver_handle =
838            RandomnessRoundReceiver::spawn(state.clone(), randomness_rx);
839
840        let (end_of_epoch_channel, end_of_epoch_receiver) =
841            broadcast::channel(config.end_of_epoch_broadcast_channel_capacity);
842
843        let transaction_orchestrator = if node_role.is_fullnode() && run_with_range.is_none() {
844            Some(Arc::new(TransactionOrchestrator::new_with_auth_aggregator(
845                auth_agg.load_full(),
846                state.clone(),
847                end_of_epoch_receiver,
848                &config.db_path(),
849                &prometheus_registry,
850                &config,
851            )))
852        } else {
853            None
854        };
855
856        let (http_servers, subscription_service_checkpoint_sender) = build_http_servers(
857            state.clone(),
858            state_sync_store,
859            &transaction_orchestrator.clone(),
860            &config,
861            &prometheus_registry,
862            server_version,
863            node_role,
864            embedded_rpc_store.as_ref(),
865        )
866        .await?;
867
868        // Start the embedded rpc-store's tip indexer. It follows the tip
869        // via the checkpoint executor's broadcast stream and backfills
870        // any gap from the perpetual store. Spawned on a background task
871        // (see `spawn_indexer`) so node startup does not block on the
872        // first checkpoint, which the executor only produces after this
873        // function returns.
874        if let Some(embedded) = embedded_rpc_store.as_mut() {
875            embedded.spawn_indexer(
876                subscription_service_checkpoint_sender.clone(),
877                prometheus_registry.clone(),
878            );
879        }
880
881        let global_state_hasher = Arc::new(GlobalStateHasher::new(
882            cache_traits.global_state_hash_store.clone(),
883            GlobalStateHashMetrics::new(&prometheus_registry),
884        ));
885
886        let network_connection_metrics = mysten_network::quinn_metrics::QuinnConnectionMetrics::new(
887            "sui",
888            &registry_service.default_registry(),
889        );
890
891        let connection_monitor_handle =
892            mysten_network::anemo_connection_monitor::AnemoConnectionMonitor::spawn(
893                p2p_network.downgrade(),
894                Arc::new(network_connection_metrics),
895                known_peers,
896            );
897
898        let sui_node_metrics = Arc::new(SuiNodeMetrics::new(&registry_service.default_registry()));
899
900        sui_node_metrics
901            .binary_max_protocol_version
902            .set(ProtocolVersion::MAX.as_u64() as i64);
903        sui_node_metrics
904            .configured_max_protocol_version
905            .set(config.supported_protocol_versions.unwrap().max.as_u64() as i64);
906
907        let node_role = epoch_store.node_role();
908        let validator_components = if node_role.runs_consensus() {
909            let mut components = Self::construct_validator_components(
910                config.clone(),
911                state.clone(),
912                committee,
913                epoch_store.clone(),
914                checkpoint_store.clone(),
915                state_sync_handle.clone(),
916                randomness_handle.clone(),
917                Arc::downgrade(&global_state_hasher),
918                backpressure_manager.clone(),
919                &registry_service,
920                sui_node_metrics.clone(),
921                checkpoint_metrics.clone(),
922                node_role,
923                randomness_receiver_handle.clone(),
924            )
925            .await?;
926
927            if node_role.is_validator() {
928                components
929                    .consensus_adapter
930                    .recover_end_of_publish(&epoch_store);
931
932                // Start the gRPC server
933                components.validator_server_handle = Some(
934                    components
935                        .validator_server_handle
936                        .take()
937                        .unwrap()
938                        .start()
939                        .await,
940                );
941
942                // Set the consensus address updater so that we can update the consensus peer addresses when requested.
943                endpoint_manager
944                    .set_consensus_address_updater(components.consensus_manager.clone());
945            } else {
946                info!("Starting node as Observer — connecting to configured peers");
947            }
948
949            Some(components)
950        } else {
951            None
952        };
953
954        // setup shutdown channel
955        let (shutdown_channel, _) = broadcast::channel::<Option<RunWithRange>>(1);
956
957        let node = Self {
958            config,
959            validator_components: Mutex::new(validator_components),
960            http_servers,
961            state,
962            transaction_orchestrator,
963            registry_service,
964            metrics: sui_node_metrics,
965            checkpoint_metrics,
966
967            _discovery: discovery_handle,
968            _connection_monitor_handle: connection_monitor_handle,
969            state_sync_handle,
970            randomness_handle,
971            checkpoint_store,
972            global_state_hasher: Mutex::new(Some(global_state_hasher)),
973            end_of_epoch_channel,
974            endpoint_manager,
975            backpressure_manager,
976
977            _db_checkpoint_handle: db_checkpoint_handle,
978
979            #[cfg(msim)]
980            sim_state: Default::default(),
981
982            _state_snapshot_uploader_handle: state_snapshot_handle,
983            shutdown_channel_tx: shutdown_channel,
984            randomness_receiver_handle,
985
986            auth_agg,
987            subscription_service_checkpoint_sender,
988            embedded_rpc_store,
989        };
990
991        info!("SuiNode started!");
992        let node = Arc::new(node);
993        let node_copy = node.clone();
994        spawn_monitored_task!(async move {
995            let result = Self::monitor_reconfiguration(node_copy, epoch_store).await;
996            if let Err(error) = result {
997                warn!("Reconfiguration finished with error {:?}", error);
998            }
999        });
1000
1001        Ok(node)
1002    }
1003
1004    pub fn subscribe_to_epoch_change(&self) -> broadcast::Receiver<SuiSystemState> {
1005        self.end_of_epoch_channel.subscribe()
1006    }
1007
1008    pub fn subscribe_to_shutdown_channel(&self) -> broadcast::Receiver<Option<RunWithRange>> {
1009        self.shutdown_channel_tx.subscribe()
1010    }
1011
1012    pub fn current_epoch_for_testing(&self) -> EpochId {
1013        self.state.current_epoch_for_testing()
1014    }
1015
1016    pub fn db_checkpoint_path(&self) -> PathBuf {
1017        self.config.db_checkpoint_path()
1018    }
1019
1020    // Init reconfig process by starting to reject user certs
1021    pub async fn close_epoch(&self, epoch_store: &Arc<AuthorityPerEpochStore>) -> SuiResult {
1022        info!("close_epoch (current epoch = {})", epoch_store.epoch());
1023        self.validator_components
1024            .lock()
1025            .await
1026            .as_ref()
1027            .ok_or_else(|| SuiError::from("Node is not a validator"))?
1028            .consensus_adapter
1029            .close_epoch(epoch_store);
1030        Ok(())
1031    }
1032
1033    pub fn clear_override_protocol_upgrade_buffer_stake(&self, epoch: EpochId) -> SuiResult {
1034        self.state
1035            .clear_override_protocol_upgrade_buffer_stake(epoch)
1036    }
1037
1038    pub fn set_override_protocol_upgrade_buffer_stake(
1039        &self,
1040        epoch: EpochId,
1041        buffer_stake_bps: u64,
1042    ) -> SuiResult {
1043        self.state
1044            .set_override_protocol_upgrade_buffer_stake(epoch, buffer_stake_bps)
1045    }
1046
1047    // Testing-only API to start epoch close process.
1048    // For production code, please use the non-testing version.
1049    pub async fn close_epoch_for_testing(&self) -> SuiResult {
1050        let epoch_store = self.state.epoch_store_for_testing();
1051        self.close_epoch(&epoch_store).await
1052    }
1053
1054    fn start_state_snapshot(
1055        config: &NodeConfig,
1056        prometheus_registry: &Registry,
1057        checkpoint_store: Arc<CheckpointStore>,
1058        chain_identifier: ChainIdentifier,
1059    ) -> Result<Option<tokio::sync::broadcast::Sender<()>>> {
1060        if let Some(remote_store_config) = &config.state_snapshot_write_config.object_store_config {
1061            let snapshot_uploader = StateSnapshotUploader::new(
1062                &config.db_checkpoint_path(),
1063                &config.snapshot_path(),
1064                remote_store_config.clone(),
1065                60,
1066                prometheus_registry,
1067                checkpoint_store,
1068                chain_identifier,
1069                config.state_snapshot_write_config.archive_interval_epochs,
1070            )?;
1071            Ok(Some(snapshot_uploader.start()))
1072        } else {
1073            Ok(None)
1074        }
1075    }
1076
1077    fn start_db_checkpoint(
1078        config: &NodeConfig,
1079        prometheus_registry: &Registry,
1080        state_snapshot_enabled: bool,
1081    ) -> Result<(
1082        DBCheckpointConfig,
1083        Option<tokio::sync::broadcast::Sender<()>>,
1084    )> {
1085        let checkpoint_path = Some(
1086            config
1087                .db_checkpoint_config
1088                .checkpoint_path
1089                .clone()
1090                .unwrap_or_else(|| config.db_checkpoint_path()),
1091        );
1092        let db_checkpoint_config = if config.db_checkpoint_config.checkpoint_path.is_none() {
1093            DBCheckpointConfig {
1094                checkpoint_path,
1095                perform_db_checkpoints_at_epoch_end: if state_snapshot_enabled {
1096                    true
1097                } else {
1098                    config
1099                        .db_checkpoint_config
1100                        .perform_db_checkpoints_at_epoch_end
1101                },
1102                ..config.db_checkpoint_config.clone()
1103            }
1104        } else {
1105            config.db_checkpoint_config.clone()
1106        };
1107
1108        match (
1109            db_checkpoint_config.object_store_config.as_ref(),
1110            state_snapshot_enabled,
1111        ) {
1112            // If db checkpoint config object store not specified but
1113            // state snapshot object store is specified, create handler
1114            // anyway for marking db checkpoints as completed so that they
1115            // can be uploaded as state snapshots.
1116            (None, false) => Ok((db_checkpoint_config, None)),
1117            (_, _) => {
1118                let handler = DBCheckpointHandler::new(
1119                    &db_checkpoint_config.checkpoint_path.clone().unwrap(),
1120                    db_checkpoint_config.object_store_config.as_ref(),
1121                    60,
1122                    db_checkpoint_config
1123                        .prune_and_compact_before_upload
1124                        .unwrap_or(true),
1125                    config.authority_store_pruning_config.clone(),
1126                    prometheus_registry,
1127                    state_snapshot_enabled,
1128                )?;
1129                Ok((
1130                    db_checkpoint_config,
1131                    Some(DBCheckpointHandler::start(handler)),
1132                ))
1133            }
1134        }
1135    }
1136
1137    fn create_p2p_network(
1138        config: &NodeConfig,
1139        state_sync_store: RocksDbStore,
1140        chain_identifier: ChainIdentifier,
1141        randomness_tx: mpsc::Sender<(EpochId, RandomnessRound, Vec<u8>)>,
1142        prometheus_registry: &Registry,
1143    ) -> Result<P2pComponents> {
1144        let mut p2p_config = config.p2p_config.clone();
1145        {
1146            let disc = p2p_config.discovery.get_or_insert_with(Default::default);
1147            if disc.peer_addr_store_path.is_none() {
1148                disc.peer_addr_store_path =
1149                    Some(config.db_path().join("discovery_peer_cache.yaml"));
1150            }
1151        }
1152        let mut discovery_builder = discovery::Builder::new().config(p2p_config.clone());
1153        if let Some(consensus_config) = &config.consensus_config {
1154            let effective_addr = consensus_config
1155                .external_address
1156                .as_ref()
1157                .or(consensus_config.listen_address.as_ref());
1158            if let Some(addr) = effective_addr {
1159                discovery_builder = discovery_builder.consensus_external_address(addr.clone());
1160            }
1161        }
1162        let (discovery, discovery_server, endpoint_manager) = discovery_builder.build();
1163        let discovery_sender = discovery.sender();
1164
1165        let (state_sync, state_sync_router) = state_sync::Builder::new()
1166            .config(config.p2p_config.state_sync.clone().unwrap_or_default())
1167            .store(state_sync_store)
1168            .archive_config(config.archive_reader_config())
1169            .discovery_sender(discovery_sender)
1170            .with_metrics(prometheus_registry)
1171            .build();
1172
1173        let discovery_config = config.p2p_config.discovery.clone().unwrap_or_default();
1174        let known_peers: HashMap<PeerId, String> = discovery_config
1175            .allowlisted_peers
1176            .clone()
1177            .into_iter()
1178            .map(|ap| (ap.peer_id, "allowlisted_peer".to_string()))
1179            .chain(config.p2p_config.seed_peers.iter().filter_map(|peer| {
1180                peer.peer_id
1181                    .map(|peer_id| (peer_id, "seed_peer".to_string()))
1182            }))
1183            .collect();
1184
1185        let (randomness, randomness_router) =
1186            randomness::Builder::new(config.protocol_public_key(), randomness_tx)
1187                .config(config.p2p_config.randomness.clone().unwrap_or_default())
1188                .with_metrics(prometheus_registry)
1189                .build();
1190
1191        let p2p_network = {
1192            let routes = anemo::Router::new()
1193                .add_rpc_service(discovery_server)
1194                .merge(state_sync_router);
1195            let routes = routes.merge(randomness_router);
1196
1197            let inbound_network_metrics =
1198                mysten_network::metrics::NetworkMetrics::new("sui", "inbound", prometheus_registry);
1199            let outbound_network_metrics = mysten_network::metrics::NetworkMetrics::new(
1200                "sui",
1201                "outbound",
1202                prometheus_registry,
1203            );
1204
1205            let service = ServiceBuilder::new()
1206                .layer(
1207                    TraceLayer::new_for_server_errors()
1208                        .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1209                        .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1210                )
1211                .layer(CallbackLayer::new(
1212                    mysten_network::metrics::MetricsMakeCallbackHandler::new(
1213                        Arc::new(inbound_network_metrics),
1214                        config.p2p_config.excessive_message_size(),
1215                    ),
1216                ))
1217                .service(routes);
1218
1219            let outbound_layer = ServiceBuilder::new()
1220                .layer(
1221                    TraceLayer::new_for_client_and_server_errors()
1222                        .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1223                        .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1224                )
1225                .layer(CallbackLayer::new(
1226                    mysten_network::metrics::MetricsMakeCallbackHandler::new(
1227                        Arc::new(outbound_network_metrics),
1228                        config.p2p_config.excessive_message_size(),
1229                    ),
1230                ))
1231                .into_inner();
1232
1233            let mut anemo_config = config.p2p_config.anemo_config.clone().unwrap_or_default();
1234            // Inbound requests on this network are small (signatures, queries, summaries).
1235            // Cap request frames at 1 MiB.
1236            anemo_config.max_request_frame_size = Some(1 << 20);
1237            // Responses can be larger (checkpoint contents).
1238            // Cap response frames at 128 MiB.
1239            anemo_config.max_response_frame_size = Some(128 << 20);
1240
1241            // Set a higher default value for socket send/receive buffers if not already
1242            // configured.
1243            let mut quic_config = anemo_config.quic.unwrap_or_default();
1244            if quic_config.socket_send_buffer_size.is_none() {
1245                quic_config.socket_send_buffer_size = Some(20 << 20);
1246            }
1247            if quic_config.socket_receive_buffer_size.is_none() {
1248                quic_config.socket_receive_buffer_size = Some(20 << 20);
1249            }
1250            quic_config.allow_failed_socket_buffer_size_setting = true;
1251
1252            // Set high-performance defaults for quinn transport.
1253            // With 200MiB buffer size and ~500ms RTT, max throughput ~400MiB/s.
1254            if quic_config.max_concurrent_bidi_streams.is_none() {
1255                quic_config.max_concurrent_bidi_streams = Some(500);
1256            }
1257            if quic_config.max_concurrent_uni_streams.is_none() {
1258                quic_config.max_concurrent_uni_streams = Some(500);
1259            }
1260            if quic_config.stream_receive_window.is_none() {
1261                quic_config.stream_receive_window = Some(100 << 20);
1262            }
1263            if quic_config.receive_window.is_none() {
1264                quic_config.receive_window = Some(200 << 20);
1265            }
1266            if quic_config.send_window.is_none() {
1267                quic_config.send_window = Some(200 << 20);
1268            }
1269            if quic_config.crypto_buffer_size.is_none() {
1270                quic_config.crypto_buffer_size = Some(1 << 20);
1271            }
1272            if quic_config.max_idle_timeout_ms.is_none() {
1273                quic_config.max_idle_timeout_ms = Some(10_000);
1274            }
1275            if quic_config.keep_alive_interval_ms.is_none() {
1276                quic_config.keep_alive_interval_ms = Some(5_000);
1277            }
1278            anemo_config.quic = Some(quic_config);
1279
1280            let server_name = format!("sui-{}", chain_identifier);
1281            let network = Network::bind(config.p2p_config.listen_address)
1282                .server_name(&server_name)
1283                .private_key(config.network_key_pair().copy().private().0.to_bytes())
1284                .config(anemo_config)
1285                .outbound_request_layer(outbound_layer)
1286                .start(service)?;
1287            info!(
1288                server_name = server_name,
1289                "P2p network started on {}",
1290                network.local_addr()
1291            );
1292
1293            network
1294        };
1295
1296        let discovery_handle =
1297            discovery.start(p2p_network.clone(), config.network_key_pair().copy());
1298        let state_sync_handle = state_sync.start(p2p_network.clone());
1299        let randomness_handle = randomness.start(p2p_network.clone());
1300
1301        Ok(P2pComponents {
1302            p2p_network,
1303            known_peers,
1304            discovery_handle,
1305            state_sync_handle,
1306            randomness_handle,
1307            endpoint_manager,
1308        })
1309    }
1310
1311    async fn construct_validator_components(
1312        config: NodeConfig,
1313        state: Arc<AuthorityState>,
1314        committee: Arc<Committee>,
1315        epoch_store: Arc<AuthorityPerEpochStore>,
1316        checkpoint_store: Arc<CheckpointStore>,
1317        state_sync_handle: state_sync::Handle,
1318        randomness_handle: randomness::Handle,
1319        global_state_hasher: Weak<GlobalStateHasher>,
1320        backpressure_manager: Arc<BackpressureManager>,
1321        registry_service: &RegistryService,
1322        sui_node_metrics: Arc<SuiNodeMetrics>,
1323        checkpoint_metrics: Arc<CheckpointMetrics>,
1324        node_role: NodeRole,
1325        randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1326    ) -> Result<ValidatorComponents> {
1327        let mut config_clone = config.clone();
1328        let consensus_config = config_clone
1329            .consensus_config
1330            .as_mut()
1331            .ok_or_else(|| anyhow!("Node is missing consensus config"))?;
1332
1333        let client = Arc::new(UpdatableConsensusClient::new());
1334        let inflight_slot_freed_notify = Arc::new(tokio::sync::Notify::new());
1335        let consensus_adapter = Arc::new(Self::construct_consensus_adapter(
1336            &committee,
1337            consensus_config,
1338            state.name,
1339            &registry_service.default_registry(),
1340            client.clone(),
1341            checkpoint_store.clone(),
1342            inflight_slot_freed_notify.clone(),
1343        ));
1344
1345        let consensus_manager = Arc::new(ConsensusManager::new(
1346            &config,
1347            consensus_config,
1348            registry_service,
1349            client,
1350            node_role,
1351        ));
1352
1353        // This only gets started up once, not on every epoch. (Make call to remove every epoch.)
1354        let consensus_store_pruner = ConsensusStorePruner::new(
1355            consensus_manager.get_storage_base_path(),
1356            consensus_config.db_retention_epochs(),
1357            consensus_config.db_pruner_period(),
1358            &registry_service.default_registry(),
1359        );
1360
1361        let sui_tx_validator_metrics =
1362            SuiTxValidatorMetrics::new(&registry_service.default_registry());
1363
1364        let (validator_server_handle, admission_queue) = if node_role.is_validator() {
1365            let (handle, queue) = Self::start_grpc_validator_service(
1366                &config,
1367                state.clone(),
1368                consensus_adapter.clone(),
1369                epoch_store.clone(),
1370                &registry_service.default_registry(),
1371                inflight_slot_freed_notify,
1372            )
1373            .await?;
1374            (Some(handle), queue)
1375        } else {
1376            (None, None)
1377        };
1378
1379        // Starts an overload monitor that monitors the execution of the authority.
1380        // Don't start the overload monitor when max_load_shedding_percentage is 0.
1381        let validator_overload_monitor_handle = if node_role.is_validator()
1382            && config
1383                .authority_overload_config
1384                .max_load_shedding_percentage
1385                > 0
1386        {
1387            let authority_state = Arc::downgrade(&state);
1388            let overload_config = config.authority_overload_config.clone();
1389            fail_point!("starting_overload_monitor");
1390            Some(spawn_monitored_task!(overload_monitor(
1391                authority_state,
1392                overload_config,
1393            )))
1394        } else {
1395            None
1396        };
1397
1398        Self::start_epoch_specific_validator_components(
1399            &config,
1400            state.clone(),
1401            consensus_adapter,
1402            checkpoint_store,
1403            epoch_store,
1404            state_sync_handle,
1405            randomness_handle,
1406            randomness_receiver_handle,
1407            consensus_manager,
1408            consensus_store_pruner,
1409            global_state_hasher,
1410            backpressure_manager,
1411            validator_server_handle,
1412            validator_overload_monitor_handle,
1413            checkpoint_metrics,
1414            sui_node_metrics,
1415            sui_tx_validator_metrics,
1416            admission_queue,
1417            node_role,
1418        )
1419        .await
1420    }
1421
1422    async fn start_epoch_specific_validator_components(
1423        config: &NodeConfig,
1424        state: Arc<AuthorityState>,
1425        consensus_adapter: Arc<ConsensusAdapter>,
1426        checkpoint_store: Arc<CheckpointStore>,
1427        epoch_store: Arc<AuthorityPerEpochStore>,
1428        state_sync_handle: state_sync::Handle,
1429        randomness_handle: randomness::Handle,
1430        randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1431        consensus_manager: Arc<ConsensusManager>,
1432        consensus_store_pruner: ConsensusStorePruner,
1433        state_hasher: Weak<GlobalStateHasher>,
1434        backpressure_manager: Arc<BackpressureManager>,
1435        validator_server_handle: Option<SpawnOnce>,
1436        validator_overload_monitor_handle: Option<JoinHandle<()>>,
1437        checkpoint_metrics: Arc<CheckpointMetrics>,
1438        sui_node_metrics: Arc<SuiNodeMetrics>,
1439        sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
1440        admission_queue: Option<AdmissionQueueContext>,
1441        node_role: NodeRole,
1442    ) -> Result<ValidatorComponents> {
1443        let checkpoint_service = Self::build_checkpoint_service(
1444            config,
1445            consensus_adapter.clone(),
1446            checkpoint_store.clone(),
1447            epoch_store.clone(),
1448            state.clone(),
1449            state_sync_handle,
1450            state_hasher,
1451            checkpoint_metrics.clone(),
1452            node_role,
1453        );
1454
1455        // Clear the VSS public key from the previous epoch so any randomness round
1456        // signatures buffer in the channel until the new DKG completes.
1457        randomness_receiver_handle.clear_public_key();
1458
1459        if node_role.runs_consensus() && epoch_store.randomness_state_enabled() {
1460            let authority_key_pair = if node_role.is_validator() {
1461                Some(config.protocol_key_pair())
1462            } else {
1463                None
1464            };
1465            let randomness_manager = RandomnessManager::try_new(
1466                Arc::downgrade(&epoch_store),
1467                Box::new(consensus_adapter.clone()),
1468                randomness_handle,
1469                authority_key_pair,
1470                randomness_receiver_handle.clone(),
1471            )
1472            .await;
1473            if let Some(randomness_manager) = randomness_manager {
1474                epoch_store
1475                    .set_randomness_manager(randomness_manager)
1476                    .await?;
1477            }
1478        }
1479
1480        if node_role.is_validator() {
1481            ExecutionTimeObserver::spawn(
1482                epoch_store.clone(),
1483                Box::new(consensus_adapter.clone()),
1484                config
1485                    .execution_time_observer_config
1486                    .clone()
1487                    .unwrap_or_default(),
1488            );
1489        }
1490
1491        let throughput_calculator = Arc::new(ConsensusThroughputCalculator::new(
1492            None,
1493            state.metrics.clone(),
1494        ));
1495
1496        let consensus_handler_initializer = ConsensusHandlerInitializer::new(
1497            state.clone(),
1498            checkpoint_service.clone(),
1499            epoch_store.clone(),
1500            consensus_adapter.clone(),
1501            throughput_calculator,
1502            backpressure_manager,
1503            config.congestion_log.clone(),
1504        );
1505
1506        info!("Starting consensus manager asynchronously");
1507
1508        // Spawn consensus startup asynchronously to avoid blocking other components
1509        tokio::spawn({
1510            let config = config.clone();
1511            let epoch_store = epoch_store.clone();
1512            let sui_tx_validator = SuiTxValidator::new(
1513                state.clone(),
1514                epoch_store.clone(),
1515                checkpoint_service.clone(),
1516                sui_tx_validator_metrics.clone(),
1517            );
1518            let consensus_manager = consensus_manager.clone();
1519            async move {
1520                consensus_manager
1521                    .start(
1522                        &config,
1523                        epoch_store,
1524                        consensus_handler_initializer,
1525                        sui_tx_validator,
1526                        Some(randomness_receiver_handle),
1527                    )
1528                    .await;
1529            }
1530        });
1531        let replay_waiter = consensus_manager.replay_waiter();
1532
1533        info!("Spawning checkpoint service");
1534        let replay_waiter = if std::env::var("DISABLE_REPLAY_WAITER").is_ok() {
1535            None
1536        } else {
1537            Some(replay_waiter)
1538        };
1539        checkpoint_service
1540            .spawn(epoch_store.clone(), replay_waiter)
1541            .await;
1542
1543        if node_role.is_validator() && epoch_store.authenticator_state_enabled() {
1544            Self::start_jwk_updater(
1545                config,
1546                sui_node_metrics,
1547                state.name,
1548                epoch_store.clone(),
1549                consensus_adapter.clone(),
1550            );
1551        }
1552
1553        if let Some(ctx) = &admission_queue {
1554            ctx.rotate_for_epoch(epoch_store);
1555        }
1556
1557        Ok(ValidatorComponents {
1558            validator_server_handle,
1559            validator_overload_monitor_handle,
1560            consensus_manager,
1561            consensus_store_pruner,
1562            consensus_adapter,
1563            checkpoint_metrics,
1564            sui_tx_validator_metrics,
1565            admission_queue,
1566        })
1567    }
1568
1569    fn build_checkpoint_service(
1570        config: &NodeConfig,
1571        consensus_adapter: Arc<ConsensusAdapter>,
1572        checkpoint_store: Arc<CheckpointStore>,
1573        epoch_store: Arc<AuthorityPerEpochStore>,
1574        state: Arc<AuthorityState>,
1575        state_sync_handle: state_sync::Handle,
1576        state_hasher: Weak<GlobalStateHasher>,
1577        checkpoint_metrics: Arc<CheckpointMetrics>,
1578        node_role: NodeRole,
1579    ) -> Arc<CheckpointService> {
1580        let epoch_start_timestamp_ms = epoch_store.epoch_start_state().epoch_start_timestamp_ms();
1581        let epoch_duration_ms = epoch_store.epoch_start_state().epoch_duration_ms();
1582
1583        debug!(
1584            "Starting checkpoint service with epoch start timestamp {}
1585            and epoch duration {}",
1586            epoch_start_timestamp_ms, epoch_duration_ms
1587        );
1588
1589        let checkpoint_output: Box<dyn CheckpointOutput> = if node_role.is_validator() {
1590            Box::new(SubmitCheckpointToConsensus::new(
1591                consensus_adapter,
1592                state.secret.clone(),
1593                config.protocol_public_key(),
1594                epoch_start_timestamp_ms
1595                    .checked_add(epoch_duration_ms)
1596                    .expect("Overflow calculating next_reconfiguration_timestamp_ms"),
1597                checkpoint_metrics.clone(),
1598            ))
1599        } else {
1600            Box::new(LogCheckpointOutput::new(checkpoint_metrics.clone()))
1601        };
1602
1603        let certified_checkpoint_output = SendCheckpointToStateSync::new(state_sync_handle);
1604
1605        CheckpointService::build(
1606            state.clone(),
1607            checkpoint_store,
1608            epoch_store,
1609            state.get_transaction_cache_reader().clone(),
1610            state_hasher,
1611            checkpoint_output,
1612            Box::new(certified_checkpoint_output),
1613            checkpoint_metrics,
1614        )
1615    }
1616
1617    fn construct_consensus_adapter(
1618        committee: &Committee,
1619        consensus_config: &ConsensusConfig,
1620        authority: AuthorityName,
1621        prometheus_registry: &Registry,
1622        consensus_client: Arc<dyn ConsensusClient>,
1623        checkpoint_store: Arc<CheckpointStore>,
1624        inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1625    ) -> ConsensusAdapter {
1626        let ca_metrics = ConsensusAdapterMetrics::new(prometheus_registry);
1627        // The consensus adapter allows the authority to send user certificates through consensus.
1628
1629        ConsensusAdapter::new(
1630            consensus_client,
1631            checkpoint_store,
1632            authority,
1633            consensus_config.max_pending_transactions(),
1634            consensus_config.max_pending_transactions() * 2 / committee.num_members(),
1635            ca_metrics,
1636            inflight_slot_freed_notify,
1637        )
1638    }
1639
1640    async fn start_grpc_validator_service(
1641        config: &NodeConfig,
1642        state: Arc<AuthorityState>,
1643        consensus_adapter: Arc<ConsensusAdapter>,
1644        epoch_store: Arc<AuthorityPerEpochStore>,
1645        prometheus_registry: &Registry,
1646        inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1647    ) -> Result<(SpawnOnce, Option<AdmissionQueueContext>)> {
1648        let overload_config = &config.authority_overload_config;
1649        let admission_queue = overload_config.admission_queue_enabled.then(|| {
1650            let manager = Arc::new(AdmissionQueueManager::new(
1651                consensus_adapter.clone(),
1652                Arc::new(AdmissionQueueMetrics::new(prometheus_registry)),
1653                overload_config.admission_queue_capacity_fraction,
1654                overload_config.admission_queue_bypass_fraction,
1655                overload_config.admission_queue_failover_timeout,
1656                inflight_slot_freed_notify,
1657            ));
1658            AdmissionQueueContext::spawn(manager, epoch_store)
1659        });
1660        let validator_service = ValidatorService::new(
1661            state.clone(),
1662            consensus_adapter,
1663            Arc::new(ValidatorServiceMetrics::new(prometheus_registry)),
1664            config.policy_config.clone().map(|p| p.client_id_source),
1665            admission_queue.clone(),
1666        );
1667
1668        let mut server_conf = mysten_network::config::Config::new();
1669        server_conf.connect_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1670        server_conf.http2_keepalive_interval = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1671        server_conf.http2_keepalive_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1672        server_conf.global_concurrency_limit = config.grpc_concurrency_limit;
1673        server_conf.load_shed = config.grpc_load_shed;
1674        let mut server_builder =
1675            ServerBuilder::from_config(&server_conf, GrpcMetrics::new(prometheus_registry));
1676
1677        server_builder = server_builder.add_service(ValidatorServer::new(validator_service));
1678
1679        let tls_config = sui_tls::create_rustls_server_config(
1680            config.network_key_pair().copy().private(),
1681            SUI_TLS_SERVER_NAME.to_string(),
1682        );
1683
1684        let network_address = config.network_address().clone();
1685
1686        let (ready_tx, ready_rx) = oneshot::channel();
1687
1688        let spawn_once = SpawnOnce::new(ready_rx, async move {
1689            let server = server_builder
1690                .bind(&network_address, Some(tls_config))
1691                .await
1692                .unwrap_or_else(|err| panic!("Failed to bind to {network_address}: {err}"));
1693            let local_addr = server.local_addr();
1694            info!("Listening to traffic on {local_addr}");
1695            ready_tx.send(()).unwrap();
1696            if let Err(err) = server.serve().await {
1697                info!("Server stopped: {err}");
1698            }
1699            info!("Server stopped");
1700        });
1701        Ok((spawn_once, admission_queue))
1702    }
1703
1704    pub fn state(&self) -> Arc<AuthorityState> {
1705        self.state.clone()
1706    }
1707
1708    /// The embedded `sui-rpc-store` index backend, when the node is a
1709    /// fullnode with indexing enabled. Exposes the startup bootstrap
1710    /// decision and per-cohort watermarks for introspection (used by
1711    /// tests to observe restore/resume behavior across restarts without
1712    /// going through the RPC surface).
1713    pub fn embedded_rpc_store(&self) -> Option<&EmbeddedRpcStore> {
1714        self.embedded_rpc_store.as_ref()
1715    }
1716
1717    #[cfg(any(test, msim))]
1718    pub fn connection_monitor_handle_for_testing(
1719        &self,
1720    ) -> &mysten_network::anemo_connection_monitor::ConnectionMonitorHandle {
1721        &self._connection_monitor_handle
1722    }
1723
1724    pub fn node_role(&self) -> NodeRole {
1725        self.state.load_epoch_store_one_call_per_task().node_role()
1726    }
1727
1728    // Only used for testing because of how epoch store is loaded.
1729    pub fn reference_gas_price_for_testing(&self) -> Result<u64, anyhow::Error> {
1730        self.state.reference_gas_price_for_testing()
1731    }
1732
1733    pub fn clone_committee_store(&self) -> Arc<CommitteeStore> {
1734        self.state.committee_store().clone()
1735    }
1736
1737    pub fn clone_checkpoint_store(&self) -> Arc<CheckpointStore> {
1738        self.checkpoint_store.clone()
1739    }
1740
1741    pub fn clone_authority_store(&self) -> Arc<AuthorityStore> {
1742        self.state.authority_store()
1743    }
1744
1745    pub fn clone_consensus_store(
1746        &self,
1747    ) -> Option<Arc<consensus_core::storage::rocksdb_store::RocksDBStore>> {
1748        self.validator_components
1749            .try_lock()
1750            .ok()?
1751            .as_ref()?
1752            .consensus_manager
1753            .consensus_store()
1754    }
1755
1756    /// Clone an AuthorityAggregator currently used in this node, if the node is a fullnode.
1757    /// After reconfig, Transaction Driver builds a new AuthorityAggregator. The caller
1758    /// of this function will mostly likely want to call this again
1759    /// to get a fresh one.
1760    pub fn clone_authority_aggregator(
1761        &self,
1762    ) -> Option<Arc<AuthorityAggregator<NetworkAuthorityClient>>> {
1763        self.transaction_orchestrator
1764            .as_ref()
1765            .map(|to| to.clone_authority_aggregator())
1766    }
1767
1768    pub fn transaction_orchestrator(
1769        &self,
1770    ) -> Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>> {
1771        self.transaction_orchestrator.clone()
1772    }
1773
1774    /// This function awaits the completion of checkpoint execution of the current epoch,
1775    /// after which it initiates reconfiguration of the entire system.
1776    pub async fn monitor_reconfiguration(
1777        self: Arc<Self>,
1778        mut epoch_store: Arc<AuthorityPerEpochStore>,
1779    ) -> Result<()> {
1780        let checkpoint_executor_metrics =
1781            CheckpointExecutorMetrics::new(&self.registry_service.default_registry());
1782
1783        loop {
1784            let mut hasher_guard = self.global_state_hasher.lock().await;
1785            let hasher = hasher_guard.take().unwrap();
1786            info!(
1787                "Creating checkpoint executor for epoch {}",
1788                epoch_store.epoch()
1789            );
1790            let checkpoint_executor = CheckpointExecutor::new(
1791                epoch_store.clone(),
1792                self.checkpoint_store.clone(),
1793                self.state.clone(),
1794                hasher.clone(),
1795                self.backpressure_manager.clone(),
1796                self.config.checkpoint_executor_config.clone(),
1797                checkpoint_executor_metrics.clone(),
1798                self.subscription_service_checkpoint_sender.clone(),
1799            );
1800
1801            let run_with_range = self.config.run_with_range;
1802
1803            let cur_epoch_store = self.state.load_epoch_store_one_call_per_task();
1804
1805            // Update the current protocol version metric.
1806            self.metrics
1807                .current_protocol_version
1808                .set(cur_epoch_store.protocol_config().version.as_u64() as i64);
1809
1810            // Advertise capabilities to committee, if we are a validator.
1811            // FullNodes that state sync via consensus will also have validator components, by they are not supposed to submit any capabilities.
1812            if let Some(components) = &*self.validator_components.lock().await
1813                && cur_epoch_store.is_validator()
1814            {
1815                // TODO: without this sleep, the consensus message is not delivered reliably.
1816                tokio::time::sleep(Duration::from_millis(1)).await;
1817
1818                let config = cur_epoch_store.protocol_config();
1819                let mut supported_protocol_versions = self
1820                    .config
1821                    .supported_protocol_versions
1822                    .expect("Supported versions should be populated")
1823                    // no need to send digests of versions less than the current version
1824                    .truncate_below(config.version);
1825
1826                while supported_protocol_versions.max > config.version {
1827                    let proposed_protocol_config = ProtocolConfig::get_for_version(
1828                        supported_protocol_versions.max,
1829                        cur_epoch_store.get_chain(),
1830                    );
1831
1832                    if proposed_protocol_config.enable_accumulators()
1833                        && !epoch_store.accumulator_root_exists()
1834                    {
1835                        error!(
1836                            "cannot upgrade to protocol version {:?} because accumulator root does not exist",
1837                            supported_protocol_versions.max
1838                        );
1839                        supported_protocol_versions.max = supported_protocol_versions.max.prev();
1840                    } else {
1841                        break;
1842                    }
1843                }
1844
1845                let binary_config = config.binary_config(None);
1846                let transaction = ConsensusTransaction::new_capability_notification_v2(
1847                    AuthorityCapabilitiesV2::new(
1848                        self.state.name,
1849                        cur_epoch_store.get_chain_identifier().chain(),
1850                        supported_protocol_versions,
1851                        self.state
1852                            .get_available_system_packages(&binary_config)
1853                            .await,
1854                    ),
1855                );
1856                info!(?transaction, "submitting capabilities to consensus");
1857                components.consensus_adapter.submit(
1858                    transaction,
1859                    None,
1860                    &cur_epoch_store,
1861                    None,
1862                    None,
1863                )?;
1864            }
1865
1866            let stop_condition = checkpoint_executor.run_epoch(run_with_range).await;
1867
1868            if stop_condition == StopReason::RunWithRangeCondition {
1869                SuiNode::shutdown(&self).await;
1870                self.shutdown_channel_tx
1871                    .send(run_with_range)
1872                    .expect("RunWithRangeCondition met but failed to send shutdown message");
1873                return Ok(());
1874            }
1875
1876            // Safe to call because we are in the middle of reconfiguration.
1877            let latest_system_state = self
1878                .state
1879                .get_object_cache_reader()
1880                .get_sui_system_state_object_unsafe()
1881                .expect("Read Sui System State object cannot fail");
1882
1883            #[cfg(msim)]
1884            if !self
1885                .sim_state
1886                .sim_safe_mode_expected
1887                .load(Ordering::Relaxed)
1888            {
1889                debug_assert!(!latest_system_state.safe_mode());
1890            }
1891
1892            #[cfg(not(msim))]
1893            debug_assert!(!latest_system_state.safe_mode());
1894
1895            if let Err(err) = self.end_of_epoch_channel.send(latest_system_state.clone())
1896                && self.state.is_fullnode(&cur_epoch_store)
1897            {
1898                warn!(
1899                    "Failed to send end of epoch notification to subscriber: {:?}",
1900                    err
1901                );
1902            }
1903
1904            cur_epoch_store.record_is_safe_mode_metric(latest_system_state.safe_mode());
1905            let new_epoch_start_state = latest_system_state.into_epoch_start_state();
1906
1907            self.auth_agg.store(Arc::new(
1908                self.auth_agg
1909                    .load()
1910                    .recreate_with_new_epoch_start_state(&new_epoch_start_state),
1911            ));
1912
1913            let next_epoch_committee = new_epoch_start_state.get_sui_committee();
1914            let next_epoch = next_epoch_committee.epoch();
1915            assert_eq!(cur_epoch_store.epoch() + 1, next_epoch);
1916
1917            info!(
1918                next_epoch,
1919                "Finished executing all checkpoints in epoch. About to reconfigure the system."
1920            );
1921
1922            fail_point_async!("reconfig_delay");
1923
1924            cur_epoch_store.record_epoch_reconfig_start_time_metric();
1925
1926            update_peer_addresses(
1927                &self.config,
1928                &self.endpoint_manager,
1929                &new_epoch_start_state,
1930                Some(cur_epoch_store.epoch_start_state()),
1931            );
1932
1933            let mut validator_components_lock_guard = self.validator_components.lock().await;
1934
1935            // The following code handles 4 different cases, depending on whether the node
1936            // was a validator in the previous epoch, and whether the node is a validator
1937            // in the new epoch.
1938            let new_epoch_store = self
1939                .reconfigure_state(
1940                    &self.state,
1941                    &cur_epoch_store,
1942                    next_epoch_committee.clone(),
1943                    new_epoch_start_state,
1944                    hasher.clone(),
1945                )
1946                .await;
1947
1948            let new_role = new_epoch_store.node_role();
1949
1950            let new_validator_components = if let Some(ValidatorComponents {
1951                validator_server_handle,
1952                validator_overload_monitor_handle,
1953                consensus_manager,
1954                consensus_store_pruner,
1955                consensus_adapter,
1956                checkpoint_metrics,
1957                sui_tx_validator_metrics,
1958                admission_queue,
1959            }) = validator_components_lock_guard.take()
1960            {
1961                info!("Reconfiguring node (was running consensus).");
1962
1963                consensus_manager.shutdown().await;
1964                info!("Consensus has shut down.");
1965
1966                info!("Epoch store finished reconfiguration.");
1967
1968                // No other components should be holding a strong reference to state hasher
1969                // at this point. Confirm here before we swap in the new hasher.
1970                let global_state_hasher_metrics = Arc::into_inner(hasher)
1971                    .expect("Object state hasher should have no other references at this point")
1972                    .metrics();
1973                let new_hasher = Arc::new(GlobalStateHasher::new(
1974                    self.state.get_global_state_hash_store().clone(),
1975                    global_state_hasher_metrics,
1976                ));
1977                let weak_hasher = Arc::downgrade(&new_hasher);
1978                *hasher_guard = Some(new_hasher);
1979
1980                consensus_store_pruner.prune(next_epoch).await;
1981
1982                if new_role.runs_consensus() {
1983                    info!("Restarting consensus as {new_role}");
1984                    Some(
1985                        Self::start_epoch_specific_validator_components(
1986                            &self.config,
1987                            self.state.clone(),
1988                            consensus_adapter,
1989                            self.checkpoint_store.clone(),
1990                            new_epoch_store.clone(),
1991                            self.state_sync_handle.clone(),
1992                            self.randomness_handle.clone(),
1993                            self.randomness_receiver_handle.clone(),
1994                            consensus_manager,
1995                            consensus_store_pruner,
1996                            weak_hasher,
1997                            self.backpressure_manager.clone(),
1998                            validator_server_handle,
1999                            validator_overload_monitor_handle,
2000                            checkpoint_metrics,
2001                            self.metrics.clone(),
2002                            sui_tx_validator_metrics,
2003                            admission_queue,
2004                            new_role,
2005                        )
2006                        .await?,
2007                    )
2008                } else {
2009                    info!(
2010                        "This node has new role {new_role} and no longer runs consensus after reconfiguration"
2011                    );
2012                    None
2013                }
2014            } else {
2015                // No other components should be holding a strong reference to state hasher
2016                // at this point. Confirm here before we swap in the new hasher.
2017                let global_state_hasher_metrics = Arc::into_inner(hasher)
2018                    .expect("Object state hasher should have no other references at this point")
2019                    .metrics();
2020                let new_hasher = Arc::new(GlobalStateHasher::new(
2021                    self.state.get_global_state_hash_store().clone(),
2022                    global_state_hasher_metrics,
2023                ));
2024                let weak_hasher = Arc::downgrade(&new_hasher);
2025                *hasher_guard = Some(new_hasher);
2026
2027                if new_role.runs_consensus() {
2028                    info!("Promoting node to {new_role}, starting consensus components");
2029
2030                    let mut components = Self::construct_validator_components(
2031                        self.config.clone(),
2032                        self.state.clone(),
2033                        Arc::new(next_epoch_committee.clone()),
2034                        new_epoch_store.clone(),
2035                        self.checkpoint_store.clone(),
2036                        self.state_sync_handle.clone(),
2037                        self.randomness_handle.clone(),
2038                        weak_hasher,
2039                        self.backpressure_manager.clone(),
2040                        &self.registry_service,
2041                        self.metrics.clone(),
2042                        self.checkpoint_metrics.clone(),
2043                        new_role,
2044                        self.randomness_receiver_handle.clone(),
2045                    )
2046                    .await?;
2047
2048                    if new_role.is_validator() {
2049                        components.validator_server_handle = Some(
2050                            components
2051                                .validator_server_handle
2052                                .take()
2053                                .unwrap()
2054                                .start()
2055                                .await,
2056                        );
2057
2058                        self.endpoint_manager
2059                            .set_consensus_address_updater(components.consensus_manager.clone());
2060                    }
2061
2062                    Some(components)
2063                } else {
2064                    None
2065                }
2066            };
2067            *validator_components_lock_guard = new_validator_components;
2068
2069            // Force releasing current epoch store DB handle, because the
2070            // Arc<AuthorityPerEpochStore> may linger.
2071            cur_epoch_store.release_db_handles();
2072
2073            if cfg!(msim)
2074                && !matches!(
2075                    self.config
2076                        .authority_store_pruning_config
2077                        .num_epochs_to_retain_for_checkpoints(),
2078                    None | Some(u64::MAX) | Some(0)
2079                )
2080            {
2081                self.state
2082                    .prune_checkpoints_for_eligible_epochs_for_testing(
2083                        self.config.clone(),
2084                        sui_core::authority::authority_store_pruner::AuthorityStorePruningMetrics::new_for_test(),
2085                    )
2086                    .await?;
2087            }
2088
2089            epoch_store = new_epoch_store;
2090            info!("Reconfiguration finished");
2091        }
2092    }
2093
2094    async fn shutdown(&self) {
2095        if let Some(validator_components) = &*self.validator_components.lock().await {
2096            validator_components.consensus_manager.shutdown().await;
2097        }
2098    }
2099
2100    async fn reconfigure_state(
2101        &self,
2102        state: &Arc<AuthorityState>,
2103        cur_epoch_store: &AuthorityPerEpochStore,
2104        next_epoch_committee: Committee,
2105        next_epoch_start_system_state: EpochStartSystemState,
2106        global_state_hasher: Arc<GlobalStateHasher>,
2107    ) -> Arc<AuthorityPerEpochStore> {
2108        let next_epoch = next_epoch_committee.epoch();
2109
2110        let last_checkpoint = self
2111            .checkpoint_store
2112            .get_epoch_last_checkpoint(cur_epoch_store.epoch())
2113            .expect("Error loading last checkpoint for current epoch")
2114            .expect("Could not load last checkpoint for current epoch");
2115
2116        let last_checkpoint_seq = *last_checkpoint.sequence_number();
2117
2118        assert_eq!(
2119            Some(last_checkpoint_seq),
2120            self.checkpoint_store
2121                .get_highest_executed_checkpoint_seq_number()
2122                .expect("Error loading highest executed checkpoint sequence number")
2123        );
2124
2125        let epoch_start_configuration = EpochStartConfiguration::new(
2126            next_epoch_start_system_state,
2127            *last_checkpoint.digest(),
2128            state.get_object_store().as_ref(),
2129            EpochFlag::default_flags_for_new_epoch(&state.config),
2130        )
2131        .expect("EpochStartConfiguration construction cannot fail");
2132
2133        let new_epoch_store = self
2134            .state
2135            .reconfigure(
2136                cur_epoch_store,
2137                self.config.supported_protocol_versions.unwrap(),
2138                next_epoch_committee,
2139                epoch_start_configuration,
2140                global_state_hasher,
2141                &self.config.expensive_safety_check_config,
2142                last_checkpoint_seq,
2143            )
2144            .await
2145            .expect("Reconfigure authority state cannot fail");
2146        info!(next_epoch, "Node State has been reconfigured");
2147        assert_eq!(next_epoch, new_epoch_store.epoch());
2148        self.state.get_reconfig_api().update_epoch_flags_metrics(
2149            cur_epoch_store.epoch_start_config().flags(),
2150            new_epoch_store.epoch_start_config().flags(),
2151        );
2152
2153        new_epoch_store
2154    }
2155
2156    pub fn get_config(&self) -> &NodeConfig {
2157        &self.config
2158    }
2159
2160    pub fn randomness_handle(&self) -> randomness::Handle {
2161        self.randomness_handle.clone()
2162    }
2163
2164    pub fn state_sync_handle(&self) -> state_sync::Handle {
2165        self.state_sync_handle.clone()
2166    }
2167
2168    pub fn endpoint_manager(&self) -> &EndpointManager {
2169        &self.endpoint_manager
2170    }
2171
2172    /// Get a short prefix of a digest for metric labels
2173    fn get_digest_prefix(digest: impl std::fmt::Display) -> String {
2174        let digest_str = digest.to_string();
2175        if digest_str.len() >= 8 {
2176            digest_str[0..8].to_string()
2177        } else {
2178            digest_str
2179        }
2180    }
2181
2182    /// Check for previously detected forks and handle them appropriately.
2183    /// For validators with fork recovery config, clear the fork if it matches the recovery config.
2184    /// For all other cases, block node startup if a fork is detected.
2185    async fn check_and_recover_forks(
2186        checkpoint_store: &CheckpointStore,
2187        checkpoint_metrics: &CheckpointMetrics,
2188        fork_recovery: Option<&ForkRecoveryConfig>,
2189    ) -> Result<()> {
2190        // Try to recover from forks if recovery config is provided
2191        if let Some(recovery) = fork_recovery {
2192            Self::try_recover_checkpoint_fork(checkpoint_store, recovery)?;
2193            Self::try_recover_transaction_fork(checkpoint_store, recovery)?;
2194        }
2195
2196        if let Some((checkpoint_seq, checkpoint_digest)) = checkpoint_store
2197            .get_checkpoint_fork_detected()
2198            .map_err(|e| {
2199                error!("Failed to check for checkpoint fork: {:?}", e);
2200                e
2201            })?
2202        {
2203            Self::handle_checkpoint_fork(
2204                checkpoint_seq,
2205                checkpoint_digest,
2206                checkpoint_metrics,
2207                fork_recovery,
2208            )
2209            .await?;
2210        }
2211        if let Some((tx_digest, expected_effects, actual_effects)) = checkpoint_store
2212            .get_transaction_fork_detected()
2213            .map_err(|e| {
2214                error!("Failed to check for transaction fork: {:?}", e);
2215                e
2216            })?
2217        {
2218            Self::handle_transaction_fork(
2219                tx_digest,
2220                expected_effects,
2221                actual_effects,
2222                checkpoint_metrics,
2223                fork_recovery,
2224            )
2225            .await?;
2226        }
2227
2228        Ok(())
2229    }
2230
2231    fn try_recover_checkpoint_fork(
2232        checkpoint_store: &CheckpointStore,
2233        recovery: &ForkRecoveryConfig,
2234    ) -> Result<()> {
2235        // If configured overrides include a checkpoint whose locally computed digest mismatches,
2236        // clear locally computed checkpoints from that sequence (inclusive).
2237        for (seq, expected_digest_str) in &recovery.checkpoint_overrides {
2238            let Ok(expected_digest) = CheckpointDigest::from_str(expected_digest_str) else {
2239                anyhow::bail!(
2240                    "Invalid checkpoint digest override for seq {}: {}",
2241                    seq,
2242                    expected_digest_str
2243                );
2244            };
2245
2246            if let Some(local_summary) = checkpoint_store.get_locally_computed_checkpoint(*seq)? {
2247                let local_digest = sui_types::message_envelope::Message::digest(&local_summary);
2248                if local_digest != expected_digest {
2249                    info!(
2250                        seq,
2251                        local = %Self::get_digest_prefix(local_digest),
2252                        expected = %Self::get_digest_prefix(expected_digest),
2253                        "Fork recovery: clearing locally_computed_checkpoints from {} due to digest mismatch",
2254                        seq
2255                    );
2256                    checkpoint_store
2257                        .clear_locally_computed_checkpoints_from(*seq)
2258                        .context(
2259                            "Failed to clear locally computed checkpoints from override seq",
2260                        )?;
2261                }
2262            }
2263        }
2264
2265        if let Some((checkpoint_seq, checkpoint_digest)) =
2266            checkpoint_store.get_checkpoint_fork_detected()?
2267            && recovery.checkpoint_overrides.contains_key(&checkpoint_seq)
2268        {
2269            info!(
2270                "Fork recovery enabled: clearing checkpoint fork at seq {} with digest {:?}",
2271                checkpoint_seq, checkpoint_digest
2272            );
2273            checkpoint_store
2274                .clear_checkpoint_fork_detected()
2275                .expect("Failed to clear checkpoint fork detected marker");
2276        }
2277        Ok(())
2278    }
2279
2280    fn try_recover_transaction_fork(
2281        checkpoint_store: &CheckpointStore,
2282        recovery: &ForkRecoveryConfig,
2283    ) -> Result<()> {
2284        if recovery.transaction_overrides.is_empty() {
2285            return Ok(());
2286        }
2287
2288        if let Some((tx_digest, _, _)) = checkpoint_store.get_transaction_fork_detected()?
2289            && recovery
2290                .transaction_overrides
2291                .contains_key(&tx_digest.to_string())
2292        {
2293            info!(
2294                "Fork recovery enabled: clearing transaction fork for tx {:?}",
2295                tx_digest
2296            );
2297            checkpoint_store
2298                .clear_transaction_fork_detected()
2299                .expect("Failed to clear transaction fork detected marker");
2300        }
2301        Ok(())
2302    }
2303
2304    fn get_current_timestamp() -> u64 {
2305        std::time::SystemTime::now()
2306            .duration_since(std::time::SystemTime::UNIX_EPOCH)
2307            .unwrap()
2308            .as_secs()
2309    }
2310
2311    async fn handle_checkpoint_fork(
2312        checkpoint_seq: u64,
2313        checkpoint_digest: CheckpointDigest,
2314        checkpoint_metrics: &CheckpointMetrics,
2315        fork_recovery: Option<&ForkRecoveryConfig>,
2316    ) -> Result<()> {
2317        checkpoint_metrics
2318            .checkpoint_fork_crash_mode
2319            .with_label_values(&[
2320                &checkpoint_seq.to_string(),
2321                &Self::get_digest_prefix(checkpoint_digest),
2322                &Self::get_current_timestamp().to_string(),
2323            ])
2324            .set(1);
2325
2326        let behavior = fork_recovery
2327            .map(|fr| fr.fork_crash_behavior)
2328            .unwrap_or_default();
2329
2330        match behavior {
2331            ForkCrashBehavior::AwaitForkRecovery => {
2332                error!(
2333                    checkpoint_seq = checkpoint_seq,
2334                    checkpoint_digest = ?checkpoint_digest,
2335                    "Checkpoint fork detected! Node startup halted. Sleeping indefinitely."
2336                );
2337                futures::future::pending::<()>().await;
2338                unreachable!("pending() should never return");
2339            }
2340            ForkCrashBehavior::ReturnError => {
2341                error!(
2342                    checkpoint_seq = checkpoint_seq,
2343                    checkpoint_digest = ?checkpoint_digest,
2344                    "Checkpoint fork detected! Returning error."
2345                );
2346                Err(anyhow::anyhow!(
2347                    "Checkpoint fork detected! checkpoint_seq: {}, checkpoint_digest: {:?}",
2348                    checkpoint_seq,
2349                    checkpoint_digest
2350                ))
2351            }
2352        }
2353    }
2354
2355    async fn handle_transaction_fork(
2356        tx_digest: TransactionDigest,
2357        expected_effects_digest: TransactionEffectsDigest,
2358        actual_effects_digest: TransactionEffectsDigest,
2359        checkpoint_metrics: &CheckpointMetrics,
2360        fork_recovery: Option<&ForkRecoveryConfig>,
2361    ) -> Result<()> {
2362        checkpoint_metrics
2363            .transaction_fork_crash_mode
2364            .with_label_values(&[
2365                &Self::get_digest_prefix(tx_digest),
2366                &Self::get_digest_prefix(expected_effects_digest),
2367                &Self::get_digest_prefix(actual_effects_digest),
2368                &Self::get_current_timestamp().to_string(),
2369            ])
2370            .set(1);
2371
2372        let behavior = fork_recovery
2373            .map(|fr| fr.fork_crash_behavior)
2374            .unwrap_or_default();
2375
2376        match behavior {
2377            ForkCrashBehavior::AwaitForkRecovery => {
2378                error!(
2379                    tx_digest = ?tx_digest,
2380                    expected_effects_digest = ?expected_effects_digest,
2381                    actual_effects_digest = ?actual_effects_digest,
2382                    "Transaction fork detected! Node startup halted. Sleeping indefinitely."
2383                );
2384                futures::future::pending::<()>().await;
2385                unreachable!("pending() should never return");
2386            }
2387            ForkCrashBehavior::ReturnError => {
2388                error!(
2389                    tx_digest = ?tx_digest,
2390                    expected_effects_digest = ?expected_effects_digest,
2391                    actual_effects_digest = ?actual_effects_digest,
2392                    "Transaction fork detected! Returning error."
2393                );
2394                Err(anyhow::anyhow!(
2395                    "Transaction fork detected! tx_digest: {:?}, expected_effects: {:?}, actual_effects: {:?}",
2396                    tx_digest,
2397                    expected_effects_digest,
2398                    actual_effects_digest
2399                ))
2400            }
2401        }
2402    }
2403}
2404
2405#[cfg(not(msim))]
2406impl SuiNode {
2407    async fn fetch_jwks(
2408        _authority: AuthorityName,
2409        provider: &OIDCProvider,
2410    ) -> SuiResult<Vec<(JwkId, JWK)>> {
2411        use fastcrypto_zkp::bn254::zk_login::fetch_jwks;
2412        use sui_types::error::SuiErrorKind;
2413        let client = reqwest::Client::new();
2414        fetch_jwks(provider, &client, true)
2415            .await
2416            .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
2417    }
2418}
2419
2420#[cfg(msim)]
2421impl SuiNode {
2422    pub fn get_sim_node_id(&self) -> sui_simulator::task::NodeId {
2423        self.sim_state.sim_node.id()
2424    }
2425
2426    pub fn set_safe_mode_expected(&self, new_value: bool) {
2427        info!("Setting safe mode expected to {}", new_value);
2428        self.sim_state
2429            .sim_safe_mode_expected
2430            .store(new_value, Ordering::Relaxed);
2431    }
2432
2433    #[allow(unused_variables)]
2434    async fn fetch_jwks(
2435        authority: AuthorityName,
2436        provider: &OIDCProvider,
2437    ) -> SuiResult<Vec<(JwkId, JWK)>> {
2438        get_jwk_injector()(authority, provider)
2439    }
2440}
2441
2442enum SpawnOnce {
2443    // Mutex is only needed to make SpawnOnce Send
2444    Unstarted(oneshot::Receiver<()>, Mutex<BoxFuture<'static, ()>>),
2445    #[allow(unused)]
2446    Started(JoinHandle<()>),
2447}
2448
2449impl SpawnOnce {
2450    pub fn new(
2451        ready_rx: oneshot::Receiver<()>,
2452        future: impl Future<Output = ()> + Send + 'static,
2453    ) -> Self {
2454        Self::Unstarted(ready_rx, Mutex::new(Box::pin(future)))
2455    }
2456
2457    pub async fn start(self) -> Self {
2458        match self {
2459            Self::Unstarted(ready_rx, future) => {
2460                let future = future.into_inner();
2461                let handle = tokio::spawn(future);
2462                ready_rx.await.unwrap();
2463                Self::Started(handle)
2464            }
2465            Self::Started(_) => self,
2466        }
2467    }
2468}
2469
2470/// Updates trusted peer addresses in the p2p network (for nodes configured as validators).
2471/// When `prev_epoch_start_state` is provided, validators that are no longer in the committee
2472/// have their Chain addresses cleared.
2473fn update_peer_addresses(
2474    config: &NodeConfig,
2475    endpoint_manager: &EndpointManager,
2476    epoch_start_state: &EpochStartSystemState,
2477    prev_epoch_start_state: Option<&EpochStartSystemState>,
2478) {
2479    if config.consensus_config().is_none() {
2480        return;
2481    }
2482    let new_peers: HashSet<PeerId> = epoch_start_state
2483        .get_validator_as_p2p_peers(config.protocol_public_key())
2484        .into_iter()
2485        .map(|(peer_id, address)| {
2486            endpoint_manager
2487                .update_endpoint(
2488                    EndpointId::P2p(peer_id),
2489                    AddressSource::Chain,
2490                    vec![address],
2491                )
2492                .expect("Updating peer addresses should not fail");
2493            peer_id
2494        })
2495        .collect();
2496
2497    // Clear Chain addresses for validators that left the committee.
2498    if let Some(prev) = prev_epoch_start_state {
2499        for (peer_id, _) in prev.get_validator_as_p2p_peers(config.protocol_public_key()) {
2500            if !new_peers.contains(&peer_id) {
2501                endpoint_manager
2502                    .update_endpoint(EndpointId::P2p(peer_id), AddressSource::Chain, vec![])
2503                    .expect("Clearing peer addresses should not fail");
2504            }
2505        }
2506    }
2507}
2508
2509fn build_kv_store(
2510    state: &Arc<AuthorityState>,
2511    config: &NodeConfig,
2512    registry: &Registry,
2513) -> Result<Arc<TransactionKeyValueStore>> {
2514    let metrics = KeyValueStoreMetrics::new(registry);
2515    let db_store = TransactionKeyValueStore::new("rocksdb", metrics.clone(), state.clone());
2516
2517    let base_url = &config.transaction_kv_store_read_config.base_url;
2518
2519    if base_url.is_empty() {
2520        info!("no http kv store url provided, using local db only");
2521        return Ok(Arc::new(db_store));
2522    }
2523
2524    let base_url: url::Url = base_url.parse().tap_err(|e| {
2525        error!(
2526            "failed to parse config.transaction_kv_store_config.base_url ({:?}) as url: {}",
2527            base_url, e
2528        )
2529    })?;
2530
2531    let network_str = match state.get_chain_identifier().chain() {
2532        Chain::Mainnet => "/mainnet",
2533        _ => {
2534            info!("using local db only for kv store");
2535            return Ok(Arc::new(db_store));
2536        }
2537    };
2538
2539    let base_url = base_url.join(network_str)?.to_string();
2540    let http_store = HttpKVStore::new_kv(
2541        &base_url,
2542        config.transaction_kv_store_read_config.cache_size,
2543        metrics.clone(),
2544    )?;
2545    info!("using local key-value store with fallback to http key-value store");
2546    Ok(Arc::new(FallbackTransactionKVStore::new_kv(
2547        db_store,
2548        http_store,
2549        metrics,
2550        "json_rpc_fallback",
2551    )))
2552}
2553
2554async fn build_json_rpc_router(
2555    state: &Arc<AuthorityState>,
2556    transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2557    config: &NodeConfig,
2558    prometheus_registry: &Registry,
2559) -> Result<axum::Router> {
2560    let traffic_controller = state.traffic_controller.clone();
2561    let mut server = JsonRpcServerBuilder::new(
2562        env!("CARGO_PKG_VERSION"),
2563        prometheus_registry,
2564        traffic_controller,
2565        config.policy_config.clone(),
2566    );
2567
2568    let kv_store = build_kv_store(state, config, prometheus_registry)?;
2569
2570    let metrics = Arc::new(JsonRpcMetrics::new(prometheus_registry));
2571    server.register_module(ReadApi::new(
2572        state.clone(),
2573        kv_store.clone(),
2574        metrics.clone(),
2575    ))?;
2576    server.register_module(CoinReadApi::new(
2577        state.clone(),
2578        kv_store.clone(),
2579        metrics.clone(),
2580    ))?;
2581
2582    // if run_with_range is enabled we want to prevent any transactions
2583    // run_with_range = None is normal operating conditions
2584    if config.run_with_range.is_none() {
2585        server.register_module(TransactionBuilderApi::new(state.clone()))?;
2586    }
2587    server.register_module(GovernanceReadApi::new(state.clone(), metrics.clone()))?;
2588    server.register_module(BridgeReadApi::new(state.clone(), metrics.clone()))?;
2589
2590    if let Some(transaction_orchestrator) = transaction_orchestrator {
2591        server.register_module(TransactionExecutionApi::new(
2592            state.clone(),
2593            transaction_orchestrator.clone(),
2594            metrics.clone(),
2595        ))?;
2596    }
2597
2598    let name_service_config = if let (
2599        Some(package_address),
2600        Some(registry_id),
2601        Some(reverse_registry_id),
2602    ) = (
2603        config.name_service_package_address,
2604        config.name_service_registry_id,
2605        config.name_service_reverse_registry_id,
2606    ) {
2607        sui_name_service::NameServiceConfig::new(package_address, registry_id, reverse_registry_id)
2608    } else {
2609        match state.get_chain_identifier().chain() {
2610            Chain::Mainnet => sui_name_service::NameServiceConfig::mainnet(),
2611            Chain::Testnet => sui_name_service::NameServiceConfig::testnet(),
2612            Chain::Unknown => sui_name_service::NameServiceConfig::default(),
2613        }
2614    };
2615
2616    server.register_module(IndexerApi::new(
2617        state.clone(),
2618        ReadApi::new(state.clone(), kv_store.clone(), metrics.clone()),
2619        kv_store,
2620        name_service_config,
2621        metrics,
2622        config.indexer_max_subscriptions,
2623    ))?;
2624    server.register_module(MoveUtils::new(state.clone()))?;
2625
2626    let server_type = config.jsonrpc_server_type();
2627
2628    Ok(server.to_router(server_type).await?)
2629}
2630
2631/// Remove the on-disk directory of the legacy `rpc-index` backend.
2632///
2633/// The embedded `sui-rpc-store` replaced the `RpcIndexStore` backend, which
2634/// wrote to `<db_path>/rpc-index`; that data is now dead. Remove it on startup
2635/// so a node upgraded from an older version does not leave it lingering and
2636/// wasting disk. Best-effort: a node that never ran the legacy backend has
2637/// nothing to remove, and a failure to remove stale data must not block
2638/// startup.
2639fn remove_legacy_rpc_index_store(db_path: &Path) {
2640    let legacy_dir = db_path.join("rpc-index");
2641    match std::fs::remove_dir_all(&legacy_dir) {
2642        Ok(()) => info!(
2643            "removed legacy rpc-index directory {}",
2644            legacy_dir.display()
2645        ),
2646        // The common case: the node never ran the legacy backend, or it was
2647        // already cleaned up on a prior startup.
2648        Err(e) if e.kind() == std::io::ErrorKind::NotFound => {}
2649        Err(e) => warn!(
2650            "failed to remove legacy rpc-index directory {}: {e:?}",
2651            legacy_dir.display()
2652        ),
2653    }
2654}
2655
2656async fn build_http_servers(
2657    state: Arc<AuthorityState>,
2658    store: RocksDbStore,
2659    transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2660    config: &NodeConfig,
2661    prometheus_registry: &Registry,
2662    server_version: ServerVersion,
2663    node_role: NodeRole,
2664    embedded_rpc_store: Option<&EmbeddedRpcStore>,
2665) -> Result<(
2666    HttpServers,
2667    Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
2668)> {
2669    // Validators do not expose these APIs
2670    if !node_role.is_fullnode() {
2671        return Ok((HttpServers::default(), None));
2672    }
2673
2674    info!("starting rpc service with config: {:?}", config.rpc);
2675
2676    let mut router = axum::Router::new();
2677
2678    // The JSON-RPC service can be disabled independently of the gRPC/REST
2679    // service and of JSON-RPC indexing, so that a node can keep indexing
2680    // without exposing the JSON-RPC endpoints.
2681    if config.json_rpc_enabled() {
2682        router = router.merge(
2683            build_json_rpc_router(
2684                &state,
2685                transaction_orchestrator,
2686                config,
2687                prometheus_registry,
2688            )
2689            .await?,
2690        );
2691    } else {
2692        info!("json-rpc service is disabled");
2693    }
2694
2695    // When the embedded rpc-store is active, gate checkpoint delivery on the
2696    // index so a client that waits for a checkpoint can immediately read its
2697    // indexed state (matching the legacy synchronously-committed index).
2698    let indexed_checkpoint = embedded_rpc_store.map(|embedded| embedded.indexed_checkpoint_fn());
2699    let (subscription_service_checkpoint_sender, subscription_service_handle) =
2700        SubscriptionService::build(prometheus_registry, indexed_checkpoint);
2701    let rpc_router = {
2702        // Serve the index read paths from the embedded rpc-store when it
2703        // is enabled. Raw chain data comes from the perpetual / checkpoint
2704        // stores either way.
2705        let reader: Arc<dyn RpcStateReader> = match embedded_rpc_store {
2706            Some(embedded) => Arc::new(RpcStoreReadStore::new(
2707                state.clone(),
2708                store,
2709                embedded.reader(),
2710            )),
2711            None => Arc::new(RestReadStore::new(state.clone(), store)),
2712        };
2713        let mut rpc_service = sui_rpc_api::RpcService::new(reader);
2714        rpc_service.with_server_version(server_version);
2715
2716        if let Some(config) = config.rpc.clone() {
2717            config.validate()?;
2718            rpc_service.with_config(config);
2719        }
2720
2721        rpc_service.with_metrics(RpcMetrics::new(prometheus_registry));
2722        rpc_service.with_subscription_service(subscription_service_handle);
2723
2724        if let Some(transaction_orchestrator) = transaction_orchestrator {
2725            rpc_service.with_executor(transaction_orchestrator.clone())
2726        }
2727
2728        rpc_service.into_router().await
2729    };
2730
2731    let layers = ServiceBuilder::new()
2732        .map_request(|mut request: axum::http::Request<_>| {
2733            if let Some(connect_info) = request.extensions().get::<sui_http::ConnectInfo>() {
2734                let axum_connect_info = axum::extract::ConnectInfo(connect_info.remote_addr);
2735                request.extensions_mut().insert(axum_connect_info);
2736            }
2737            request
2738        })
2739        .layer(axum::middleware::from_fn(server_timing_middleware))
2740        // Setup a permissive CORS policy
2741        .layer(
2742            tower_http::cors::CorsLayer::new()
2743                .allow_methods([http::Method::GET, http::Method::POST])
2744                .allow_origin(tower_http::cors::Any)
2745                .allow_headers(tower_http::cors::Any)
2746                .expose_headers(tower_http::cors::Any),
2747        );
2748
2749    router = router.merge(rpc_router).layer(layers);
2750
2751    let https = if let Some((tls_config, https_address)) = config
2752        .rpc()
2753        .and_then(|config| config.tls_config().map(|tls| (tls, config.https_address())))
2754    {
2755        let https = sui_http::Builder::new()
2756            .tls_single_cert(tls_config.cert(), tls_config.key())
2757            .and_then(|builder| builder.serve(https_address, router.clone()))
2758            .map_err(|e| anyhow::anyhow!(e))?;
2759
2760        info!(
2761            https_address =? https.local_addr(),
2762            "HTTPS rpc server listening on {}",
2763            https.local_addr()
2764        );
2765
2766        Some(https)
2767    } else {
2768        None
2769    };
2770
2771    let http = sui_http::Builder::new()
2772        .serve(&config.json_rpc_address, router)
2773        .map_err(|e| anyhow::anyhow!(e))?;
2774
2775    info!(
2776        http_address =? http.local_addr(),
2777        "HTTP rpc server listening on {}",
2778        http.local_addr()
2779    );
2780
2781    Ok((
2782        HttpServers {
2783            http: Some(http),
2784            https,
2785        },
2786        Some(subscription_service_checkpoint_sender),
2787    ))
2788}
2789
2790#[derive(Default)]
2791struct HttpServers {
2792    #[allow(unused)]
2793    http: Option<sui_http::ServerHandle>,
2794    #[allow(unused)]
2795    https: Option<sui_http::ServerHandle>,
2796}
2797
2798#[cfg(test)]
2799mod tests {
2800    use super::*;
2801    use prometheus::Registry;
2802    use std::collections::BTreeMap;
2803    use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
2804    use sui_core::checkpoints::{CheckpointMetrics, CheckpointStore};
2805    use sui_types::digests::{CheckpointDigest, TransactionDigest, TransactionEffectsDigest};
2806
2807    // A present legacy `rpc-index` directory is removed, while its siblings
2808    // (notably the still-used jsonrpc `indexes` store) are left untouched, and a
2809    // missing directory is a no-op.
2810    #[test]
2811    fn removes_only_the_legacy_rpc_index_directory() {
2812        let db = tempfile::tempdir().unwrap();
2813        let legacy = db.path().join("rpc-index");
2814        let sibling = db.path().join("indexes");
2815        std::fs::create_dir(&legacy).unwrap();
2816        std::fs::create_dir(&sibling).unwrap();
2817        std::fs::write(legacy.join("CURRENT"), b"stale").unwrap();
2818
2819        remove_legacy_rpc_index_store(db.path());
2820        assert!(
2821            !legacy.exists(),
2822            "legacy rpc-index directory should be gone"
2823        );
2824        assert!(sibling.exists(), "sibling stores must be left untouched");
2825
2826        // Idempotent: a second run (nothing to remove) does not error or touch
2827        // the siblings.
2828        remove_legacy_rpc_index_store(db.path());
2829        assert!(!legacy.exists());
2830        assert!(sibling.exists());
2831    }
2832
2833    #[tokio::test]
2834    async fn test_fork_error_and_recovery_both_paths() {
2835        let checkpoint_store = CheckpointStore::new_for_tests();
2836        let checkpoint_metrics = CheckpointMetrics::new(&Registry::new());
2837
2838        // ---------- Checkpoint fork path ----------
2839        let seq_num = 42;
2840        let digest = CheckpointDigest::random();
2841        checkpoint_store
2842            .record_checkpoint_fork_detected(seq_num, digest)
2843            .unwrap();
2844
2845        let fork_recovery = ForkRecoveryConfig {
2846            transaction_overrides: Default::default(),
2847            checkpoint_overrides: Default::default(),
2848            fork_crash_behavior: ForkCrashBehavior::ReturnError,
2849        };
2850
2851        let r = SuiNode::check_and_recover_forks(
2852            &checkpoint_store,
2853            &checkpoint_metrics,
2854            Some(&fork_recovery),
2855        )
2856        .await;
2857        assert!(r.is_err());
2858        assert!(
2859            r.unwrap_err()
2860                .to_string()
2861                .contains("Checkpoint fork detected")
2862        );
2863
2864        let mut checkpoint_overrides = BTreeMap::new();
2865        checkpoint_overrides.insert(seq_num, digest.to_string());
2866        let fork_recovery_with_override = ForkRecoveryConfig {
2867            transaction_overrides: Default::default(),
2868            checkpoint_overrides,
2869            fork_crash_behavior: ForkCrashBehavior::ReturnError,
2870        };
2871        let r = SuiNode::check_and_recover_forks(
2872            &checkpoint_store,
2873            &checkpoint_metrics,
2874            Some(&fork_recovery_with_override),
2875        )
2876        .await;
2877        assert!(r.is_ok());
2878        assert!(
2879            checkpoint_store
2880                .get_checkpoint_fork_detected()
2881                .unwrap()
2882                .is_none()
2883        );
2884
2885        // ---------- Transaction fork path ----------
2886        let tx_digest = TransactionDigest::random();
2887        let expected_effects = TransactionEffectsDigest::random();
2888        let actual_effects = TransactionEffectsDigest::random();
2889        checkpoint_store
2890            .record_transaction_fork_detected(tx_digest, expected_effects, actual_effects)
2891            .unwrap();
2892
2893        let fork_recovery = ForkRecoveryConfig {
2894            transaction_overrides: Default::default(),
2895            checkpoint_overrides: Default::default(),
2896            fork_crash_behavior: ForkCrashBehavior::ReturnError,
2897        };
2898        let r = SuiNode::check_and_recover_forks(
2899            &checkpoint_store,
2900            &checkpoint_metrics,
2901            Some(&fork_recovery),
2902        )
2903        .await;
2904        assert!(r.is_err());
2905        assert!(
2906            r.unwrap_err()
2907                .to_string()
2908                .contains("Transaction fork detected")
2909        );
2910
2911        let mut transaction_overrides = BTreeMap::new();
2912        transaction_overrides.insert(tx_digest.to_string(), actual_effects.to_string());
2913        let fork_recovery_with_override = ForkRecoveryConfig {
2914            transaction_overrides,
2915            checkpoint_overrides: Default::default(),
2916            fork_crash_behavior: ForkCrashBehavior::ReturnError,
2917        };
2918        let r = SuiNode::check_and_recover_forks(
2919            &checkpoint_store,
2920            &checkpoint_metrics,
2921            Some(&fork_recovery_with_override),
2922        )
2923        .await;
2924        assert!(r.is_ok());
2925        assert!(
2926            checkpoint_store
2927                .get_transaction_fork_detected()
2928                .unwrap()
2929                .is_none()
2930        );
2931    }
2932}