Skip to content

cresettings: add Confidential Compute node and per-owner limits#2208

Merged
russell-stern merged 1 commit into
mainfrom
priv-504-cw-limits-a-c
Jun 30, 2026
Merged

cresettings: add Confidential Compute node and per-owner limits#2208
russell-stern merged 1 commit into
mainfrom
priv-504-cw-limits-a-c

Conversation

@prashantkumar1982

@prashantkumar1982 prashantkumar1982 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds Confidential Compute (San Marino framework) settings to cresettings so the executor's rate-limit / retry / secrets-cache configuration can be driven by the CRE limits framework instead of the job spec.

New settings:

  • ConfidentialCompute.GlobalRate (config.Rate, global scope) — node-global request rate; was GlobalRPS / GlobalBurst
  • ConfidentialCompute.MaxRetries (int) — was MaxRetries
  • ConfidentialCompute.RetryBackoff (time.Duration) — was RetryBackoffSeconds
  • ConfidentialCompute.SecretsCacheEnabled (bool) — was EnableSecretsCache
  • PerOwner.ConfidentialCompute.Rate (config.Rate, owner scope) — per-workflow-owner rate; was WorkflowOwnerRPS / WorkflowOwnerBurst

Defaults exactly mirror the previous hardcoded executor defaults (1000rps:1000, retries 3, backoff 2s, cache false), so behavior is unchanged until a deployment explicitly overrides them. Regenerated defaults.json / defaults.toml golden files and updated the README.md flowchart with a Confidential Compute subgraph.

Context (PRIV-504)

First of two PRs migrating Confidential Compute config off the job spec into the limits framework. The consuming change lives in the confidential-compute repo (the RealExecutor) and depends on this being released and version-bumped there. Migration is staged so nothing changes on deploy: limits become the source of truth, the existing job-spec fields remain as transitional overrides, deployments then move their tuned values into scoped settings overrides, and finally the job-spec fields are removed.

These settings are node-local (rate / retry / cache) and never feed the hashed enclave request, so they carry no DON-to-DON determinism risk.

@prashantkumar1982 prashantkumar1982 changed the title New limits cresettings: add Confidential Compute node and per-owner limits Jun 30, 2026
@github-actions

Copy link
Copy Markdown
Contributor

✅ API Diff Results - github.com/smartcontractkit/chainlink-common

✅ Compatible Changes (2)

pkg/settings/cresettings.Owners (1)
  • ConfidentialCompute — ➕ Added
pkg/settings/cresettings.Schema (1)
  • ConfidentialCompute — ➕ Added

📄 View full apidiff report

@prashantkumar1982 prashantkumar1982 marked this pull request as ready for review June 30, 2026 07:18
@prashantkumar1982 prashantkumar1982 requested a review from a team as a code owner June 30, 2026 07:18
@russell-stern russell-stern added this pull request to the merge queue Jun 30, 2026
Merged via the queue into main with commit ba00d28 Jun 30, 2026
33 checks passed
@russell-stern russell-stern deleted the priv-504-cw-limits-a-c branch June 30, 2026 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants