sui_node/
lib.rs

1// Copyright (c) Mysten Labs, Inc.
2// SPDX-License-Identifier: Apache-2.0
3
4use anemo::Network;
5use anemo::PeerId;
6use anemo_tower::callback::CallbackLayer;
7use anemo_tower::trace::DefaultMakeSpan;
8use anemo_tower::trace::DefaultOnFailure;
9use anemo_tower::trace::TraceLayer;
10use anyhow::Context;
11use anyhow::Result;
12use anyhow::anyhow;
13use arc_swap::ArcSwap;
14use fastcrypto_zkp::bn254::zk_login::JwkId;
15use fastcrypto_zkp::bn254::zk_login::OIDCProvider;
16use futures::future::BoxFuture;
17use mysten_common::in_test_configuration;
18use prometheus::Registry;
19use std::collections::{BTreeSet, HashMap, HashSet};
20use std::fmt;
21use std::future::Future;
22use std::path::Path;
23use std::path::PathBuf;
24use std::str::FromStr;
25#[cfg(msim)]
26use std::sync::atomic::Ordering;
27use std::sync::{Arc, Weak};
28use std::time::Duration;
29use sui_core::admission_queue::{
30    AdmissionQueueContext, AdmissionQueueManager, AdmissionQueueMetrics,
31};
32use sui_core::authority::ExecutionEnv;
33use sui_core::authority::authority_store_tables::AuthorityPerpetualTablesOptions;
34use sui_core::authority::backpressure::BackpressureManager;
35use sui_core::authority::epoch_start_configuration::EpochFlag;
36use sui_core::authority::execution_time_estimator::ExecutionTimeObserver;
37use sui_core::consensus_adapter::ConsensusClient;
38use sui_core::consensus_manager::UpdatableConsensusClient;
39use sui_core::epoch::randomness::RandomnessManager;
40use sui_core::execution_cache::build_execution_cache;
41use sui_core::randomness_round_receiver::{RandomnessRoundReceiver, RandomnessRoundReceiverHandle};
42use sui_network::endpoint_manager::{AddressSource, EndpointId};
43use sui_network::validator::server::SUI_TLS_SERVER_NAME;
44use sui_types::full_checkpoint_content::Checkpoint;
45use sui_types::node_role::NodeRole;
46
47use sui_core::global_state_hasher::GlobalStateHashMetrics;
48use sui_core::storage::RestReadStore;
49use sui_json_rpc::bridge_api::BridgeReadApi;
50use sui_json_rpc_api::JsonRpcMetrics;
51use sui_network::randomness;
52use sui_rpc_api::RpcMetrics;
53use sui_rpc_api::ServerVersion;
54use sui_rpc_api::subscription::SubscriptionService;
55use sui_types::base_types::ConciseableName;
56use sui_types::crypto::RandomnessRound;
57use sui_types::digests::{
58    ChainIdentifier, CheckpointDigest, TransactionDigest, TransactionEffectsDigest,
59};
60use sui_types::messages_consensus::AuthorityCapabilitiesV2;
61use sui_types::sui_system_state::SuiSystemState;
62use tap::tap::TapFallible;
63use tokio::sync::oneshot;
64use tokio::sync::{Mutex, broadcast, mpsc};
65use tokio::task::JoinHandle;
66use tower::ServiceBuilder;
67use tracing::{Instrument, error_span, info};
68use tracing::{debug, error, warn};
69
70// Logs at debug level in test configuration, info level otherwise.
71// JWK logs cause significant volume in tests, but are insignificant in prod,
72// so we keep them at info
73macro_rules! jwk_log {
74    ($($arg:tt)+) => {
75        if in_test_configuration() {
76            debug!($($arg)+);
77        } else {
78            info!($($arg)+);
79        }
80    };
81}
82
83use fastcrypto_zkp::bn254::zk_login::JWK;
84pub use handle::SuiNodeHandle;
85use mysten_metrics::{RegistryService, spawn_monitored_task};
86use mysten_service::server_timing::server_timing_middleware;
87use sui_config::node::{DBCheckpointConfig, RunWithRange};
88use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
89use sui_config::node_config_metrics::NodeConfigMetrics;
90use sui_config::{ConsensusConfig, NodeConfig};
91use sui_core::authority::authority_per_epoch_store::AuthorityPerEpochStore;
92use sui_core::authority::authority_store_tables::AuthorityPerpetualTables;
93use sui_core::authority::epoch_start_configuration::EpochStartConfigTrait;
94use sui_core::authority::epoch_start_configuration::EpochStartConfiguration;
95use sui_core::authority::submitted_transaction_cache::SubmittedTransactionCacheMetrics;
96use sui_core::authority_aggregator::AuthorityAggregator;
97use sui_core::authority_server::{ValidatorService, ValidatorServiceMetrics};
98use sui_core::checkpoints::checkpoint_executor::metrics::CheckpointExecutorMetrics;
99use sui_core::checkpoints::checkpoint_executor::{CheckpointExecutor, StopReason};
100use sui_core::checkpoints::{
101    CheckpointMetrics, CheckpointOutput, CheckpointService, CheckpointStore, LogCheckpointOutput,
102    SendCheckpointToStateSync, SubmitCheckpointToConsensus,
103};
104use sui_core::consensus_adapter::{ConsensusAdapter, ConsensusAdapterMetrics};
105use sui_core::consensus_manager::ConsensusManager;
106use sui_core::consensus_throughput_calculator::ConsensusThroughputCalculator;
107use sui_core::consensus_validator::{SuiTxValidator, SuiTxValidatorMetrics};
108use sui_core::db_checkpoint_handler::DBCheckpointHandler;
109use sui_core::epoch::committee_store::CommitteeStore;
110use sui_core::epoch::consensus_store_pruner::ConsensusStorePruner;
111use sui_core::epoch::epoch_metrics::EpochMetrics;
112use sui_core::epoch::reconfiguration::ReconfigurationInitiator;
113use sui_core::global_state_hasher::GlobalStateHasher;
114use sui_core::jsonrpc_index::IndexStore;
115use sui_core::module_cache_metrics::ResolverMetrics;
116use sui_core::overload_monitor::overload_monitor;
117use sui_core::rpc_store_embed::EmbeddedRpcStore;
118use sui_core::signature_verifier::SignatureVerifierMetrics;
119use sui_core::storage::RocksDbStore;
120use sui_core::storage::RpcStoreReadStore;
121use sui_core::transaction_orchestrator::TransactionOrchestrator;
122use sui_core::{
123    authority::{AuthorityState, AuthorityStore},
124    authority_client::NetworkAuthorityClient,
125};
126use sui_json_rpc::JsonRpcServerBuilder;
127use sui_json_rpc::coin_api::CoinReadApi;
128use sui_json_rpc::governance_api::GovernanceReadApi;
129use sui_json_rpc::indexer_api::IndexerApi;
130use sui_json_rpc::move_utils::MoveUtils;
131use sui_json_rpc::read_api::ReadApi;
132use sui_json_rpc::transaction_builder_api::TransactionBuilderApi;
133use sui_json_rpc::transaction_execution_api::TransactionExecutionApi;
134use sui_macros::fail_point;
135use sui_macros::{fail_point_async, replay_log};
136use sui_network::api::ValidatorServer;
137use sui_network::discovery;
138use sui_network::endpoint_manager::EndpointManager;
139use sui_network::state_sync;
140use sui_network::validator::server::ServerBuilder;
141use sui_protocol_config::{Chain, ProtocolConfig, ProtocolVersion};
142use sui_snapshot::uploader::StateSnapshotUploader;
143use sui_storage::{
144    http_key_value_store::HttpKVStore,
145    key_value_store::{FallbackTransactionKVStore, TransactionKeyValueStore},
146    key_value_store_metrics::KeyValueStoreMetrics,
147};
148use sui_types::base_types::{AuthorityName, EpochId};
149use sui_types::committee::Committee;
150use sui_types::crypto::KeypairTraits;
151use sui_types::error::{SuiError, SuiResult};
152use sui_types::messages_consensus::{ConsensusTransaction, check_total_jwk_size};
153use sui_types::storage::RpcStateReader;
154use sui_types::sui_system_state::SuiSystemStateTrait;
155use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemState;
156use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemStateTrait;
157use sui_types::supported_protocol_versions::SupportedProtocolVersions;
158use typed_store::DBMetrics;
159use typed_store::rocks::default_db_options;
160
161use crate::metrics::{GrpcMetrics, SuiNodeMetrics};
162
163pub mod address_prober;
164pub mod admin;
165pub mod db_shell;
166mod handle;
167pub mod metrics;
168
169pub struct ValidatorComponents {
170    validator_server_handle: Option<SpawnOnce>,
171    validator_overload_monitor_handle: Option<JoinHandle<()>>,
172    consensus_manager: Arc<ConsensusManager>,
173    consensus_store_pruner: ConsensusStorePruner,
174    consensus_adapter: Arc<ConsensusAdapter>,
175    checkpoint_metrics: Arc<CheckpointMetrics>,
176    sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
177    admission_queue: Option<AdmissionQueueContext>,
178}
179
180pub struct P2pComponents {
181    p2p_network: Network,
182    known_peers: HashMap<PeerId, String>,
183    discovery_handle: discovery::Handle,
184    state_sync_handle: state_sync::Handle,
185    randomness_handle: randomness::Handle,
186    endpoint_manager: EndpointManager,
187}
188
189#[cfg(msim)]
190mod simulator {
191    use std::sync::atomic::AtomicBool;
192    use sui_types::error::SuiErrorKind;
193
194    use super::*;
195    pub(super) struct SimState {
196        pub sim_node: sui_simulator::runtime::NodeHandle,
197        pub sim_safe_mode_expected: AtomicBool,
198        _leak_detector: sui_simulator::NodeLeakDetector,
199    }
200
201    impl Default for SimState {
202        fn default() -> Self {
203            Self {
204                sim_node: sui_simulator::runtime::NodeHandle::current(),
205                sim_safe_mode_expected: AtomicBool::new(false),
206                _leak_detector: sui_simulator::NodeLeakDetector::new(),
207            }
208        }
209    }
210
211    type JwkInjector = dyn Fn(AuthorityName, &OIDCProvider) -> SuiResult<Vec<(JwkId, JWK)>>
212        + Send
213        + Sync
214        + 'static;
215
216    fn default_fetch_jwks(
217        _authority: AuthorityName,
218        _provider: &OIDCProvider,
219    ) -> SuiResult<Vec<(JwkId, JWK)>> {
220        use fastcrypto_zkp::bn254::zk_login::parse_jwks;
221        // Just load a default Twitch jwk for testing.
222        parse_jwks(
223            sui_types::zk_login_util::DEFAULT_JWK_BYTES,
224            &OIDCProvider::Twitch,
225            true,
226        )
227        .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
228    }
229
230    thread_local! {
231        static JWK_INJECTOR: std::cell::RefCell<Arc<JwkInjector>> = std::cell::RefCell::new(Arc::new(default_fetch_jwks));
232    }
233
234    pub(super) fn get_jwk_injector() -> Arc<JwkInjector> {
235        JWK_INJECTOR.with(|injector| injector.borrow().clone())
236    }
237
238    pub fn set_jwk_injector(injector: Arc<JwkInjector>) {
239        JWK_INJECTOR.with(|cell| *cell.borrow_mut() = injector);
240    }
241}
242
243#[cfg(msim)]
244pub use simulator::set_jwk_injector;
245#[cfg(msim)]
246use simulator::*;
247use sui_core::authority::authority_store_pruner::PrunerWatermarks;
248use sui_core::{
249    consensus_handler::ConsensusHandlerInitializer, safe_client::SafeClientMetricsBase,
250};
251
252const DEFAULT_GRPC_CONNECT_TIMEOUT: Duration = Duration::from_secs(60);
253
254pub struct SuiNode {
255    config: NodeConfig,
256    validator_components: Mutex<Option<ValidatorComponents>>,
257
258    /// The http servers responsible for serving RPC traffic (gRPC and JSON-RPC)
259    #[allow(unused)]
260    http_servers: HttpServers,
261
262    state: Arc<AuthorityState>,
263    transaction_orchestrator: Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
264    registry_service: RegistryService,
265    metrics: Arc<SuiNodeMetrics>,
266    checkpoint_metrics: Arc<CheckpointMetrics>,
267
268    _discovery: discovery::Handle,
269    _connection_monitor_handle: mysten_network::anemo_connection_monitor::ConnectionMonitorHandle,
270    state_sync_handle: state_sync::Handle,
271    randomness_handle: randomness::Handle,
272    checkpoint_store: Arc<CheckpointStore>,
273    global_state_hasher: Mutex<Option<Arc<GlobalStateHasher>>>,
274
275    /// Broadcast channel to send the starting system state for the next epoch.
276    end_of_epoch_channel: broadcast::Sender<SuiSystemState>,
277
278    /// EndpointManager for updating peer network addresses.
279    endpoint_manager: EndpointManager,
280
281    /// Handle to the discovery-shared address prober (`None` when disabled).
282    address_prober: Option<address_prober::Handle>,
283
284    backpressure_manager: Arc<BackpressureManager>,
285
286    _db_checkpoint_handle: Option<tokio::sync::broadcast::Sender<()>>,
287
288    #[cfg(msim)]
289    sim_state: SimState,
290
291    _state_snapshot_uploader_handle: Option<broadcast::Sender<()>>,
292    // Channel to allow signaling upstream to shutdown sui-node
293    shutdown_channel_tx: broadcast::Sender<Option<RunWithRange>>,
294
295    /// Handle shared with RandomnessManager and the consensus layer.
296    randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
297
298    /// AuthorityAggregator of the network, created at start and beginning of each epoch.
299    /// Use ArcSwap so that we could mutate it without taking mut reference.
300    // TODO: Eventually we can make this auth aggregator a shared reference so that this
301    // update will automatically propagate to other uses.
302    auth_agg: Arc<ArcSwap<AuthorityAggregator<NetworkAuthorityClient>>>,
303
304    subscription_service_checkpoint_sender: Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
305
306    /// The embedded `sui-rpc-store`, present when the node is a fullnode
307    /// with indexing enabled. Held for the node's lifetime so its tip
308    /// indexer keeps running (dropping it aborts the indexer). Exposed
309    /// through [`SuiNode::embedded_rpc_store`] for introspection.
310    embedded_rpc_store: Option<EmbeddedRpcStore>,
311}
312
313impl fmt::Debug for SuiNode {
314    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
315        f.debug_struct("SuiNode")
316            .field("name", &self.state.name.concise())
317            .finish()
318    }
319}
320
321static MAX_JWK_KEYS_PER_FETCH: usize = 100;
322
323impl SuiNode {
324    pub async fn start(
325        config: NodeConfig,
326        registry_service: RegistryService,
327    ) -> Result<Arc<SuiNode>> {
328        Self::start_async(
329            config,
330            registry_service,
331            ServerVersion::new("sui-node", "unknown"),
332        )
333        .await
334    }
335
336    fn start_jwk_updater(
337        config: &NodeConfig,
338        metrics: Arc<SuiNodeMetrics>,
339        authority: AuthorityName,
340        epoch_store: Arc<AuthorityPerEpochStore>,
341        consensus_adapter: Arc<ConsensusAdapter>,
342    ) {
343        let epoch = epoch_store.epoch();
344
345        let supported_providers = config
346            .zklogin_oauth_providers
347            .get(&epoch_store.get_chain_identifier().chain())
348            .unwrap_or(&BTreeSet::new())
349            .iter()
350            .map(|s| OIDCProvider::from_str(s).expect("Invalid provider string"))
351            .collect::<Vec<_>>();
352
353        let fetch_interval = Duration::from_secs(config.jwk_fetch_interval_seconds);
354
355        info!(
356            ?fetch_interval,
357            "Starting JWK updater tasks with supported providers: {:?}", supported_providers
358        );
359
360        fn validate_jwk(
361            metrics: &Arc<SuiNodeMetrics>,
362            provider: &OIDCProvider,
363            id: &JwkId,
364            jwk: &JWK,
365        ) -> bool {
366            let Ok(iss_provider) = OIDCProvider::from_iss(&id.iss) else {
367                warn!(
368                    "JWK iss {:?} (retrieved from {:?}) is not a valid provider",
369                    id.iss, provider
370                );
371                metrics
372                    .invalid_jwks
373                    .with_label_values(&[&provider.to_string()])
374                    .inc();
375                return false;
376            };
377
378            if iss_provider != *provider {
379                warn!(
380                    "JWK iss {:?} (retrieved from {:?}) does not match provider {:?}",
381                    id.iss, provider, iss_provider
382                );
383                metrics
384                    .invalid_jwks
385                    .with_label_values(&[&provider.to_string()])
386                    .inc();
387                return false;
388            }
389
390            if !check_total_jwk_size(id, jwk) {
391                warn!("JWK {:?} (retrieved from {:?}) is too large", id, provider);
392                metrics
393                    .invalid_jwks
394                    .with_label_values(&[&provider.to_string()])
395                    .inc();
396                return false;
397            }
398
399            true
400        }
401
402        // metrics is:
403        //  pub struct SuiNodeMetrics {
404        //      pub jwk_requests: IntCounterVec,
405        //      pub jwk_request_errors: IntCounterVec,
406        //      pub total_jwks: IntCounterVec,
407        //      pub unique_jwks: IntCounterVec,
408        //  }
409
410        for p in supported_providers.into_iter() {
411            let provider_str = p.to_string();
412            let epoch_store = epoch_store.clone();
413            let consensus_adapter = consensus_adapter.clone();
414            let metrics = metrics.clone();
415            spawn_monitored_task!(epoch_store.clone().within_alive_epoch(
416                async move {
417                    // note: restart-safe de-duplication happens after consensus, this is
418                    // just best-effort to reduce unneeded submissions.
419                    let mut seen = HashSet::new();
420                    loop {
421                        jwk_log!("fetching JWK for provider {:?}", p);
422                        metrics.jwk_requests.with_label_values(&[&provider_str]).inc();
423                        match Self::fetch_jwks(authority, &p).await {
424                            Err(e) => {
425                                metrics.jwk_request_errors.with_label_values(&[&provider_str]).inc();
426                                warn!("Error when fetching JWK for provider {:?} {:?}", p, e);
427                                // Retry in 30 seconds
428                                tokio::time::sleep(Duration::from_secs(30)).await;
429                                continue;
430                            }
431                            Ok(mut keys) => {
432                                metrics.total_jwks
433                                    .with_label_values(&[&provider_str])
434                                    .inc_by(keys.len() as u64);
435
436                                keys.retain(|(id, jwk)| {
437                                    validate_jwk(&metrics, &p, id, jwk) &&
438                                    !epoch_store.jwk_active_in_current_epoch(id, jwk) &&
439                                    seen.insert((id.clone(), jwk.clone()))
440                                });
441
442                                metrics.unique_jwks
443                                    .with_label_values(&[&provider_str])
444                                    .inc_by(keys.len() as u64);
445
446                                // prevent oauth providers from sending too many keys,
447                                // inadvertently or otherwise
448                                if keys.len() > MAX_JWK_KEYS_PER_FETCH {
449                                    warn!("Provider {:?} sent too many JWKs, only the first {} will be used", p, MAX_JWK_KEYS_PER_FETCH);
450                                    keys.truncate(MAX_JWK_KEYS_PER_FETCH);
451                                }
452
453                                for (id, jwk) in keys.into_iter() {
454                                    jwk_log!("Submitting JWK to consensus: {:?}", id);
455
456                                    let txn = ConsensusTransaction::new_jwk_fetched(authority, id, jwk);
457                                    consensus_adapter.submit(txn, None, &epoch_store, None, None)
458                                        .tap_err(|e| warn!("Error when submitting JWKs to consensus {:?}", e))
459                                        .ok();
460                                }
461                            }
462                        }
463                        tokio::time::sleep(fetch_interval).await;
464                    }
465                }
466                .instrument(error_span!("jwk_updater_task", epoch)),
467            ));
468        }
469    }
470
471    pub async fn start_async(
472        config: NodeConfig,
473        registry_service: RegistryService,
474        server_version: ServerVersion,
475    ) -> Result<Arc<SuiNode>> {
476        // Fail fast on config errors before starting any node components.
477        if let Some(prober_config) = &config.address_prober {
478            prober_config.validate()?;
479        }
480
481        NodeConfigMetrics::new(&registry_service.default_registry()).record_metrics(&config);
482        let mut config = config.clone();
483        if config.supported_protocol_versions.is_none() {
484            info!(
485                "populating config.supported_protocol_versions with default {:?}",
486                SupportedProtocolVersions::SYSTEM_DEFAULT
487            );
488            config.supported_protocol_versions = Some(SupportedProtocolVersions::SYSTEM_DEFAULT);
489        }
490
491        let run_with_range = config.run_with_range;
492        let prometheus_registry = registry_service.default_registry();
493        let node_role = config.intended_node_role();
494
495        info!(node =? config.protocol_public_key(),
496            "Initializing sui-node listening on {} with role {:?}", config.network_address, node_role
497        );
498
499        // Initialize metrics to track db usage before creating any stores
500        DBMetrics::init(registry_service.clone());
501
502        // Initialize db sync-to-disk setting from config (falls back to env var if not set)
503        typed_store::init_write_sync(config.enable_db_sync_to_disk);
504
505        // Initialize Mysten metrics.
506        mysten_metrics::init_metrics(&prometheus_registry);
507        // Unsupported (because of the use of static variable) and unnecessary in simtests.
508        #[cfg(not(msim))]
509        mysten_metrics::thread_stall_monitor::start_thread_stall_monitor();
510
511        let genesis = config.genesis()?.clone();
512
513        let secret = Arc::pin(config.protocol_key_pair().copy());
514        let genesis_committee = genesis.committee();
515        let committee_store = Arc::new(CommitteeStore::new(
516            config.db_path().join("epochs"),
517            &genesis_committee,
518            None,
519        ));
520
521        let pruner_watermarks = Arc::new(PrunerWatermarks::default());
522        let checkpoint_store = CheckpointStore::new(
523            &config.db_path().join("checkpoints"),
524            pruner_watermarks.clone(),
525        );
526        let checkpoint_metrics = CheckpointMetrics::new(&registry_service.default_registry());
527
528        if node_role.runs_consensus() {
529            Self::check_and_recover_forks(
530                &checkpoint_store,
531                &checkpoint_metrics,
532                config.fork_recovery.as_ref(),
533            )
534            .await?;
535        }
536
537        // By default, only enable write stall on nodes that run consensus.
538        let enable_write_stall = config
539            .enable_db_write_stall
540            .unwrap_or(node_role.runs_consensus());
541        // The tidehunter objects compactor retains only the latest version per
542        // ObjectID and is mutually exclusive with the object pruner. Enable it
543        // for validators (which always disable the pruner), and also for any
544        // node configured with `num_epochs_to_retain = 0` — that aggressive
545        // setting is what the compactor replaces. The pruner is force-disabled
546        // in `AuthorityStorePruner::new` whenever this is true.
547        let enable_objects_compactor = node_role.is_validator()
548            || config.authority_store_pruning_config.num_epochs_to_retain == 0;
549        let perpetual_tables_options = AuthorityPerpetualTablesOptions {
550            enable_write_stall,
551            enable_objects_compactor,
552        };
553        let perpetual_tables = Arc::new(AuthorityPerpetualTables::open(
554            &config.db_store_path(),
555            Some(perpetual_tables_options),
556            Some(pruner_watermarks.epoch_id.clone()),
557        ));
558        let is_genesis = perpetual_tables
559            .database_is_empty()
560            .expect("Database read should not fail at init.");
561
562        let backpressure_manager =
563            BackpressureManager::new_from_checkpoint_store(&checkpoint_store);
564
565        let store =
566            AuthorityStore::open(perpetual_tables, &genesis, &config, &prometheus_registry).await?;
567
568        let cur_epoch = store.get_recovery_epoch_at_restart()?;
569        let committee = committee_store
570            .get_committee(&cur_epoch)?
571            .expect("Committee of the current epoch must exist");
572        let epoch_start_configuration = store
573            .get_epoch_start_configuration()?
574            .expect("EpochStartConfiguration of the current epoch must exist");
575        let cache_metrics = Arc::new(ResolverMetrics::new(&prometheus_registry));
576        let signature_verifier_metrics = SignatureVerifierMetrics::new(&prometheus_registry);
577
578        let cache_traits = build_execution_cache(
579            &config.execution_cache,
580            &prometheus_registry,
581            &store,
582            backpressure_manager.clone(),
583        );
584
585        let auth_agg = {
586            let safe_client_metrics_base = SafeClientMetricsBase::new(&prometheus_registry);
587            Arc::new(ArcSwap::new(Arc::new(
588                AuthorityAggregator::new_from_epoch_start_state(
589                    epoch_start_configuration.epoch_start_state(),
590                    &committee_store,
591                    safe_client_metrics_base,
592                ),
593            )))
594        };
595
596        let chain_id = ChainIdentifier::from(*genesis.checkpoint().digest());
597        let chain = match config.chain_override_for_testing {
598            Some(chain) => chain,
599            None => ChainIdentifier::from(*genesis.checkpoint().digest()).chain(),
600        };
601
602        let highest_executed_checkpoint = checkpoint_store
603            .get_highest_executed_checkpoint_seq_number()
604            .expect("checkpoint store read cannot fail")
605            .unwrap_or(0);
606
607        let previous_epoch_last_checkpoint = if cur_epoch == 0 {
608            0
609        } else {
610            checkpoint_store
611                .get_epoch_last_checkpoint_seq_number(cur_epoch - 1)
612                .expect("checkpoint store read cannot fail")
613                .unwrap_or(highest_executed_checkpoint)
614        };
615
616        let epoch_options = default_db_options().optimize_db_for_write_throughput(4, false);
617        let epoch_store = AuthorityPerEpochStore::new(
618            config.protocol_public_key(),
619            committee.clone(),
620            &config.db_store_path(),
621            Some(epoch_options.options),
622            EpochMetrics::new(&registry_service.default_registry()),
623            epoch_start_configuration,
624            cache_traits.backing_package_store.clone(),
625            cache_traits.object_store.clone(),
626            cache_metrics,
627            signature_verifier_metrics,
628            &config.expensive_safety_check_config,
629            (chain_id, chain),
630            highest_executed_checkpoint,
631            previous_epoch_last_checkpoint,
632            Arc::new(SubmittedTransactionCacheMetrics::new(
633                &registry_service.default_registry(),
634            )),
635            config.fullnode_sync_mode,
636        )?;
637
638        info!("created epoch store");
639
640        replay_log!(
641            "Beginning replay run. Epoch: {:?}, Protocol config: {:?}",
642            epoch_store.epoch(),
643            epoch_store.protocol_config()
644        );
645
646        // the database is empty at genesis time
647        if is_genesis {
648            info!("checking SUI conservation at genesis");
649            // When we are opening the db table, the only time when it's safe to
650            // check SUI conservation is at genesis. Otherwise we may be in the middle of
651            // an epoch and the SUI conservation check will fail. This also initialize
652            // the expected_network_sui_amount table.
653            cache_traits
654                .reconfig_api
655                .expensive_check_sui_conservation(&epoch_store)
656                .expect("SUI conservation check cannot fail at genesis");
657        }
658
659        let effective_buffer_stake = epoch_store.get_effective_buffer_stake_bps();
660        let default_buffer_stake = epoch_store
661            .protocol_config()
662            .buffer_stake_for_protocol_upgrade_bps();
663        if effective_buffer_stake != default_buffer_stake {
664            warn!(
665                ?effective_buffer_stake,
666                ?default_buffer_stake,
667                "buffer_stake_for_protocol_upgrade_bps is currently overridden"
668            );
669        }
670
671        checkpoint_store.insert_genesis_checkpoint(
672            genesis.checkpoint(),
673            genesis.checkpoint_contents().clone(),
674            &epoch_store,
675        );
676
677        info!("creating state sync store");
678        let state_sync_store = RocksDbStore::new(
679            cache_traits.clone(),
680            committee_store.clone(),
681            checkpoint_store.clone(),
682        );
683
684        let index_store = if node_role.is_fullnode() && config.enable_index_processing {
685            info!("creating jsonrpc index store");
686            Some(Arc::new(IndexStore::new(
687                config.db_path().join("indexes"),
688                &prometheus_registry,
689                epoch_store
690                    .protocol_config()
691                    .max_move_identifier_len_as_option(),
692                config.remove_deprecated_tables,
693            )))
694        } else {
695            None
696        };
697
698        let chain_identifier = epoch_store.get_chain_identifier();
699
700        // The embedded `sui-rpc-store` is the node's index backend: when
701        // indexing is enabled it builds the derived-index and ledger-history
702        // column families (indexed independently of the authority store) and
703        // serves the index read paths from the embedded store. Raw chain data
704        // is still served from the perpetual store.
705        let mut embedded_rpc_store =
706            if node_role.is_fullnode() && config.rpc().is_some_and(|rpc| rpc.enable_indexing()) {
707                info!("creating embedded rpc-store");
708                // The embedded `sui-rpc-store` replaced the legacy `rpc-index`
709                // backend; remove its now-dead on-disk directory if a prior
710                // version left one behind.
711                remove_legacy_rpc_index_store(&config.db_path());
712                // The tip indexer pulls checkpoints from the node's local
713                // checkpoint / perpetual stores via a dedicated read handle.
714                let ingestion_source = RocksDbStore::new(
715                    cache_traits.clone(),
716                    committee_store.clone(),
717                    checkpoint_store.clone(),
718                );
719                let embedded_rpc_store = EmbeddedRpcStore::bootstrap(
720                    &config,
721                    &store,
722                    &checkpoint_store,
723                    ingestion_source,
724                    chain_identifier,
725                    &prometheus_registry,
726                )
727                .await?;
728                Some(embedded_rpc_store)
729            } else {
730                None
731            };
732
733        info!("creating archive reader");
734        // Create network
735        let (randomness_tx, randomness_rx) = mpsc::channel(
736            config
737                .p2p_config
738                .randomness
739                .clone()
740                .unwrap_or_default()
741                .mailbox_capacity(),
742        );
743        let P2pComponents {
744            p2p_network,
745            known_peers,
746            discovery_handle,
747            state_sync_handle,
748            randomness_handle,
749            endpoint_manager,
750        } = Self::create_p2p_network(
751            &config,
752            state_sync_store.clone(),
753            chain_identifier,
754            randomness_tx,
755            &prometheus_registry,
756        )?;
757
758        // Inject configured peer address overrides.
759        for peer in &config.p2p_config.peer_address_overrides {
760            endpoint_manager
761                .update_endpoint(
762                    EndpointId::P2p(peer.peer_id),
763                    AddressSource::Config,
764                    peer.addresses.clone(),
765                )
766                .expect("Updating peer address overrides should not fail");
767        }
768
769        // Send initial peer addresses to the p2p network.
770        update_peer_addresses(
771            &config,
772            &endpoint_manager,
773            epoch_store.epoch_start_state(),
774            None,
775        );
776
777        info!("start snapshot upload");
778        // Start uploading state snapshot to remote store
779        let state_snapshot_handle = Self::start_state_snapshot(
780            &config,
781            &prometheus_registry,
782            checkpoint_store.clone(),
783            chain_identifier,
784        )?;
785
786        // Start uploading db checkpoints to remote store
787        info!("start db checkpoint");
788        let (db_checkpoint_config, db_checkpoint_handle) = Self::start_db_checkpoint(
789            &config,
790            &prometheus_registry,
791            state_snapshot_handle.is_some(),
792        )?;
793
794        if !epoch_store
795            .protocol_config()
796            .simplified_unwrap_then_delete()
797        {
798            // We cannot prune tombstones if simplified_unwrap_then_delete is not enabled.
799            config
800                .authority_store_pruning_config
801                .set_killswitch_tombstone_pruning(true);
802        }
803
804        let authority_name = config.protocol_public_key();
805
806        info!("create authority state");
807        let state = AuthorityState::new(
808            authority_name,
809            secret,
810            config.supported_protocol_versions.unwrap(),
811            store.clone(),
812            cache_traits.clone(),
813            epoch_store.clone(),
814            committee_store.clone(),
815            index_store.clone(),
816            embedded_rpc_store.as_ref().map(|embedded| embedded.store()),
817            checkpoint_store.clone(),
818            &prometheus_registry,
819            genesis.objects(),
820            &db_checkpoint_config,
821            config.clone(),
822            chain_identifier,
823            config.policy_config.clone(),
824            config.firewall_config.clone(),
825            pruner_watermarks,
826        )
827        .await;
828        // ensure genesis txn was executed
829        if epoch_store.epoch() == 0 {
830            let txn = &genesis.transaction();
831            let span = error_span!("genesis_txn", tx_digest = ?txn.digest());
832            let transaction =
833                sui_types::executable_transaction::VerifiedExecutableTransaction::new_unchecked(
834                    sui_types::executable_transaction::ExecutableTransaction::new_from_data_and_sig(
835                        genesis.transaction().data().clone(),
836                        sui_types::executable_transaction::CertificateProof::Checkpoint(0, 0),
837                    ),
838                );
839            let _enter = span.enter();
840            state
841                .try_execute_immediately(&transaction, ExecutionEnv::new(), &epoch_store)
842                .unwrap();
843        }
844
845        // Start the loop that receives new randomness and generates transactions for it.
846        // The returned is long-lived (node lifetime).
847        let randomness_receiver_handle =
848            RandomnessRoundReceiver::spawn(state.clone(), randomness_rx);
849
850        let (end_of_epoch_channel, end_of_epoch_receiver) =
851            broadcast::channel(config.end_of_epoch_broadcast_channel_capacity);
852
853        let transaction_orchestrator = if node_role.is_fullnode() && run_with_range.is_none() {
854            Some(Arc::new(TransactionOrchestrator::new_with_auth_aggregator(
855                auth_agg.load_full(),
856                state.clone(),
857                end_of_epoch_receiver,
858                &config.db_path(),
859                &prometheus_registry,
860                &config,
861            )))
862        } else {
863            None
864        };
865
866        let (http_servers, subscription_service_checkpoint_sender) = build_http_servers(
867            state.clone(),
868            state_sync_store,
869            &transaction_orchestrator.clone(),
870            &config,
871            &prometheus_registry,
872            server_version,
873            node_role,
874            embedded_rpc_store.as_ref(),
875        )
876        .await?;
877
878        // Start the embedded rpc-store's tip indexer. It follows the tip
879        // via the checkpoint executor's broadcast stream and backfills
880        // any gap from the perpetual store. Spawned on a background task
881        // (see `spawn_indexer`) so node startup does not block on the
882        // first checkpoint, which the executor only produces after this
883        // function returns.
884        if let Some(embedded) = embedded_rpc_store.as_mut() {
885            embedded.spawn_indexer(
886                subscription_service_checkpoint_sender.clone(),
887                prometheus_registry.clone(),
888            );
889        }
890
891        let global_state_hasher = Arc::new(GlobalStateHasher::new(
892            cache_traits.global_state_hash_store.clone(),
893            GlobalStateHashMetrics::new(&prometheus_registry),
894        ));
895
896        let network_connection_metrics = mysten_network::quinn_metrics::QuinnConnectionMetrics::new(
897            "sui",
898            &registry_service.default_registry(),
899        );
900
901        let connection_monitor_handle =
902            mysten_network::anemo_connection_monitor::AnemoConnectionMonitor::spawn(
903                p2p_network.downgrade(),
904                Arc::new(network_connection_metrics),
905                known_peers,
906            );
907
908        let sui_node_metrics = Arc::new(SuiNodeMetrics::new(&registry_service.default_registry()));
909
910        sui_node_metrics
911            .binary_max_protocol_version
912            .set(ProtocolVersion::MAX.as_u64() as i64);
913        sui_node_metrics
914            .configured_max_protocol_version
915            .set(config.supported_protocol_versions.unwrap().max.as_u64() as i64);
916
917        let node_role = epoch_store.node_role();
918        let validator_components = if node_role.runs_consensus() {
919            let mut components = Self::construct_validator_components(
920                config.clone(),
921                state.clone(),
922                committee,
923                epoch_store.clone(),
924                checkpoint_store.clone(),
925                state_sync_handle.clone(),
926                randomness_handle.clone(),
927                Arc::downgrade(&global_state_hasher),
928                backpressure_manager.clone(),
929                &registry_service,
930                sui_node_metrics.clone(),
931                checkpoint_metrics.clone(),
932                node_role,
933                randomness_receiver_handle.clone(),
934            )
935            .await?;
936
937            if node_role.is_validator() {
938                components
939                    .consensus_adapter
940                    .recover_end_of_publish(&epoch_store);
941
942                // Start the gRPC server
943                components.validator_server_handle = Some(
944                    components
945                        .validator_server_handle
946                        .take()
947                        .unwrap()
948                        .start()
949                        .await,
950                );
951
952                // Set the consensus address updater so that we can update the consensus peer addresses when requested.
953                endpoint_manager
954                    .set_consensus_address_updater(components.consensus_manager.clone());
955            } else {
956                info!("Starting node as Observer — connecting to configured peers");
957            }
958
959            Some(components)
960        } else {
961            None
962        };
963
964        let address_prober = if Self::address_prober_enabled(&config) {
965            let handle = address_prober::Builder::new()
966                .config(config.address_prober.clone().unwrap_or_default())
967                .with_metrics(&prometheus_registry)
968                .build()
969                .start(
970                    p2p_network.clone(),
971                    discovery_handle.sender(),
972                    consensus_config::NetworkKeyPair::new(config.network_key_pair().copy()),
973                );
974            // Seed the current epoch if we are starting as a validator.
975            if node_role.is_validator()
976                && let Some(components) = &validator_components
977            {
978                handle.update_epoch(
979                    epoch_store.epoch(),
980                    epoch_store.epoch_start_state().get_consensus_committee(),
981                    components.consensus_manager.clone(),
982                );
983            }
984            Some(handle)
985        } else {
986            None
987        };
988
989        // setup shutdown channel
990        let (shutdown_channel, _) = broadcast::channel::<Option<RunWithRange>>(1);
991
992        let node = Self {
993            config,
994            validator_components: Mutex::new(validator_components),
995            http_servers,
996            state,
997            transaction_orchestrator,
998            registry_service,
999            metrics: sui_node_metrics,
1000            checkpoint_metrics,
1001
1002            _discovery: discovery_handle,
1003            _connection_monitor_handle: connection_monitor_handle,
1004            state_sync_handle,
1005            randomness_handle,
1006            checkpoint_store,
1007            global_state_hasher: Mutex::new(Some(global_state_hasher)),
1008            end_of_epoch_channel,
1009            endpoint_manager,
1010            backpressure_manager,
1011            address_prober,
1012
1013            _db_checkpoint_handle: db_checkpoint_handle,
1014
1015            #[cfg(msim)]
1016            sim_state: Default::default(),
1017
1018            _state_snapshot_uploader_handle: state_snapshot_handle,
1019            shutdown_channel_tx: shutdown_channel,
1020            randomness_receiver_handle,
1021
1022            auth_agg,
1023            subscription_service_checkpoint_sender,
1024            embedded_rpc_store,
1025        };
1026
1027        info!("SuiNode started!");
1028        let node = Arc::new(node);
1029        let node_copy = node.clone();
1030        spawn_monitored_task!(async move {
1031            let result = Self::monitor_reconfiguration(node_copy, epoch_store).await;
1032            if let Err(error) = result {
1033                warn!("Reconfiguration finished with error {:?}", error);
1034            }
1035        });
1036
1037        Ok(node)
1038    }
1039
1040    pub fn subscribe_to_epoch_change(&self) -> broadcast::Receiver<SuiSystemState> {
1041        self.end_of_epoch_channel.subscribe()
1042    }
1043
1044    pub fn subscribe_to_shutdown_channel(&self) -> broadcast::Receiver<Option<RunWithRange>> {
1045        self.shutdown_channel_tx.subscribe()
1046    }
1047
1048    pub fn current_epoch_for_testing(&self) -> EpochId {
1049        self.state.current_epoch_for_testing()
1050    }
1051
1052    pub fn db_checkpoint_path(&self) -> PathBuf {
1053        self.config.db_checkpoint_path()
1054    }
1055
1056    // Init reconfig process by starting to reject user certs
1057    pub async fn close_epoch(&self, epoch_store: &Arc<AuthorityPerEpochStore>) -> SuiResult {
1058        info!("close_epoch (current epoch = {})", epoch_store.epoch());
1059        self.validator_components
1060            .lock()
1061            .await
1062            .as_ref()
1063            .ok_or_else(|| SuiError::from("Node is not a validator"))?
1064            .consensus_adapter
1065            .close_epoch(epoch_store);
1066        Ok(())
1067    }
1068
1069    pub fn clear_override_protocol_upgrade_buffer_stake(&self, epoch: EpochId) -> SuiResult {
1070        self.state
1071            .clear_override_protocol_upgrade_buffer_stake(epoch)
1072    }
1073
1074    pub fn set_override_protocol_upgrade_buffer_stake(
1075        &self,
1076        epoch: EpochId,
1077        buffer_stake_bps: u64,
1078    ) -> SuiResult {
1079        self.state
1080            .set_override_protocol_upgrade_buffer_stake(epoch, buffer_stake_bps)
1081    }
1082
1083    // Testing-only API to start epoch close process.
1084    // For production code, please use the non-testing version.
1085    pub async fn close_epoch_for_testing(&self) -> SuiResult {
1086        let epoch_store = self.state.epoch_store_for_testing();
1087        self.close_epoch(&epoch_store).await
1088    }
1089
1090    fn start_state_snapshot(
1091        config: &NodeConfig,
1092        prometheus_registry: &Registry,
1093        checkpoint_store: Arc<CheckpointStore>,
1094        chain_identifier: ChainIdentifier,
1095    ) -> Result<Option<tokio::sync::broadcast::Sender<()>>> {
1096        if let Some(remote_store_config) = &config.state_snapshot_write_config.object_store_config {
1097            let snapshot_uploader = StateSnapshotUploader::new(
1098                &config.db_checkpoint_path(),
1099                &config.snapshot_path(),
1100                remote_store_config.clone(),
1101                60,
1102                prometheus_registry,
1103                checkpoint_store,
1104                chain_identifier,
1105                config.state_snapshot_write_config.archive_interval_epochs,
1106            )?;
1107            Ok(Some(snapshot_uploader.start()))
1108        } else {
1109            Ok(None)
1110        }
1111    }
1112
1113    fn start_db_checkpoint(
1114        config: &NodeConfig,
1115        prometheus_registry: &Registry,
1116        state_snapshot_enabled: bool,
1117    ) -> Result<(
1118        DBCheckpointConfig,
1119        Option<tokio::sync::broadcast::Sender<()>>,
1120    )> {
1121        let checkpoint_path = Some(
1122            config
1123                .db_checkpoint_config
1124                .checkpoint_path
1125                .clone()
1126                .unwrap_or_else(|| config.db_checkpoint_path()),
1127        );
1128        let db_checkpoint_config = if config.db_checkpoint_config.checkpoint_path.is_none() {
1129            DBCheckpointConfig {
1130                checkpoint_path,
1131                perform_db_checkpoints_at_epoch_end: if state_snapshot_enabled {
1132                    true
1133                } else {
1134                    config
1135                        .db_checkpoint_config
1136                        .perform_db_checkpoints_at_epoch_end
1137                },
1138                ..config.db_checkpoint_config.clone()
1139            }
1140        } else {
1141            config.db_checkpoint_config.clone()
1142        };
1143
1144        match (
1145            db_checkpoint_config.object_store_config.as_ref(),
1146            state_snapshot_enabled,
1147        ) {
1148            // If db checkpoint config object store not specified but
1149            // state snapshot object store is specified, create handler
1150            // anyway for marking db checkpoints as completed so that they
1151            // can be uploaded as state snapshots.
1152            (None, false) => Ok((db_checkpoint_config, None)),
1153            (_, _) => {
1154                let handler = DBCheckpointHandler::new(
1155                    &db_checkpoint_config.checkpoint_path.clone().unwrap(),
1156                    db_checkpoint_config.object_store_config.as_ref(),
1157                    60,
1158                    db_checkpoint_config
1159                        .prune_and_compact_before_upload
1160                        .unwrap_or(true),
1161                    config.authority_store_pruning_config.clone(),
1162                    prometheus_registry,
1163                    state_snapshot_enabled,
1164                )?;
1165                Ok((
1166                    db_checkpoint_config,
1167                    Some(DBCheckpointHandler::start(handler)),
1168                ))
1169            }
1170        }
1171    }
1172
1173    fn create_p2p_network(
1174        config: &NodeConfig,
1175        state_sync_store: RocksDbStore,
1176        chain_identifier: ChainIdentifier,
1177        randomness_tx: mpsc::Sender<(EpochId, RandomnessRound, Vec<u8>)>,
1178        prometheus_registry: &Registry,
1179    ) -> Result<P2pComponents> {
1180        let mut p2p_config = config.p2p_config.clone();
1181        {
1182            let disc = p2p_config.discovery.get_or_insert_with(Default::default);
1183            if disc.peer_addr_store_path.is_none() {
1184                disc.peer_addr_store_path =
1185                    Some(config.db_path().join("discovery_peer_cache.yaml"));
1186            }
1187        }
1188        let mut discovery_builder = discovery::Builder::new().config(p2p_config.clone());
1189        if let Some(consensus_config) = &config.consensus_config {
1190            let effective_addr = consensus_config
1191                .external_address
1192                .as_ref()
1193                .or(consensus_config.listen_address.as_ref());
1194            if let Some(addr) = effective_addr {
1195                discovery_builder = discovery_builder.consensus_external_address(addr.clone());
1196            }
1197        }
1198        let (discovery, discovery_server, endpoint_manager) = discovery_builder.build();
1199        let discovery_sender = discovery.sender();
1200
1201        let (state_sync, state_sync_router) = state_sync::Builder::new()
1202            .config(config.p2p_config.state_sync.clone().unwrap_or_default())
1203            .store(state_sync_store)
1204            .archive_config(config.archive_reader_config())
1205            .discovery_sender(discovery_sender)
1206            .with_metrics(prometheus_registry)
1207            .build();
1208
1209        let discovery_config = config.p2p_config.discovery.clone().unwrap_or_default();
1210        let known_peers: HashMap<PeerId, String> = discovery_config
1211            .allowlisted_peers
1212            .clone()
1213            .into_iter()
1214            .map(|ap| (ap.peer_id, "allowlisted_peer".to_string()))
1215            .chain(config.p2p_config.seed_peers.iter().filter_map(|peer| {
1216                peer.peer_id
1217                    .map(|peer_id| (peer_id, "seed_peer".to_string()))
1218            }))
1219            .collect();
1220
1221        let (randomness, randomness_router) =
1222            randomness::Builder::new(config.protocol_public_key(), randomness_tx)
1223                .config(config.p2p_config.randomness.clone().unwrap_or_default())
1224                .with_metrics(prometheus_registry)
1225                .build();
1226
1227        let p2p_network = {
1228            let routes = anemo::Router::new()
1229                .add_rpc_service(discovery_server)
1230                .merge(state_sync_router);
1231            let routes = routes.merge(randomness_router);
1232
1233            let inbound_network_metrics =
1234                mysten_network::metrics::NetworkMetrics::new("sui", "inbound", prometheus_registry);
1235            let outbound_network_metrics = mysten_network::metrics::NetworkMetrics::new(
1236                "sui",
1237                "outbound",
1238                prometheus_registry,
1239            );
1240
1241            let service = ServiceBuilder::new()
1242                .layer(
1243                    TraceLayer::new_for_server_errors()
1244                        .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1245                        .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1246                )
1247                .layer(CallbackLayer::new(
1248                    mysten_network::metrics::MetricsMakeCallbackHandler::new(
1249                        Arc::new(inbound_network_metrics),
1250                        config.p2p_config.excessive_message_size(),
1251                    ),
1252                ))
1253                .service(routes);
1254
1255            let outbound_layer = ServiceBuilder::new()
1256                .layer(
1257                    TraceLayer::new_for_client_and_server_errors()
1258                        .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1259                        .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1260                )
1261                .layer(CallbackLayer::new(
1262                    mysten_network::metrics::MetricsMakeCallbackHandler::new(
1263                        Arc::new(outbound_network_metrics),
1264                        config.p2p_config.excessive_message_size(),
1265                    ),
1266                ))
1267                .into_inner();
1268
1269            let mut anemo_config = config.p2p_config.anemo_config.clone().unwrap_or_default();
1270            // Inbound requests on this network are small (signatures, queries, summaries).
1271            // Cap request frames at 1 MiB.
1272            anemo_config.max_request_frame_size = Some(1 << 20);
1273            // Responses can be larger (checkpoint contents).
1274            // Cap response frames at 128 MiB.
1275            anemo_config.max_response_frame_size = Some(128 << 20);
1276
1277            // Set a higher default value for socket send/receive buffers if not already
1278            // configured.
1279            let mut quic_config = anemo_config.quic.unwrap_or_default();
1280            if quic_config.socket_send_buffer_size.is_none() {
1281                quic_config.socket_send_buffer_size = Some(20 << 20);
1282            }
1283            if quic_config.socket_receive_buffer_size.is_none() {
1284                quic_config.socket_receive_buffer_size = Some(20 << 20);
1285            }
1286            quic_config.allow_failed_socket_buffer_size_setting = true;
1287
1288            // Set high-performance defaults for quinn transport.
1289            // With 200MiB buffer size and ~500ms RTT, max throughput ~400MiB/s.
1290            if quic_config.max_concurrent_bidi_streams.is_none() {
1291                quic_config.max_concurrent_bidi_streams = Some(500);
1292            }
1293            if quic_config.max_concurrent_uni_streams.is_none() {
1294                quic_config.max_concurrent_uni_streams = Some(500);
1295            }
1296            if quic_config.stream_receive_window.is_none() {
1297                quic_config.stream_receive_window = Some(100 << 20);
1298            }
1299            if quic_config.receive_window.is_none() {
1300                quic_config.receive_window = Some(200 << 20);
1301            }
1302            if quic_config.send_window.is_none() {
1303                quic_config.send_window = Some(200 << 20);
1304            }
1305            if quic_config.crypto_buffer_size.is_none() {
1306                quic_config.crypto_buffer_size = Some(1 << 20);
1307            }
1308            if quic_config.max_idle_timeout_ms.is_none() {
1309                quic_config.max_idle_timeout_ms = Some(10_000);
1310            }
1311            if quic_config.keep_alive_interval_ms.is_none() {
1312                quic_config.keep_alive_interval_ms = Some(5_000);
1313            }
1314            anemo_config.quic = Some(quic_config);
1315
1316            let server_name = format!("sui-{}", chain_identifier);
1317            let network = Network::bind(config.p2p_config.listen_address)
1318                .server_name(&server_name)
1319                .private_key(config.network_key_pair().copy().private().0.to_bytes())
1320                .config(anemo_config)
1321                .outbound_request_layer(outbound_layer)
1322                .start(service)?;
1323            info!(
1324                server_name = server_name,
1325                "P2p network started on {}",
1326                network.local_addr()
1327            );
1328
1329            network
1330        };
1331
1332        let discovery_handle =
1333            discovery.start(p2p_network.clone(), config.network_key_pair().copy());
1334        let state_sync_handle = state_sync.start(p2p_network.clone());
1335        let randomness_handle = randomness.start(p2p_network.clone());
1336
1337        Ok(P2pComponents {
1338            p2p_network,
1339            known_peers,
1340            discovery_handle,
1341            state_sync_handle,
1342            randomness_handle,
1343            endpoint_manager,
1344        })
1345    }
1346
1347    async fn construct_validator_components(
1348        config: NodeConfig,
1349        state: Arc<AuthorityState>,
1350        committee: Arc<Committee>,
1351        epoch_store: Arc<AuthorityPerEpochStore>,
1352        checkpoint_store: Arc<CheckpointStore>,
1353        state_sync_handle: state_sync::Handle,
1354        randomness_handle: randomness::Handle,
1355        global_state_hasher: Weak<GlobalStateHasher>,
1356        backpressure_manager: Arc<BackpressureManager>,
1357        registry_service: &RegistryService,
1358        sui_node_metrics: Arc<SuiNodeMetrics>,
1359        checkpoint_metrics: Arc<CheckpointMetrics>,
1360        node_role: NodeRole,
1361        randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1362    ) -> Result<ValidatorComponents> {
1363        let mut config_clone = config.clone();
1364        let consensus_config = config_clone
1365            .consensus_config
1366            .as_mut()
1367            .ok_or_else(|| anyhow!("Node is missing consensus config"))?;
1368
1369        let client = Arc::new(UpdatableConsensusClient::new());
1370        let inflight_slot_freed_notify = Arc::new(tokio::sync::Notify::new());
1371        let consensus_adapter = Arc::new(Self::construct_consensus_adapter(
1372            &committee,
1373            consensus_config,
1374            state.name,
1375            &registry_service.default_registry(),
1376            client.clone(),
1377            checkpoint_store.clone(),
1378            inflight_slot_freed_notify.clone(),
1379        ));
1380
1381        let consensus_manager = Arc::new(ConsensusManager::new(
1382            &config,
1383            consensus_config,
1384            registry_service,
1385            client,
1386            node_role,
1387        ));
1388
1389        // This only gets started up once, not on every epoch. (Make call to remove every epoch.)
1390        let consensus_store_pruner = ConsensusStorePruner::new(
1391            consensus_manager.get_storage_base_path(),
1392            consensus_config.db_retention_epochs(),
1393            consensus_config.db_pruner_period(),
1394            &registry_service.default_registry(),
1395        );
1396
1397        let sui_tx_validator_metrics =
1398            SuiTxValidatorMetrics::new(&registry_service.default_registry());
1399
1400        let (validator_server_handle, admission_queue) = if node_role.is_validator() {
1401            let (handle, queue) = Self::start_grpc_validator_service(
1402                &config,
1403                state.clone(),
1404                consensus_adapter.clone(),
1405                epoch_store.clone(),
1406                &registry_service.default_registry(),
1407                inflight_slot_freed_notify,
1408            )
1409            .await?;
1410            (Some(handle), queue)
1411        } else {
1412            (None, None)
1413        };
1414
1415        // Starts an overload monitor that monitors the execution of the authority.
1416        // Don't start the overload monitor when max_load_shedding_percentage is 0.
1417        let validator_overload_monitor_handle = if node_role.is_validator()
1418            && config
1419                .authority_overload_config
1420                .max_load_shedding_percentage
1421                > 0
1422        {
1423            let authority_state = Arc::downgrade(&state);
1424            let overload_config = config.authority_overload_config.clone();
1425            fail_point!("starting_overload_monitor");
1426            Some(spawn_monitored_task!(overload_monitor(
1427                authority_state,
1428                overload_config,
1429            )))
1430        } else {
1431            None
1432        };
1433
1434        Self::start_epoch_specific_validator_components(
1435            &config,
1436            state.clone(),
1437            consensus_adapter,
1438            checkpoint_store,
1439            epoch_store,
1440            state_sync_handle,
1441            randomness_handle,
1442            randomness_receiver_handle,
1443            consensus_manager,
1444            consensus_store_pruner,
1445            global_state_hasher,
1446            backpressure_manager,
1447            validator_server_handle,
1448            validator_overload_monitor_handle,
1449            checkpoint_metrics,
1450            sui_node_metrics,
1451            sui_tx_validator_metrics,
1452            admission_queue,
1453            node_role,
1454        )
1455        .await
1456    }
1457
1458    fn address_prober_enabled(config: &NodeConfig) -> bool {
1459        let prober_enabled = config
1460            .address_prober
1461            .as_ref()
1462            .map(|c| c.enabled())
1463            .unwrap_or(true);
1464        let v3_enabled = config
1465            .p2p_config
1466            .discovery
1467            .as_ref()
1468            .is_some_and(|d| d.use_get_known_peers_v3());
1469        prober_enabled && v3_enabled
1470    }
1471
1472    fn update_address_prober_epoch(
1473        &self,
1474        epoch_store: &AuthorityPerEpochStore,
1475        consensus_manager: &Arc<ConsensusManager>,
1476    ) {
1477        if !epoch_store.is_validator() {
1478            return;
1479        }
1480        if let Some(handle) = &self.address_prober {
1481            handle.update_epoch(
1482                epoch_store.epoch(),
1483                epoch_store.epoch_start_state().get_consensus_committee(),
1484                consensus_manager.clone(),
1485            );
1486        }
1487    }
1488
1489    async fn start_epoch_specific_validator_components(
1490        config: &NodeConfig,
1491        state: Arc<AuthorityState>,
1492        consensus_adapter: Arc<ConsensusAdapter>,
1493        checkpoint_store: Arc<CheckpointStore>,
1494        epoch_store: Arc<AuthorityPerEpochStore>,
1495        state_sync_handle: state_sync::Handle,
1496        randomness_handle: randomness::Handle,
1497        randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1498        consensus_manager: Arc<ConsensusManager>,
1499        consensus_store_pruner: ConsensusStorePruner,
1500        state_hasher: Weak<GlobalStateHasher>,
1501        backpressure_manager: Arc<BackpressureManager>,
1502        validator_server_handle: Option<SpawnOnce>,
1503        validator_overload_monitor_handle: Option<JoinHandle<()>>,
1504        checkpoint_metrics: Arc<CheckpointMetrics>,
1505        sui_node_metrics: Arc<SuiNodeMetrics>,
1506        sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
1507        admission_queue: Option<AdmissionQueueContext>,
1508        node_role: NodeRole,
1509    ) -> Result<ValidatorComponents> {
1510        let checkpoint_service = Self::build_checkpoint_service(
1511            config,
1512            consensus_adapter.clone(),
1513            checkpoint_store.clone(),
1514            epoch_store.clone(),
1515            state.clone(),
1516            state_sync_handle,
1517            state_hasher,
1518            checkpoint_metrics.clone(),
1519            node_role,
1520        );
1521
1522        // Clear the VSS public key from the previous epoch so any randomness round
1523        // signatures buffer in the channel until the new DKG completes.
1524        randomness_receiver_handle.clear_public_key();
1525
1526        if node_role.runs_consensus() && epoch_store.randomness_state_enabled() {
1527            let authority_key_pair = if node_role.is_validator() {
1528                Some(config.protocol_key_pair())
1529            } else {
1530                None
1531            };
1532            let randomness_manager = RandomnessManager::try_new(
1533                Arc::downgrade(&epoch_store),
1534                Box::new(consensus_adapter.clone()),
1535                randomness_handle,
1536                authority_key_pair,
1537                randomness_receiver_handle.clone(),
1538            )
1539            .await;
1540            if let Some(randomness_manager) = randomness_manager {
1541                epoch_store
1542                    .set_randomness_manager(randomness_manager)
1543                    .await?;
1544            }
1545        }
1546
1547        if node_role.is_validator() {
1548            ExecutionTimeObserver::spawn(
1549                epoch_store.clone(),
1550                Box::new(consensus_adapter.clone()),
1551                config
1552                    .execution_time_observer_config
1553                    .clone()
1554                    .unwrap_or_default(),
1555            );
1556        }
1557
1558        let throughput_calculator = Arc::new(ConsensusThroughputCalculator::new(
1559            None,
1560            state.metrics.clone(),
1561        ));
1562
1563        let consensus_handler_initializer = ConsensusHandlerInitializer::new(
1564            state.clone(),
1565            checkpoint_service.clone(),
1566            epoch_store.clone(),
1567            consensus_adapter.clone(),
1568            throughput_calculator,
1569            backpressure_manager,
1570            config.congestion_log.clone(),
1571        );
1572
1573        info!("Starting consensus manager asynchronously");
1574
1575        // Spawn consensus startup asynchronously to avoid blocking other components
1576        tokio::spawn({
1577            let config = config.clone();
1578            let epoch_store = epoch_store.clone();
1579            let sui_tx_validator = SuiTxValidator::new(
1580                state.clone(),
1581                epoch_store.clone(),
1582                checkpoint_service.clone(),
1583                sui_tx_validator_metrics.clone(),
1584            );
1585            let consensus_manager = consensus_manager.clone();
1586            async move {
1587                consensus_manager
1588                    .start(
1589                        &config,
1590                        epoch_store,
1591                        consensus_handler_initializer,
1592                        sui_tx_validator,
1593                        Some(randomness_receiver_handle),
1594                    )
1595                    .await;
1596            }
1597        });
1598        let replay_waiter = consensus_manager.replay_waiter();
1599
1600        info!("Spawning checkpoint service");
1601        let replay_waiter = if std::env::var("DISABLE_REPLAY_WAITER").is_ok() {
1602            None
1603        } else {
1604            Some(replay_waiter)
1605        };
1606        checkpoint_service
1607            .spawn(epoch_store.clone(), replay_waiter)
1608            .await;
1609
1610        if node_role.is_validator() && epoch_store.authenticator_state_enabled() {
1611            Self::start_jwk_updater(
1612                config,
1613                sui_node_metrics,
1614                state.name,
1615                epoch_store.clone(),
1616                consensus_adapter.clone(),
1617            );
1618        }
1619
1620        if let Some(ctx) = &admission_queue {
1621            ctx.rotate_for_epoch(epoch_store);
1622        }
1623
1624        Ok(ValidatorComponents {
1625            validator_server_handle,
1626            validator_overload_monitor_handle,
1627            consensus_manager,
1628            consensus_store_pruner,
1629            consensus_adapter,
1630            checkpoint_metrics,
1631            sui_tx_validator_metrics,
1632            admission_queue,
1633        })
1634    }
1635
1636    fn build_checkpoint_service(
1637        config: &NodeConfig,
1638        consensus_adapter: Arc<ConsensusAdapter>,
1639        checkpoint_store: Arc<CheckpointStore>,
1640        epoch_store: Arc<AuthorityPerEpochStore>,
1641        state: Arc<AuthorityState>,
1642        state_sync_handle: state_sync::Handle,
1643        state_hasher: Weak<GlobalStateHasher>,
1644        checkpoint_metrics: Arc<CheckpointMetrics>,
1645        node_role: NodeRole,
1646    ) -> Arc<CheckpointService> {
1647        let epoch_start_timestamp_ms = epoch_store.epoch_start_state().epoch_start_timestamp_ms();
1648        let epoch_duration_ms = epoch_store.epoch_start_state().epoch_duration_ms();
1649
1650        debug!(
1651            "Starting checkpoint service with epoch start timestamp {}
1652            and epoch duration {}",
1653            epoch_start_timestamp_ms, epoch_duration_ms
1654        );
1655
1656        let checkpoint_output: Box<dyn CheckpointOutput> = if node_role.is_validator() {
1657            Box::new(SubmitCheckpointToConsensus::new(
1658                consensus_adapter,
1659                state.secret.clone(),
1660                config.protocol_public_key(),
1661                epoch_start_timestamp_ms
1662                    .checked_add(epoch_duration_ms)
1663                    .expect("Overflow calculating next_reconfiguration_timestamp_ms"),
1664                checkpoint_metrics.clone(),
1665            ))
1666        } else {
1667            Box::new(LogCheckpointOutput::new(checkpoint_metrics.clone()))
1668        };
1669
1670        let certified_checkpoint_output = SendCheckpointToStateSync::new(state_sync_handle);
1671
1672        CheckpointService::build(
1673            state.clone(),
1674            checkpoint_store,
1675            epoch_store,
1676            state.get_transaction_cache_reader().clone(),
1677            state_hasher,
1678            checkpoint_output,
1679            Box::new(certified_checkpoint_output),
1680            checkpoint_metrics,
1681        )
1682    }
1683
1684    fn construct_consensus_adapter(
1685        committee: &Committee,
1686        consensus_config: &ConsensusConfig,
1687        authority: AuthorityName,
1688        prometheus_registry: &Registry,
1689        consensus_client: Arc<dyn ConsensusClient>,
1690        checkpoint_store: Arc<CheckpointStore>,
1691        inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1692    ) -> ConsensusAdapter {
1693        let ca_metrics = ConsensusAdapterMetrics::new(prometheus_registry);
1694        // The consensus adapter allows the authority to send user certificates through consensus.
1695
1696        ConsensusAdapter::new(
1697            consensus_client,
1698            checkpoint_store,
1699            authority,
1700            consensus_config.max_pending_transactions(),
1701            consensus_config.max_pending_transactions() * 2 / committee.num_members(),
1702            ca_metrics,
1703            inflight_slot_freed_notify,
1704        )
1705    }
1706
1707    async fn start_grpc_validator_service(
1708        config: &NodeConfig,
1709        state: Arc<AuthorityState>,
1710        consensus_adapter: Arc<ConsensusAdapter>,
1711        epoch_store: Arc<AuthorityPerEpochStore>,
1712        prometheus_registry: &Registry,
1713        inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1714    ) -> Result<(SpawnOnce, Option<AdmissionQueueContext>)> {
1715        let overload_config = &config.authority_overload_config;
1716        let admission_queue = overload_config.admission_queue_enabled.then(|| {
1717            let manager = Arc::new(AdmissionQueueManager::new(
1718                consensus_adapter.clone(),
1719                Arc::new(AdmissionQueueMetrics::new(prometheus_registry)),
1720                overload_config.admission_queue_capacity_fraction,
1721                overload_config.admission_queue_failover_timeout,
1722                inflight_slot_freed_notify,
1723            ));
1724            AdmissionQueueContext::spawn(manager, epoch_store)
1725        });
1726        let validator_service = ValidatorService::new(
1727            state.clone(),
1728            consensus_adapter,
1729            Arc::new(ValidatorServiceMetrics::new(prometheus_registry)),
1730            config.policy_config.clone().map(|p| p.client_id_source),
1731            admission_queue.clone(),
1732        );
1733
1734        let mut server_conf = mysten_network::config::Config::new();
1735        server_conf.connect_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1736        server_conf.http2_keepalive_interval = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1737        server_conf.http2_keepalive_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1738        server_conf.global_concurrency_limit = config.grpc_concurrency_limit;
1739        server_conf.load_shed = config.grpc_load_shed;
1740        let mut server_builder =
1741            ServerBuilder::from_config(&server_conf, GrpcMetrics::new(prometheus_registry));
1742
1743        server_builder = server_builder.add_service(ValidatorServer::new(validator_service));
1744
1745        let tls_config = sui_tls::create_rustls_server_config(
1746            config.network_key_pair().copy().private(),
1747            SUI_TLS_SERVER_NAME.to_string(),
1748        );
1749
1750        let network_address = config.network_address().clone();
1751
1752        let (ready_tx, ready_rx) = oneshot::channel();
1753
1754        let spawn_once = SpawnOnce::new(ready_rx, async move {
1755            let server = server_builder
1756                .bind(&network_address, Some(tls_config))
1757                .await
1758                .unwrap_or_else(|err| panic!("Failed to bind to {network_address}: {err}"));
1759            let local_addr = server.local_addr();
1760            info!("Listening to traffic on {local_addr}");
1761            ready_tx.send(()).unwrap();
1762            if let Err(err) = server.serve().await {
1763                info!("Server stopped: {err}");
1764            }
1765            info!("Server stopped");
1766        });
1767        Ok((spawn_once, admission_queue))
1768    }
1769
1770    pub fn state(&self) -> Arc<AuthorityState> {
1771        self.state.clone()
1772    }
1773
1774    /// The embedded `sui-rpc-store` index backend, when the node is a
1775    /// fullnode with indexing enabled. Exposes the startup bootstrap
1776    /// decision and per-cohort watermarks for introspection (used by
1777    /// tests to observe restore/resume behavior across restarts without
1778    /// going through the RPC surface).
1779    pub fn embedded_rpc_store(&self) -> Option<&EmbeddedRpcStore> {
1780        self.embedded_rpc_store.as_ref()
1781    }
1782
1783    #[cfg(any(test, msim))]
1784    pub fn connection_monitor_handle_for_testing(
1785        &self,
1786    ) -> &mysten_network::anemo_connection_monitor::ConnectionMonitorHandle {
1787        &self._connection_monitor_handle
1788    }
1789
1790    #[cfg(any(test, msim))]
1791    pub fn address_prober_metrics_for_testing(
1792        &self,
1793    ) -> std::sync::Arc<address_prober::AddressProberMetrics> {
1794        self.address_prober
1795            .as_ref()
1796            .expect("address prober should be running in tests")
1797            .metrics_for_testing()
1798    }
1799
1800    pub fn node_role(&self) -> NodeRole {
1801        self.state.load_epoch_store_one_call_per_task().node_role()
1802    }
1803
1804    // Only used for testing because of how epoch store is loaded.
1805    pub fn reference_gas_price_for_testing(&self) -> Result<u64, anyhow::Error> {
1806        self.state.reference_gas_price_for_testing()
1807    }
1808
1809    pub fn clone_committee_store(&self) -> Arc<CommitteeStore> {
1810        self.state.committee_store().clone()
1811    }
1812
1813    pub fn clone_checkpoint_store(&self) -> Arc<CheckpointStore> {
1814        self.checkpoint_store.clone()
1815    }
1816
1817    pub fn clone_authority_store(&self) -> Arc<AuthorityStore> {
1818        self.state.authority_store()
1819    }
1820
1821    pub fn clone_consensus_store(
1822        &self,
1823    ) -> Option<Arc<consensus_core::storage::rocksdb_store::RocksDBStore>> {
1824        self.validator_components
1825            .try_lock()
1826            .ok()?
1827            .as_ref()?
1828            .consensus_manager
1829            .consensus_store()
1830    }
1831
1832    /// Clone an AuthorityAggregator currently used in this node, if the node is a fullnode.
1833    /// After reconfig, Transaction Driver builds a new AuthorityAggregator. The caller
1834    /// of this function will mostly likely want to call this again
1835    /// to get a fresh one.
1836    pub fn clone_authority_aggregator(
1837        &self,
1838    ) -> Option<Arc<AuthorityAggregator<NetworkAuthorityClient>>> {
1839        self.transaction_orchestrator
1840            .as_ref()
1841            .map(|to| to.clone_authority_aggregator())
1842    }
1843
1844    pub fn transaction_orchestrator(
1845        &self,
1846    ) -> Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>> {
1847        self.transaction_orchestrator.clone()
1848    }
1849
1850    /// This function awaits the completion of checkpoint execution of the current epoch,
1851    /// after which it initiates reconfiguration of the entire system.
1852    pub async fn monitor_reconfiguration(
1853        self: Arc<Self>,
1854        mut epoch_store: Arc<AuthorityPerEpochStore>,
1855    ) -> Result<()> {
1856        let checkpoint_executor_metrics =
1857            CheckpointExecutorMetrics::new(&self.registry_service.default_registry());
1858
1859        loop {
1860            let mut hasher_guard = self.global_state_hasher.lock().await;
1861            let hasher = hasher_guard.take().unwrap();
1862            info!(
1863                "Creating checkpoint executor for epoch {}",
1864                epoch_store.epoch()
1865            );
1866            let checkpoint_executor = CheckpointExecutor::new(
1867                epoch_store.clone(),
1868                self.checkpoint_store.clone(),
1869                self.state.clone(),
1870                hasher.clone(),
1871                self.backpressure_manager.clone(),
1872                self.config.checkpoint_executor_config.clone(),
1873                checkpoint_executor_metrics.clone(),
1874                self.subscription_service_checkpoint_sender.clone(),
1875            );
1876
1877            let run_with_range = self.config.run_with_range;
1878
1879            let cur_epoch_store = self.state.load_epoch_store_one_call_per_task();
1880
1881            // Update the current protocol version metric.
1882            self.metrics
1883                .current_protocol_version
1884                .set(cur_epoch_store.protocol_config().version.as_u64() as i64);
1885
1886            // Advertise capabilities to committee, if we are a validator.
1887            // FullNodes that state sync via consensus will also have validator components, by they are not supposed to submit any capabilities.
1888            if let Some(components) = &*self.validator_components.lock().await
1889                && cur_epoch_store.is_validator()
1890            {
1891                // TODO: without this sleep, the consensus message is not delivered reliably.
1892                tokio::time::sleep(Duration::from_millis(1)).await;
1893
1894                let config = cur_epoch_store.protocol_config();
1895                let mut supported_protocol_versions = self
1896                    .config
1897                    .supported_protocol_versions
1898                    .expect("Supported versions should be populated")
1899                    // no need to send digests of versions less than the current version
1900                    .truncate_below(config.version);
1901
1902                while supported_protocol_versions.max > config.version {
1903                    let proposed_protocol_config = ProtocolConfig::get_for_version(
1904                        supported_protocol_versions.max,
1905                        cur_epoch_store.get_chain(),
1906                    );
1907
1908                    if proposed_protocol_config.enable_accumulators()
1909                        && !epoch_store.accumulator_root_exists()
1910                    {
1911                        error!(
1912                            "cannot upgrade to protocol version {:?} because accumulator root does not exist",
1913                            supported_protocol_versions.max
1914                        );
1915                        supported_protocol_versions.max = supported_protocol_versions.max.prev();
1916                    } else {
1917                        break;
1918                    }
1919                }
1920
1921                let binary_config = config.binary_config(None);
1922                let transaction = ConsensusTransaction::new_capability_notification_v2(
1923                    AuthorityCapabilitiesV2::new(
1924                        self.state.name,
1925                        cur_epoch_store.get_chain_identifier().chain(),
1926                        supported_protocol_versions,
1927                        self.state
1928                            .get_available_system_packages(&binary_config)
1929                            .await,
1930                    ),
1931                );
1932                info!(?transaction, "submitting capabilities to consensus");
1933                components.consensus_adapter.submit(
1934                    transaction,
1935                    None,
1936                    &cur_epoch_store,
1937                    None,
1938                    None,
1939                )?;
1940            }
1941
1942            let stop_condition = checkpoint_executor.run_epoch(run_with_range).await;
1943
1944            if stop_condition == StopReason::RunWithRangeCondition {
1945                SuiNode::shutdown(&self).await;
1946                self.shutdown_channel_tx
1947                    .send(run_with_range)
1948                    .expect("RunWithRangeCondition met but failed to send shutdown message");
1949                return Ok(());
1950            }
1951
1952            // Safe to call because we are in the middle of reconfiguration.
1953            let latest_system_state = self
1954                .state
1955                .get_object_cache_reader()
1956                .get_sui_system_state_object_unsafe()
1957                .expect("Read Sui System State object cannot fail");
1958
1959            #[cfg(msim)]
1960            if !self
1961                .sim_state
1962                .sim_safe_mode_expected
1963                .load(Ordering::Relaxed)
1964            {
1965                debug_assert!(!latest_system_state.safe_mode());
1966            }
1967
1968            #[cfg(not(msim))]
1969            debug_assert!(!latest_system_state.safe_mode());
1970
1971            if let Err(err) = self.end_of_epoch_channel.send(latest_system_state.clone())
1972                && self.state.is_fullnode(&cur_epoch_store)
1973            {
1974                warn!(
1975                    "Failed to send end of epoch notification to subscriber: {:?}",
1976                    err
1977                );
1978            }
1979
1980            cur_epoch_store.record_is_safe_mode_metric(latest_system_state.safe_mode());
1981            let new_epoch_start_state = latest_system_state.into_epoch_start_state();
1982
1983            self.auth_agg.store(Arc::new(
1984                self.auth_agg
1985                    .load()
1986                    .recreate_with_new_epoch_start_state(&new_epoch_start_state),
1987            ));
1988
1989            let next_epoch_committee = new_epoch_start_state.get_sui_committee();
1990            let next_epoch = next_epoch_committee.epoch();
1991            assert_eq!(cur_epoch_store.epoch() + 1, next_epoch);
1992
1993            info!(
1994                next_epoch,
1995                "Finished executing all checkpoints in epoch. About to reconfigure the system."
1996            );
1997
1998            fail_point_async!("reconfig_delay");
1999
2000            cur_epoch_store.record_epoch_reconfig_start_time_metric();
2001
2002            update_peer_addresses(
2003                &self.config,
2004                &self.endpoint_manager,
2005                &new_epoch_start_state,
2006                Some(cur_epoch_store.epoch_start_state()),
2007            );
2008
2009            let mut validator_components_lock_guard = self.validator_components.lock().await;
2010
2011            // The following code handles 4 different cases, depending on whether the node
2012            // was a validator in the previous epoch, and whether the node is a validator
2013            // in the new epoch.
2014            let new_epoch_store = self
2015                .reconfigure_state(
2016                    &self.state,
2017                    &cur_epoch_store,
2018                    next_epoch_committee.clone(),
2019                    new_epoch_start_state,
2020                    hasher.clone(),
2021                )
2022                .await;
2023
2024            let new_role = new_epoch_store.node_role();
2025
2026            let new_validator_components = if let Some(ValidatorComponents {
2027                validator_server_handle,
2028                validator_overload_monitor_handle,
2029                consensus_manager,
2030                consensus_store_pruner,
2031                consensus_adapter,
2032                checkpoint_metrics,
2033                sui_tx_validator_metrics,
2034                admission_queue,
2035            }) = validator_components_lock_guard.take()
2036            {
2037                info!("Reconfiguring node (was running consensus).");
2038
2039                consensus_manager.shutdown().await;
2040                info!("Consensus has shut down.");
2041
2042                if let Some(handle) = &self.address_prober {
2043                    handle.leave_committee();
2044                }
2045
2046                info!("Epoch store finished reconfiguration.");
2047
2048                // No other components should be holding a strong reference to state hasher
2049                // at this point. Confirm here before we swap in the new hasher.
2050                let global_state_hasher_metrics = Arc::into_inner(hasher)
2051                    .expect("Object state hasher should have no other references at this point")
2052                    .metrics();
2053                let new_hasher = Arc::new(GlobalStateHasher::new(
2054                    self.state.get_global_state_hash_store().clone(),
2055                    global_state_hasher_metrics,
2056                ));
2057                let weak_hasher = Arc::downgrade(&new_hasher);
2058                *hasher_guard = Some(new_hasher);
2059
2060                consensus_store_pruner.prune(next_epoch).await;
2061
2062                if new_role.runs_consensus() {
2063                    info!("Restarting consensus as {new_role}");
2064                    let components = Self::start_epoch_specific_validator_components(
2065                        &self.config,
2066                        self.state.clone(),
2067                        consensus_adapter,
2068                        self.checkpoint_store.clone(),
2069                        new_epoch_store.clone(),
2070                        self.state_sync_handle.clone(),
2071                        self.randomness_handle.clone(),
2072                        self.randomness_receiver_handle.clone(),
2073                        consensus_manager,
2074                        consensus_store_pruner,
2075                        weak_hasher,
2076                        self.backpressure_manager.clone(),
2077                        validator_server_handle,
2078                        validator_overload_monitor_handle,
2079                        checkpoint_metrics,
2080                        self.metrics.clone(),
2081                        sui_tx_validator_metrics,
2082                        admission_queue,
2083                        new_role,
2084                    )
2085                    .await?;
2086                    self.update_address_prober_epoch(
2087                        &new_epoch_store,
2088                        &components.consensus_manager,
2089                    );
2090                    Some(components)
2091                } else {
2092                    info!(
2093                        "This node has new role {new_role} and no longer runs consensus after reconfiguration"
2094                    );
2095                    None
2096                }
2097            } else {
2098                // No other components should be holding a strong reference to state hasher
2099                // at this point. Confirm here before we swap in the new hasher.
2100                let global_state_hasher_metrics = Arc::into_inner(hasher)
2101                    .expect("Object state hasher should have no other references at this point")
2102                    .metrics();
2103                let new_hasher = Arc::new(GlobalStateHasher::new(
2104                    self.state.get_global_state_hash_store().clone(),
2105                    global_state_hasher_metrics,
2106                ));
2107                let weak_hasher = Arc::downgrade(&new_hasher);
2108                *hasher_guard = Some(new_hasher);
2109
2110                if new_role.runs_consensus() {
2111                    info!("Promoting node to {new_role}, starting consensus components");
2112
2113                    let mut components = Self::construct_validator_components(
2114                        self.config.clone(),
2115                        self.state.clone(),
2116                        Arc::new(next_epoch_committee.clone()),
2117                        new_epoch_store.clone(),
2118                        self.checkpoint_store.clone(),
2119                        self.state_sync_handle.clone(),
2120                        self.randomness_handle.clone(),
2121                        weak_hasher,
2122                        self.backpressure_manager.clone(),
2123                        &self.registry_service,
2124                        self.metrics.clone(),
2125                        self.checkpoint_metrics.clone(),
2126                        new_role,
2127                        self.randomness_receiver_handle.clone(),
2128                    )
2129                    .await?;
2130
2131                    if new_role.is_validator() {
2132                        components.validator_server_handle = Some(
2133                            components
2134                                .validator_server_handle
2135                                .take()
2136                                .unwrap()
2137                                .start()
2138                                .await,
2139                        );
2140
2141                        self.endpoint_manager
2142                            .set_consensus_address_updater(components.consensus_manager.clone());
2143                    }
2144
2145                    self.update_address_prober_epoch(
2146                        &new_epoch_store,
2147                        &components.consensus_manager,
2148                    );
2149                    Some(components)
2150                } else {
2151                    None
2152                }
2153            };
2154            *validator_components_lock_guard = new_validator_components;
2155
2156            // Force releasing current epoch store DB handle, because the
2157            // Arc<AuthorityPerEpochStore> may linger.
2158            cur_epoch_store.release_db_handles();
2159
2160            if cfg!(msim)
2161                && !matches!(
2162                    self.config
2163                        .authority_store_pruning_config
2164                        .num_epochs_to_retain_for_checkpoints(),
2165                    None | Some(u64::MAX) | Some(0)
2166                )
2167            {
2168                self.state
2169                    .prune_checkpoints_for_eligible_epochs_for_testing(
2170                        self.config.clone(),
2171                        sui_core::authority::authority_store_pruner::AuthorityStorePruningMetrics::new_for_test(),
2172                    )
2173                    .await?;
2174            }
2175
2176            epoch_store = new_epoch_store;
2177            info!("Reconfiguration finished");
2178        }
2179    }
2180
2181    async fn shutdown(&self) {
2182        if let Some(validator_components) = &*self.validator_components.lock().await {
2183            validator_components.consensus_manager.shutdown().await;
2184        }
2185    }
2186
2187    async fn reconfigure_state(
2188        &self,
2189        state: &Arc<AuthorityState>,
2190        cur_epoch_store: &AuthorityPerEpochStore,
2191        next_epoch_committee: Committee,
2192        next_epoch_start_system_state: EpochStartSystemState,
2193        global_state_hasher: Arc<GlobalStateHasher>,
2194    ) -> Arc<AuthorityPerEpochStore> {
2195        let next_epoch = next_epoch_committee.epoch();
2196
2197        let last_checkpoint = self
2198            .checkpoint_store
2199            .get_epoch_last_checkpoint(cur_epoch_store.epoch())
2200            .expect("Error loading last checkpoint for current epoch")
2201            .expect("Could not load last checkpoint for current epoch");
2202
2203        let last_checkpoint_seq = *last_checkpoint.sequence_number();
2204
2205        assert_eq!(
2206            Some(last_checkpoint_seq),
2207            self.checkpoint_store
2208                .get_highest_executed_checkpoint_seq_number()
2209                .expect("Error loading highest executed checkpoint sequence number")
2210        );
2211
2212        let epoch_start_configuration = EpochStartConfiguration::new(
2213            next_epoch_start_system_state,
2214            *last_checkpoint.digest(),
2215            state.get_object_store().as_ref(),
2216            EpochFlag::default_flags_for_new_epoch(&state.config),
2217        )
2218        .expect("EpochStartConfiguration construction cannot fail");
2219
2220        let new_epoch_store = self
2221            .state
2222            .reconfigure(
2223                cur_epoch_store,
2224                self.config.supported_protocol_versions.unwrap(),
2225                next_epoch_committee,
2226                epoch_start_configuration,
2227                global_state_hasher,
2228                &self.config.expensive_safety_check_config,
2229                last_checkpoint_seq,
2230            )
2231            .await
2232            .expect("Reconfigure authority state cannot fail");
2233        info!(next_epoch, "Node State has been reconfigured");
2234        assert_eq!(next_epoch, new_epoch_store.epoch());
2235        self.state.get_reconfig_api().update_epoch_flags_metrics(
2236            cur_epoch_store.epoch_start_config().flags(),
2237            new_epoch_store.epoch_start_config().flags(),
2238        );
2239
2240        new_epoch_store
2241    }
2242
2243    pub fn get_config(&self) -> &NodeConfig {
2244        &self.config
2245    }
2246
2247    pub fn randomness_handle(&self) -> randomness::Handle {
2248        self.randomness_handle.clone()
2249    }
2250
2251    pub fn state_sync_handle(&self) -> state_sync::Handle {
2252        self.state_sync_handle.clone()
2253    }
2254
2255    pub fn endpoint_manager(&self) -> &EndpointManager {
2256        &self.endpoint_manager
2257    }
2258
2259    pub async fn address_prober_report(&self) -> Option<address_prober::ProbeReport> {
2260        match &self.address_prober {
2261            Some(handle) => handle.probe_report().await,
2262            None => None,
2263        }
2264    }
2265
2266    /// Get a short prefix of a digest for metric labels
2267    fn get_digest_prefix(digest: impl std::fmt::Display) -> String {
2268        let digest_str = digest.to_string();
2269        if digest_str.len() >= 8 {
2270            digest_str[0..8].to_string()
2271        } else {
2272            digest_str
2273        }
2274    }
2275
2276    /// Check for previously detected forks and handle them appropriately.
2277    /// For validators with fork recovery config, clear the fork if it matches the recovery config.
2278    /// For all other cases, block node startup if a fork is detected.
2279    async fn check_and_recover_forks(
2280        checkpoint_store: &CheckpointStore,
2281        checkpoint_metrics: &CheckpointMetrics,
2282        fork_recovery: Option<&ForkRecoveryConfig>,
2283    ) -> Result<()> {
2284        // Try to recover from forks if recovery config is provided
2285        if let Some(recovery) = fork_recovery {
2286            Self::try_recover_checkpoint_fork(checkpoint_store, recovery)?;
2287            Self::try_recover_transaction_fork(checkpoint_store, recovery)?;
2288        }
2289
2290        if let Some((checkpoint_seq, checkpoint_digest)) = checkpoint_store
2291            .get_checkpoint_fork_detected()
2292            .map_err(|e| {
2293                error!("Failed to check for checkpoint fork: {:?}", e);
2294                e
2295            })?
2296        {
2297            Self::handle_checkpoint_fork(
2298                checkpoint_seq,
2299                checkpoint_digest,
2300                checkpoint_metrics,
2301                fork_recovery,
2302            )
2303            .await?;
2304        }
2305        if let Some((tx_digest, expected_effects, actual_effects)) = checkpoint_store
2306            .get_transaction_fork_detected()
2307            .map_err(|e| {
2308                error!("Failed to check for transaction fork: {:?}", e);
2309                e
2310            })?
2311        {
2312            Self::handle_transaction_fork(
2313                tx_digest,
2314                expected_effects,
2315                actual_effects,
2316                checkpoint_metrics,
2317                fork_recovery,
2318            )
2319            .await?;
2320        }
2321
2322        Ok(())
2323    }
2324
2325    fn try_recover_checkpoint_fork(
2326        checkpoint_store: &CheckpointStore,
2327        recovery: &ForkRecoveryConfig,
2328    ) -> Result<()> {
2329        // If configured overrides include a checkpoint whose locally computed digest mismatches,
2330        // clear locally computed checkpoints from that sequence (inclusive).
2331        for (seq, expected_digest_str) in &recovery.checkpoint_overrides {
2332            let Ok(expected_digest) = CheckpointDigest::from_str(expected_digest_str) else {
2333                anyhow::bail!(
2334                    "Invalid checkpoint digest override for seq {}: {}",
2335                    seq,
2336                    expected_digest_str
2337                );
2338            };
2339
2340            if let Some(local_summary) = checkpoint_store.get_locally_computed_checkpoint(*seq)? {
2341                let local_digest = sui_types::message_envelope::Message::digest(&local_summary);
2342                if local_digest != expected_digest {
2343                    info!(
2344                        seq,
2345                        local = %Self::get_digest_prefix(local_digest),
2346                        expected = %Self::get_digest_prefix(expected_digest),
2347                        "Fork recovery: clearing locally_computed_checkpoints from {} due to digest mismatch",
2348                        seq
2349                    );
2350                    checkpoint_store
2351                        .clear_locally_computed_checkpoints_from(*seq)
2352                        .context(
2353                            "Failed to clear locally computed checkpoints from override seq",
2354                        )?;
2355                }
2356            }
2357        }
2358
2359        if let Some((checkpoint_seq, checkpoint_digest)) =
2360            checkpoint_store.get_checkpoint_fork_detected()?
2361            && recovery.checkpoint_overrides.contains_key(&checkpoint_seq)
2362        {
2363            info!(
2364                "Fork recovery enabled: clearing checkpoint fork at seq {} with digest {:?}",
2365                checkpoint_seq, checkpoint_digest
2366            );
2367            checkpoint_store
2368                .clear_checkpoint_fork_detected()
2369                .expect("Failed to clear checkpoint fork detected marker");
2370        }
2371        Ok(())
2372    }
2373
2374    fn try_recover_transaction_fork(
2375        checkpoint_store: &CheckpointStore,
2376        recovery: &ForkRecoveryConfig,
2377    ) -> Result<()> {
2378        if recovery.transaction_overrides.is_empty() {
2379            return Ok(());
2380        }
2381
2382        if let Some((tx_digest, _, _)) = checkpoint_store.get_transaction_fork_detected()?
2383            && recovery
2384                .transaction_overrides
2385                .contains_key(&tx_digest.to_string())
2386        {
2387            info!(
2388                "Fork recovery enabled: clearing transaction fork for tx {:?}",
2389                tx_digest
2390            );
2391            checkpoint_store
2392                .clear_transaction_fork_detected()
2393                .expect("Failed to clear transaction fork detected marker");
2394        }
2395        Ok(())
2396    }
2397
2398    fn get_current_timestamp() -> u64 {
2399        std::time::SystemTime::now()
2400            .duration_since(std::time::SystemTime::UNIX_EPOCH)
2401            .unwrap()
2402            .as_secs()
2403    }
2404
2405    async fn handle_checkpoint_fork(
2406        checkpoint_seq: u64,
2407        checkpoint_digest: CheckpointDigest,
2408        checkpoint_metrics: &CheckpointMetrics,
2409        fork_recovery: Option<&ForkRecoveryConfig>,
2410    ) -> Result<()> {
2411        checkpoint_metrics
2412            .checkpoint_fork_crash_mode
2413            .with_label_values(&[
2414                &checkpoint_seq.to_string(),
2415                &Self::get_digest_prefix(checkpoint_digest),
2416                &Self::get_current_timestamp().to_string(),
2417            ])
2418            .set(1);
2419
2420        let behavior = fork_recovery
2421            .map(|fr| fr.fork_crash_behavior)
2422            .unwrap_or_default();
2423
2424        match behavior {
2425            ForkCrashBehavior::AwaitForkRecovery => {
2426                error!(
2427                    checkpoint_seq = checkpoint_seq,
2428                    checkpoint_digest = ?checkpoint_digest,
2429                    "Checkpoint fork detected! Node startup halted. Sleeping indefinitely."
2430                );
2431                futures::future::pending::<()>().await;
2432                unreachable!("pending() should never return");
2433            }
2434            ForkCrashBehavior::ReturnError => {
2435                error!(
2436                    checkpoint_seq = checkpoint_seq,
2437                    checkpoint_digest = ?checkpoint_digest,
2438                    "Checkpoint fork detected! Returning error."
2439                );
2440                Err(anyhow::anyhow!(
2441                    "Checkpoint fork detected! checkpoint_seq: {}, checkpoint_digest: {:?}",
2442                    checkpoint_seq,
2443                    checkpoint_digest
2444                ))
2445            }
2446        }
2447    }
2448
2449    async fn handle_transaction_fork(
2450        tx_digest: TransactionDigest,
2451        expected_effects_digest: TransactionEffectsDigest,
2452        actual_effects_digest: TransactionEffectsDigest,
2453        checkpoint_metrics: &CheckpointMetrics,
2454        fork_recovery: Option<&ForkRecoveryConfig>,
2455    ) -> Result<()> {
2456        checkpoint_metrics
2457            .transaction_fork_crash_mode
2458            .with_label_values(&[
2459                &Self::get_digest_prefix(tx_digest),
2460                &Self::get_digest_prefix(expected_effects_digest),
2461                &Self::get_digest_prefix(actual_effects_digest),
2462                &Self::get_current_timestamp().to_string(),
2463            ])
2464            .set(1);
2465
2466        let behavior = fork_recovery
2467            .map(|fr| fr.fork_crash_behavior)
2468            .unwrap_or_default();
2469
2470        match behavior {
2471            ForkCrashBehavior::AwaitForkRecovery => {
2472                error!(
2473                    tx_digest = ?tx_digest,
2474                    expected_effects_digest = ?expected_effects_digest,
2475                    actual_effects_digest = ?actual_effects_digest,
2476                    "Transaction fork detected! Node startup halted. Sleeping indefinitely."
2477                );
2478                futures::future::pending::<()>().await;
2479                unreachable!("pending() should never return");
2480            }
2481            ForkCrashBehavior::ReturnError => {
2482                error!(
2483                    tx_digest = ?tx_digest,
2484                    expected_effects_digest = ?expected_effects_digest,
2485                    actual_effects_digest = ?actual_effects_digest,
2486                    "Transaction fork detected! Returning error."
2487                );
2488                Err(anyhow::anyhow!(
2489                    "Transaction fork detected! tx_digest: {:?}, expected_effects: {:?}, actual_effects: {:?}",
2490                    tx_digest,
2491                    expected_effects_digest,
2492                    actual_effects_digest
2493                ))
2494            }
2495        }
2496    }
2497}
2498
2499#[cfg(not(msim))]
2500impl SuiNode {
2501    async fn fetch_jwks(
2502        _authority: AuthorityName,
2503        provider: &OIDCProvider,
2504    ) -> SuiResult<Vec<(JwkId, JWK)>> {
2505        use fastcrypto_zkp::bn254::zk_login::fetch_jwks;
2506        use sui_types::error::SuiErrorKind;
2507        let client = reqwest::Client::new();
2508        fetch_jwks(provider, &client, true)
2509            .await
2510            .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
2511    }
2512}
2513
2514#[cfg(msim)]
2515impl SuiNode {
2516    pub fn get_sim_node_id(&self) -> sui_simulator::task::NodeId {
2517        self.sim_state.sim_node.id()
2518    }
2519
2520    pub fn set_safe_mode_expected(&self, new_value: bool) {
2521        info!("Setting safe mode expected to {}", new_value);
2522        self.sim_state
2523            .sim_safe_mode_expected
2524            .store(new_value, Ordering::Relaxed);
2525    }
2526
2527    #[allow(unused_variables)]
2528    async fn fetch_jwks(
2529        authority: AuthorityName,
2530        provider: &OIDCProvider,
2531    ) -> SuiResult<Vec<(JwkId, JWK)>> {
2532        get_jwk_injector()(authority, provider)
2533    }
2534}
2535
2536enum SpawnOnce {
2537    // Mutex is only needed to make SpawnOnce Send
2538    Unstarted(oneshot::Receiver<()>, Mutex<BoxFuture<'static, ()>>),
2539    #[allow(unused)]
2540    Started(JoinHandle<()>),
2541}
2542
2543impl SpawnOnce {
2544    pub fn new(
2545        ready_rx: oneshot::Receiver<()>,
2546        future: impl Future<Output = ()> + Send + 'static,
2547    ) -> Self {
2548        Self::Unstarted(ready_rx, Mutex::new(Box::pin(future)))
2549    }
2550
2551    pub async fn start(self) -> Self {
2552        match self {
2553            Self::Unstarted(ready_rx, future) => {
2554                let future = future.into_inner();
2555                let handle = tokio::spawn(future);
2556                ready_rx.await.unwrap();
2557                Self::Started(handle)
2558            }
2559            Self::Started(_) => self,
2560        }
2561    }
2562}
2563
2564/// Updates trusted peer addresses in the p2p network (for nodes configured as validators).
2565/// When `prev_epoch_start_state` is provided, validators that are no longer in the committee
2566/// have their Chain addresses cleared.
2567fn update_peer_addresses(
2568    config: &NodeConfig,
2569    endpoint_manager: &EndpointManager,
2570    epoch_start_state: &EpochStartSystemState,
2571    prev_epoch_start_state: Option<&EpochStartSystemState>,
2572) {
2573    if config.consensus_config().is_none() {
2574        return;
2575    }
2576    let new_peers: HashSet<PeerId> = epoch_start_state
2577        .get_validator_as_p2p_peers(config.protocol_public_key())
2578        .into_iter()
2579        .map(|(peer_id, address)| {
2580            endpoint_manager
2581                .update_endpoint(
2582                    EndpointId::P2p(peer_id),
2583                    AddressSource::Chain,
2584                    vec![address],
2585                )
2586                .expect("Updating peer addresses should not fail");
2587            peer_id
2588        })
2589        .collect();
2590
2591    // Clear Chain addresses for validators that left the committee.
2592    if let Some(prev) = prev_epoch_start_state {
2593        for (peer_id, _) in prev.get_validator_as_p2p_peers(config.protocol_public_key()) {
2594            if !new_peers.contains(&peer_id) {
2595                endpoint_manager
2596                    .update_endpoint(EndpointId::P2p(peer_id), AddressSource::Chain, vec![])
2597                    .expect("Clearing peer addresses should not fail");
2598            }
2599        }
2600    }
2601}
2602
2603fn build_kv_store(
2604    state: &Arc<AuthorityState>,
2605    config: &NodeConfig,
2606    registry: &Registry,
2607) -> Result<Arc<TransactionKeyValueStore>> {
2608    let metrics = KeyValueStoreMetrics::new(registry);
2609    let db_store = TransactionKeyValueStore::new("rocksdb", metrics.clone(), state.clone());
2610
2611    let base_url = &config.transaction_kv_store_read_config.base_url;
2612
2613    if base_url.is_empty() {
2614        info!("no http kv store url provided, using local db only");
2615        return Ok(Arc::new(db_store));
2616    }
2617
2618    let base_url: url::Url = base_url.parse().tap_err(|e| {
2619        error!(
2620            "failed to parse config.transaction_kv_store_config.base_url ({:?}) as url: {}",
2621            base_url, e
2622        )
2623    })?;
2624
2625    let network_str = match state.get_chain_identifier().chain() {
2626        Chain::Mainnet => "/mainnet",
2627        _ => {
2628            info!("using local db only for kv store");
2629            return Ok(Arc::new(db_store));
2630        }
2631    };
2632
2633    let base_url = base_url.join(network_str)?.to_string();
2634    let http_store = HttpKVStore::new_kv(
2635        &base_url,
2636        config.transaction_kv_store_read_config.cache_size,
2637        metrics.clone(),
2638    )?;
2639    info!("using local key-value store with fallback to http key-value store");
2640    Ok(Arc::new(FallbackTransactionKVStore::new_kv(
2641        db_store,
2642        http_store,
2643        metrics,
2644        "json_rpc_fallback",
2645    )))
2646}
2647
2648async fn build_json_rpc_router(
2649    state: &Arc<AuthorityState>,
2650    transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2651    config: &NodeConfig,
2652    prometheus_registry: &Registry,
2653) -> Result<axum::Router> {
2654    let traffic_controller = state.traffic_controller.clone();
2655    let mut server = JsonRpcServerBuilder::new(
2656        env!("CARGO_PKG_VERSION"),
2657        prometheus_registry,
2658        traffic_controller,
2659        config.policy_config.clone(),
2660    );
2661
2662    let kv_store = build_kv_store(state, config, prometheus_registry)?;
2663
2664    let metrics = Arc::new(JsonRpcMetrics::new(prometheus_registry));
2665    server.register_module(ReadApi::new(
2666        state.clone(),
2667        kv_store.clone(),
2668        metrics.clone(),
2669    ))?;
2670    server.register_module(CoinReadApi::new(
2671        state.clone(),
2672        kv_store.clone(),
2673        metrics.clone(),
2674    ))?;
2675
2676    // if run_with_range is enabled we want to prevent any transactions
2677    // run_with_range = None is normal operating conditions
2678    if config.run_with_range.is_none() {
2679        server.register_module(TransactionBuilderApi::new(state.clone()))?;
2680    }
2681    server.register_module(GovernanceReadApi::new(state.clone(), metrics.clone()))?;
2682    server.register_module(BridgeReadApi::new(state.clone(), metrics.clone()))?;
2683
2684    if let Some(transaction_orchestrator) = transaction_orchestrator {
2685        server.register_module(TransactionExecutionApi::new(
2686            state.clone(),
2687            transaction_orchestrator.clone(),
2688            metrics.clone(),
2689        ))?;
2690    }
2691
2692    let name_service_config = if let (
2693        Some(package_address),
2694        Some(registry_id),
2695        Some(reverse_registry_id),
2696    ) = (
2697        config.name_service_package_address,
2698        config.name_service_registry_id,
2699        config.name_service_reverse_registry_id,
2700    ) {
2701        sui_name_service::NameServiceConfig::new(package_address, registry_id, reverse_registry_id)
2702    } else {
2703        match state.get_chain_identifier().chain() {
2704            Chain::Mainnet => sui_name_service::NameServiceConfig::mainnet(),
2705            Chain::Testnet => sui_name_service::NameServiceConfig::testnet(),
2706            Chain::Unknown => sui_name_service::NameServiceConfig::default(),
2707        }
2708    };
2709
2710    server.register_module(IndexerApi::new(
2711        state.clone(),
2712        ReadApi::new(state.clone(), kv_store.clone(), metrics.clone()),
2713        kv_store,
2714        name_service_config,
2715        metrics,
2716        config.indexer_max_subscriptions,
2717    ))?;
2718    server.register_module(MoveUtils::new(state.clone()))?;
2719
2720    let server_type = config.jsonrpc_server_type();
2721
2722    Ok(server.to_router(server_type).await?)
2723}
2724
2725/// Remove the on-disk directory of the legacy `rpc-index` backend.
2726///
2727/// The embedded `sui-rpc-store` replaced the `RpcIndexStore` backend, which
2728/// wrote to `<db_path>/rpc-index`; that data is now dead. Remove it on startup
2729/// so a node upgraded from an older version does not leave it lingering and
2730/// wasting disk. Best-effort: a node that never ran the legacy backend has
2731/// nothing to remove, and a failure to remove stale data must not block
2732/// startup.
2733fn remove_legacy_rpc_index_store(db_path: &Path) {
2734    let legacy_dir = db_path.join("rpc-index");
2735    match std::fs::remove_dir_all(&legacy_dir) {
2736        Ok(()) => info!(
2737            "removed legacy rpc-index directory {}",
2738            legacy_dir.display()
2739        ),
2740        // The common case: the node never ran the legacy backend, or it was
2741        // already cleaned up on a prior startup.
2742        Err(e) if e.kind() == std::io::ErrorKind::NotFound => {}
2743        Err(e) => warn!(
2744            "failed to remove legacy rpc-index directory {}: {e:?}",
2745            legacy_dir.display()
2746        ),
2747    }
2748}
2749
2750async fn build_http_servers(
2751    state: Arc<AuthorityState>,
2752    store: RocksDbStore,
2753    transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2754    config: &NodeConfig,
2755    prometheus_registry: &Registry,
2756    server_version: ServerVersion,
2757    node_role: NodeRole,
2758    embedded_rpc_store: Option<&EmbeddedRpcStore>,
2759) -> Result<(
2760    HttpServers,
2761    Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
2762)> {
2763    // Validators do not expose these APIs
2764    if !node_role.is_fullnode() {
2765        return Ok((HttpServers::default(), None));
2766    }
2767
2768    info!("starting rpc service with config: {:?}", config.rpc);
2769
2770    let mut router = axum::Router::new();
2771
2772    // The JSON-RPC service can be disabled independently of the gRPC/REST
2773    // service and of JSON-RPC indexing, so that a node can keep indexing
2774    // without exposing the JSON-RPC endpoints.
2775    if config.json_rpc_enabled() {
2776        router = router.merge(
2777            build_json_rpc_router(
2778                &state,
2779                transaction_orchestrator,
2780                config,
2781                prometheus_registry,
2782            )
2783            .await?,
2784        );
2785    } else {
2786        info!("json-rpc service is disabled");
2787    }
2788
2789    // When the embedded rpc-store is active, gate checkpoint delivery on the
2790    // index so a client that waits for a checkpoint can immediately read its
2791    // indexed state (matching the legacy synchronously-committed index).
2792    let indexed_checkpoint = embedded_rpc_store.map(|embedded| embedded.indexed_checkpoint_fn());
2793    let subscription_watermark_interval = config
2794        .rpc
2795        .as_ref()
2796        .and_then(|rpc| rpc.subscription_watermark_interval);
2797    let subscription_shards = config.rpc.as_ref().and_then(|rpc| rpc.subscription_shards);
2798    let (subscription_service_checkpoint_sender, subscription_service_handle) =
2799        SubscriptionService::build(
2800            prometheus_registry,
2801            indexed_checkpoint,
2802            subscription_watermark_interval,
2803            subscription_shards,
2804        );
2805    let rpc_router = {
2806        // Serve the index read paths from the embedded rpc-store when it
2807        // is enabled. Raw chain data comes from the perpetual / checkpoint
2808        // stores either way.
2809        let reader: Arc<dyn RpcStateReader> = match embedded_rpc_store {
2810            Some(embedded) => Arc::new(RpcStoreReadStore::new(
2811                state.clone(),
2812                store,
2813                embedded.reader(),
2814            )),
2815            None => Arc::new(RestReadStore::new(state.clone(), store)),
2816        };
2817        let mut rpc_service = sui_rpc_api::RpcService::new(reader);
2818        rpc_service.with_server_version(server_version);
2819
2820        if let Some(config) = config.rpc.clone() {
2821            config.validate()?;
2822            rpc_service.with_config(config);
2823        }
2824
2825        rpc_service.with_metrics(RpcMetrics::new(prometheus_registry));
2826        rpc_service.with_subscription_service(subscription_service_handle);
2827
2828        if let Some(transaction_orchestrator) = transaction_orchestrator {
2829            rpc_service.with_executor(transaction_orchestrator.clone())
2830        }
2831
2832        rpc_service.into_router().await
2833    };
2834
2835    let layers = ServiceBuilder::new()
2836        .map_request(|mut request: axum::http::Request<_>| {
2837            if let Some(connect_info) = request.extensions().get::<sui_http::ConnectInfo>() {
2838                let axum_connect_info = axum::extract::ConnectInfo(connect_info.remote_addr);
2839                request.extensions_mut().insert(axum_connect_info);
2840            }
2841            request
2842        })
2843        .layer(axum::middleware::from_fn(server_timing_middleware))
2844        // Setup a permissive CORS policy
2845        .layer(
2846            tower_http::cors::CorsLayer::new()
2847                .allow_methods([http::Method::GET, http::Method::POST])
2848                .allow_origin(tower_http::cors::Any)
2849                .allow_headers(tower_http::cors::Any)
2850                .expose_headers(tower_http::cors::Any),
2851        );
2852
2853    router = router.merge(rpc_router).layer(layers);
2854
2855    let https = if let Some((tls_config, https_address)) = config
2856        .rpc()
2857        .and_then(|config| config.tls_config().map(|tls| (tls, config.https_address())))
2858    {
2859        let tls_server_config = https_rustls_config(tls_config.cert(), tls_config.key())?;
2860        let https = sui_http::Builder::new()
2861            .tls_config(tls_server_config)
2862            .serve(https_address, router.clone())
2863            .map_err(|e| anyhow::anyhow!(e))?;
2864
2865        info!(
2866            https_address =? https.local_addr(),
2867            "HTTPS rpc server listening on {}",
2868            https.local_addr()
2869        );
2870
2871        Some(https)
2872    } else {
2873        None
2874    };
2875
2876    let http = sui_http::Builder::new()
2877        .serve(&config.json_rpc_address, router)
2878        .map_err(|e| anyhow::anyhow!(e))?;
2879
2880    info!(
2881        http_address =? http.local_addr(),
2882        "HTTP rpc server listening on {}",
2883        http.local_addr()
2884    );
2885
2886    Ok((
2887        HttpServers {
2888            http: Some(http),
2889            https,
2890        },
2891        Some(subscription_service_checkpoint_sender),
2892    ))
2893}
2894
2895/// Builds the HTTPS RPC server's rustls config from PEM files, pinning the
2896/// ring crypto provider.
2897///
2898/// `sui_http::Builder::tls_single_cert` resolves the provider from rustls
2899/// crate features and panics at runtime when more than one provider feature is
2900/// enabled in the final binary (e.g. `aws-lc-rs` is pulled in through
2901/// `aws-config` in the `sui` CLI), so the provider is pinned explicitly here
2902/// instead.
2903fn https_rustls_config(cert: &str, key: &str) -> Result<sui_http::rustls::ServerConfig> {
2904    use sui_http::rustls;
2905    use sui_http::rustls::pki_types::pem::PemObject;
2906
2907    let certs = rustls::pki_types::CertificateDer::pem_file_iter(cert)
2908        .with_context(|| format!("failed to read TLS certificate chain from {cert}"))?
2909        .collect::<Result<Vec<_>, _>>()
2910        .with_context(|| format!("failed to parse TLS certificate chain from {cert}"))?;
2911    let private_key = rustls::pki_types::PrivateKeyDer::from_pem_file(key)
2912        .with_context(|| format!("failed to read TLS private key from {key}"))?;
2913    let config = rustls::ServerConfig::builder_with_provider(Arc::new(
2914        rustls::crypto::ring::default_provider(),
2915    ))
2916    .with_protocol_versions(rustls::DEFAULT_VERSIONS)?
2917    .with_no_client_auth()
2918    .with_single_cert(certs, private_key)?;
2919    Ok(config)
2920}
2921
2922#[derive(Default)]
2923struct HttpServers {
2924    #[allow(unused)]
2925    http: Option<sui_http::ServerHandle>,
2926    #[allow(unused)]
2927    https: Option<sui_http::ServerHandle>,
2928}
2929
2930#[cfg(test)]
2931mod tests {
2932    use super::*;
2933    use prometheus::Registry;
2934    use std::collections::BTreeMap;
2935    use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
2936    use sui_core::checkpoints::{CheckpointMetrics, CheckpointStore};
2937    use sui_types::digests::{CheckpointDigest, TransactionDigest, TransactionEffectsDigest};
2938
2939    // A present legacy `rpc-index` directory is removed, while its siblings
2940    // (notably the still-used jsonrpc `indexes` store) are left untouched, and a
2941    // missing directory is a no-op.
2942    #[test]
2943    fn removes_only_the_legacy_rpc_index_directory() {
2944        let db = tempfile::tempdir().unwrap();
2945        let legacy = db.path().join("rpc-index");
2946        let sibling = db.path().join("indexes");
2947        std::fs::create_dir(&legacy).unwrap();
2948        std::fs::create_dir(&sibling).unwrap();
2949        std::fs::write(legacy.join("CURRENT"), b"stale").unwrap();
2950
2951        remove_legacy_rpc_index_store(db.path());
2952        assert!(
2953            !legacy.exists(),
2954            "legacy rpc-index directory should be gone"
2955        );
2956        assert!(sibling.exists(), "sibling stores must be left untouched");
2957
2958        // Idempotent: a second run (nothing to remove) does not error or touch
2959        // the siblings.
2960        remove_legacy_rpc_index_store(db.path());
2961        assert!(!legacy.exists());
2962        assert!(sibling.exists());
2963    }
2964
2965    #[tokio::test]
2966    async fn test_fork_error_and_recovery_both_paths() {
2967        let checkpoint_store = CheckpointStore::new_for_tests();
2968        let checkpoint_metrics = CheckpointMetrics::new(&Registry::new());
2969
2970        // ---------- Checkpoint fork path ----------
2971        let seq_num = 42;
2972        let digest = CheckpointDigest::random();
2973        checkpoint_store
2974            .record_checkpoint_fork_detected(seq_num, digest)
2975            .unwrap();
2976
2977        let fork_recovery = ForkRecoveryConfig {
2978            transaction_overrides: Default::default(),
2979            checkpoint_overrides: Default::default(),
2980            fork_crash_behavior: ForkCrashBehavior::ReturnError,
2981        };
2982
2983        let r = SuiNode::check_and_recover_forks(
2984            &checkpoint_store,
2985            &checkpoint_metrics,
2986            Some(&fork_recovery),
2987        )
2988        .await;
2989        assert!(r.is_err());
2990        assert!(
2991            r.unwrap_err()
2992                .to_string()
2993                .contains("Checkpoint fork detected")
2994        );
2995
2996        let mut checkpoint_overrides = BTreeMap::new();
2997        checkpoint_overrides.insert(seq_num, digest.to_string());
2998        let fork_recovery_with_override = ForkRecoveryConfig {
2999            transaction_overrides: Default::default(),
3000            checkpoint_overrides,
3001            fork_crash_behavior: ForkCrashBehavior::ReturnError,
3002        };
3003        let r = SuiNode::check_and_recover_forks(
3004            &checkpoint_store,
3005            &checkpoint_metrics,
3006            Some(&fork_recovery_with_override),
3007        )
3008        .await;
3009        assert!(r.is_ok());
3010        assert!(
3011            checkpoint_store
3012                .get_checkpoint_fork_detected()
3013                .unwrap()
3014                .is_none()
3015        );
3016
3017        // ---------- Transaction fork path ----------
3018        let tx_digest = TransactionDigest::random();
3019        let expected_effects = TransactionEffectsDigest::random();
3020        let actual_effects = TransactionEffectsDigest::random();
3021        checkpoint_store
3022            .record_transaction_fork_detected(tx_digest, expected_effects, actual_effects)
3023            .unwrap();
3024
3025        let fork_recovery = ForkRecoveryConfig {
3026            transaction_overrides: Default::default(),
3027            checkpoint_overrides: Default::default(),
3028            fork_crash_behavior: ForkCrashBehavior::ReturnError,
3029        };
3030        let r = SuiNode::check_and_recover_forks(
3031            &checkpoint_store,
3032            &checkpoint_metrics,
3033            Some(&fork_recovery),
3034        )
3035        .await;
3036        assert!(r.is_err());
3037        assert!(
3038            r.unwrap_err()
3039                .to_string()
3040                .contains("Transaction fork detected")
3041        );
3042
3043        let mut transaction_overrides = BTreeMap::new();
3044        transaction_overrides.insert(tx_digest.to_string(), actual_effects.to_string());
3045        let fork_recovery_with_override = ForkRecoveryConfig {
3046            transaction_overrides,
3047            checkpoint_overrides: Default::default(),
3048            fork_crash_behavior: ForkCrashBehavior::ReturnError,
3049        };
3050        let r = SuiNode::check_and_recover_forks(
3051            &checkpoint_store,
3052            &checkpoint_metrics,
3053            Some(&fork_recovery_with_override),
3054        )
3055        .await;
3056        assert!(r.is_ok());
3057        assert!(
3058            checkpoint_store
3059                .get_transaction_fork_detected()
3060                .unwrap()
3061                .is_none()
3062        );
3063    }
3064}