Skip to content

Add a trustEnclaves and requireBFTQuorum toml settings for use in confidential relay.#22921

Merged
vreff merged 13 commits into
developfrom
trust-enclaves
Jun 30, 2026
Merged

Add a trustEnclaves and requireBFTQuorum toml settings for use in confidential relay.#22921
vreff merged 13 commits into
developfrom
trust-enclaves

Conversation

@vreff

@vreff vreff commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Add the following toml configs for confidential relay:

  • trustEnclaves: enables passthrough checking of attestations which enables nitro testing E2E without full enclaves launched. Passthrough PR in chainlink-common: Add passthrough validator for confidential relay chainlink-common#2204, emits a metric we can alert on if it is ever enabled in production.
  • requireBFTQuorum: configurable to enforce stricter signature quorums, meant to add flexible configuration in case we change settings on the enclave side.

@github-actions

Copy link
Copy Markdown
Contributor

I see you updated files related to core. Please run make gocs in the root directory to add a changeset as well as in the text include at least one of the following tags:

  • #added For any new functionality added.
  • #breaking_change For any functionality that requires manual action for the node to boot.
  • #bugfix For bug fixes.
  • #changed For any change to the existing functionality.
  • #db_update For any feature that introduces updates to database schema.
  • #deprecation_notice For any upcoming deprecation functionality.
  • #internal For changesets that need to be excluded from the final changelog.
  • #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
  • #removed For any functionality/config that is removed.
  • #updated For any functionality that is updated.
  • #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

@github-actions

Copy link
Copy Markdown
Contributor

✅ No conflicts with other open PRs targeting develop

@trunk-io

trunk-io Bot commented Jun 23, 2026

Copy link
Copy Markdown

Static BadgeStatic BadgeStatic BadgeStatic Badge

Failed Test Failure Summary Logs
Test_workflowRegisteredHandler/skips_fetch_if_secrets_url_is_missing The test failed due to a database connection timeout and inability to find the required workflow trigger capability. Logs ↗︎
Test_workflowRegisteredHandler/skips_fetch_if_secrets_url_is_missing The test failed due to a database connection timeout caused by an idle transaction. Logs ↗︎
Test_workflowRegisteredHandler/skips_fetch_if_secrets_url_is_missing The test failed due to a database connection timeout caused by an idle-in-transaction error. Logs ↗︎
TestIntegration_LLO_blue_green_lifecycle/Blue/Green_lifecycle_(using_JSON_report_format) The test failed without a specific error message, indicating an unspecified failure during the test execution. Logs ↗︎

... and 38 more

Flaky Test Failure Summary Logs
Test_workflowRegisteredHandler/skips_fetching_if_same_DB_entry_exists The test failed due to a database connection timeout and inability to find the required trigger capability. Logs ↗︎

View Full Report ↗︎Docs

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

CORA - Pending Reviewers

All codeowners have approved! ✅

Legend: ✅ Approved | ❌ Changes Requested | 💬 Commented | 🚫 Dismissed | ⏳ Pending | ❓ Unknown

For more details, see the full review summary.

@vreff vreff marked this pull request as ready for review June 24, 2026 03:58
@vreff vreff requested review from a team as code owners June 24, 2026 03:58

@nadahalli nadahalli left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have always strived to not add "test parameters" to signatures, but I guess in this case, this is the best way of doing it.

@vreff

vreff commented Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

I have always strived to not add "test parameters" to signatures, but I guess in this case, this is the best way of doing it.

Yeah, not sure there's a better solution here. LMK if you think of one.

@cfal

cfal commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

I have always strived to not add "test parameters" to signatures, but I guess in this case, this is the best way of doing it.

Yeah, not sure there's a better solution here. LMK if you think of one.

i wonder if it makes sense to add some NitroValidator interface which we can store in Handler, where the real impl calls nitro.ValidateAttestation/nitro.ValidateAttestationWithRoots, and a relaxed version used for tests can do something else. then it would be handled at instantiation. perhaps not much cleaner?

@vreff

vreff commented Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

i wonder if it makes sense to add some NitroValidator interface which we can store in Handler, where the real impl calls nitro.ValidateAttestation/nitro.ValidateAttestationWithRoots, and a relaxed version used for tests can do something else. then it would be handled at instantiation. perhaps not much cleaner?

Right. It would only be spawned by a toml configuration still, but maybe I can re-arrange this to be a handler that gets passed in rather than a bool.

@vreff

vreff commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

@cfal LMK if this looks good: smartcontractkit/chainlink-common#2204. If so, will make the refactor using this component.

@vreff vreff requested a review from a team as a code owner June 29, 2026 20:14
@vreff vreff changed the title Add a 'trustEnclaves' setting to confidential relay for testing Add a trustEnclaves and requireBFTQuorum toml settings for use in confidential relay. Jun 29, 2026
Restores the confidential-http plugin block accidentally removed in
61ed5ed. Also propagates the RequireBFTQuorum config to the system-tests
E2E helper and the node-validate/config testscript fixtures.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@cl-sonarqube-production

Copy link
Copy Markdown

@vreff vreff enabled auto-merge June 29, 2026 22:35
@vreff vreff added this pull request to the merge queue Jun 30, 2026
Merged via the queue into develop with commit 556ab9c Jun 30, 2026
474 of 482 checks passed
@vreff vreff deleted the trust-enclaves branch June 30, 2026 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants