Jun 03, 11-12 PM (76)
Jun 03, 12-1 PM (93)
Jun 03, 1-2 PM (28)
Jun 03, 2-3 PM (62)
Jun 03, 3-4 PM (26)
Jun 03, 4-5 PM (24)
Jun 03, 5-6 PM (23)
Jun 03, 6-7 PM (15)
Jun 03, 7-8 PM (17)
Jun 03, 8-9 PM (19)
Jun 03, 9-10 PM (9)
Jun 03, 10-11 PM (31)
Jun 03, 11-12 AM (14)
Jun 04, 12-1 AM (12)
Jun 04, 1-2 AM (4)
Jun 04, 2-3 AM (1)
Jun 04, 3-4 AM (5)
Jun 04, 4-5 AM (1)
Jun 04, 5-6 AM (0)
Jun 04, 6-7 AM (14)
Jun 04, 7-8 AM (10)
Jun 04, 8-9 AM (11)
Jun 04, 9-10 AM (19)
Jun 04, 10-11 AM (11)
Jun 04, 11-12 PM (14)
Jun 04, 12-1 PM (53)
Jun 04, 1-2 PM (39)
Jun 04, 2-3 PM (60)
Jun 04, 3-4 PM (12)
Jun 04, 4-5 PM (4)
Jun 04, 5-6 PM (7)
Jun 04, 6-7 PM (46)
Jun 04, 7-8 PM (27)
Jun 04, 8-9 PM (4)
Jun 04, 9-10 PM (2)
Jun 04, 10-11 PM (24)
Jun 04, 11-12 AM (7)
Jun 05, 12-1 AM (6)
Jun 05, 1-2 AM (8)
Jun 05, 2-3 AM (1)
Jun 05, 3-4 AM (1)
Jun 05, 4-5 AM (1)
Jun 05, 5-6 AM (5)
Jun 05, 6-7 AM (9)
Jun 05, 7-8 AM (12)
Jun 05, 8-9 AM (8)
Jun 05, 9-10 AM (11)
Jun 05, 10-11 AM (12)
Jun 05, 11-12 PM (8)
Jun 05, 12-1 PM (52)
Jun 05, 1-2 PM (61)
Jun 05, 2-3 PM (26)
Jun 05, 3-4 PM (24)
Jun 05, 4-5 PM (17)
Jun 05, 5-6 PM (7)
Jun 05, 6-7 PM (14)
Jun 05, 7-8 PM (12)
Jun 05, 8-9 PM (6)
Jun 05, 9-10 PM (2)
Jun 05, 10-11 PM (20)
Jun 05, 11-12 AM (9)
Jun 06, 12-1 AM (6)
Jun 06, 1-2 AM (0)
Jun 06, 2-3 AM (3)
Jun 06, 3-4 AM (4)
Jun 06, 4-5 AM (0)
Jun 06, 5-6 AM (24)
Jun 06, 6-7 AM (1)
Jun 06, 7-8 AM (2)
Jun 06, 8-9 AM (3)
Jun 06, 9-10 AM (0)
Jun 06, 10-11 AM (3)
Jun 06, 11-12 PM (6)
Jun 06, 12-1 PM (2)
Jun 06, 1-2 PM (2)
Jun 06, 2-3 PM (2)
Jun 06, 3-4 PM (18)
Jun 06, 4-5 PM (1)
Jun 06, 5-6 PM (6)
Jun 06, 6-7 PM (0)
Jun 06, 7-8 PM (6)
Jun 06, 8-9 PM (0)
Jun 06, 9-10 PM (1)
Jun 06, 10-11 PM (27)
Jun 06, 11-12 AM (9)
Jun 07, 12-1 AM (14)
Jun 07, 1-2 AM (2)
Jun 07, 2-3 AM (0)
Jun 07, 3-4 AM (0)
Jun 07, 4-5 AM (1)
Jun 07, 5-6 AM (1)
Jun 07, 6-7 AM (3)
Jun 07, 7-8 AM (0)
Jun 07, 8-9 AM (0)
Jun 07, 9-10 AM (1)
Jun 07, 10-11 AM (2)
Jun 07, 11-12 PM (2)
Jun 07, 12-1 PM (5)
Jun 07, 1-2 PM (35)
Jun 07, 2-3 PM (2)
Jun 07, 3-4 PM (4)
Jun 07, 4-5 PM (2)
Jun 07, 5-6 PM (4)
Jun 07, 6-7 PM (0)
Jun 07, 7-8 PM (0)
Jun 07, 8-9 PM (17)
Jun 07, 9-10 PM (1)
Jun 07, 10-11 PM (21)
Jun 07, 11-12 AM (9)
Jun 08, 12-1 AM (9)
Jun 08, 1-2 AM (5)
Jun 08, 2-3 AM (3)
Jun 08, 3-4 AM (4)
Jun 08, 4-5 AM (2)
Jun 08, 5-6 AM (9)
Jun 08, 6-7 AM (5)
Jun 08, 7-8 AM (25)
Jun 08, 8-9 AM (36)
Jun 08, 9-10 AM (40)
Jun 08, 10-11 AM (24)
Jun 08, 11-12 PM (22)
Jun 08, 12-1 PM (40)
Jun 08, 1-2 PM (48)
Jun 08, 2-3 PM (33)
Jun 08, 3-4 PM (27)
Jun 08, 4-5 PM (12)
Jun 08, 5-6 PM (23)
Jun 08, 6-7 PM (14)
Jun 08, 7-8 PM (3)
Jun 08, 8-9 PM (6)
Jun 08, 9-10 PM (19)
Jun 08, 10-11 PM (29)
Jun 08, 11-12 AM (8)
Jun 09, 12-1 AM (5)
Jun 09, 1-2 AM (3)
Jun 09, 2-3 AM (1)
Jun 09, 3-4 AM (3)
Jun 09, 4-5 AM (26)
Jun 09, 5-6 AM (5)
Jun 09, 6-7 AM (23)
Jun 09, 7-8 AM (50)
Jun 09, 8-9 AM (35)
Jun 09, 9-10 AM (45)
Jun 09, 10-11 AM (51)
Jun 09, 11-12 PM (46)
Jun 09, 12-1 PM (86)
Jun 09, 1-2 PM (67)
Jun 09, 2-3 PM (36)
Jun 09, 3-4 PM (38)
Jun 09, 4-5 PM (16)
Jun 09, 5-6 PM (17)
Jun 09, 6-7 PM (18)
Jun 09, 7-8 PM (19)
Jun 09, 8-9 PM (16)
Jun 09, 9-10 PM (16)
Jun 09, 10-11 PM (28)
Jun 09, 11-12 AM (10)
Jun 10, 12-1 AM (11)
Jun 10, 1-2 AM (16)
Jun 10, 2-3 AM (11)
Jun 10, 3-4 AM (7)
Jun 10, 4-5 AM (5)
Jun 10, 5-6 AM (2)
Jun 10, 6-7 AM (46)
Jun 10, 7-8 AM (82)
Jun 10, 8-9 AM (18)
Jun 10, 9-10 AM (59)
Jun 10, 10-11 AM (45)
Jun 10, 11-12 PM (32)
2,783 commits this week Jun 03, 2026 - Jun 10, 2026
sandtreader
sandtreader · · ouroboros-leios-sim
praos: fix stuck-rollup parent check + clean up per-peer state 
- maybe_emit_stuck_warning was counting any peer-chain parent missing from
  adopted_ancestors as "unreachable", but the diagnostic doc says "neither
  in chain_tree nor block_cache".  A peer chain that forks off into a
  branch we hold but haven't adopted would false-positive the WARN.  Check
  the whole chain_tree (every fork we know about) instead.

- record_peer_disconnected wasn't removing the per-peer last_gap_warning_at
  throttle entry, so the map grew without bound under reconnect churn if
  PeerIds are monotonically assigned.  Same lifecycle as the orphan
  cooldown that already gets cleared here.

- Drop a duplicate `#[allow(clippy::too_many_arguments)]` on
  on_tip_advanced (one was enough).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
9dc12ef6 · prc/deep-rollback-fork-prune · 1/12 ++ 6 --
sandtreader
sandtreader · · ouroboros-leios-sim
behaviour: short-circuit DropInboundPeers at probability >= 1.0 
`u64 / u64::MAX as f64` lands in [0, 1] inclusive: `u64::MAX as f64` rounds
to 2^64, and a hash equal to u64::MAX yields a draw of exactly 1.0.  The
`draw < probability` test then refused to drop on that one-in-2^64 hash
even when the operator asked for "always drop" semantics with
probability=1.0.

Mirror the `probability <= 0.0` short-circuit at the top of the function
so probability=1.0 unconditionally returns true, and fix the comment to
say [0, 1] rather than [0, 1).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
e29f2b20 · prc/deep-rollback-fork-prune · 1/8 ++ 1 --
sandtreader
sandtreader · · ouroboros-leios-sim
sim-core: clear pre-existing clippy 1.92 lints 
- tcp_connection.rs: `mem::replace(_, Default::default())` → `mem::take`.
- config.rs: `for (_, spec) in &out` → `for spec in out.values()`.
- network/connection.rs: allow `clippy::large_enum_variant` on
  `ConnectionKind` — the two variants share a uniform interface and
  Box-ing the TCP variant would add an indirection on every connection
  access in the sim hot path.  Also allow `clippy::items_after_test_module`
  on the file's `mod tests` block; `ConnectionKind` legitimately lives
  after it and moving the 400-line test module to the file end would be
  pure churn.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
03d43c7e · prc/deep-rollback-fork-prune · 3/4 ++ 2 --
sandtreader
sandtreader · · ouroboros-leios-sim
net-cluster: clear pre-existing clippy 1.92 lints 
- aggregator.rs: drop `len.clone()` on a `usize` (Copy).
- server.rs: allow `clippy::too_many_arguments` on `start()`; the nine
  args are all distinct top-level cluster wiring (port, channels, shared
  state) and grouping them into a config struct would be churn for
  marginal benefit.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
7bed585f · prc/deep-rollback-fork-prune · 2/2 ++ 1 --
sandtreader
sandtreader · · ouroboros-leios-sim
shared-consensus: clear pre-existing clippy 1.92 lints 
- t22.rs: dedent inline list items to 2 spaces (overindented); drop the
  redundant `let decision = …; decision` binding (`needless_return`).
- praos.rs: rewrap PraosStateSizes equivocation_bytes_estimate doc so the
  list bullet sits flush with the prose.
- behaviour/selection.rs: replace `out.get(&2).is_none()` with
  `!out.contains_key(&2)` (`unnecessary_get_then_check`).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
9c7eefd4 · prc/deep-rollback-fork-prune · 3/9 ++ 10 --
sandtreader
sandtreader · · ouroboros-leios
praos: evict abandoned suffix from block cache on force_rollback 
`force_rollback` re-anchored chain state and pruned the chain tree
suffix, but left the abandoned blocks in `block_cache` / `validated` /
`in_flight_validation`.  The dedup at the top of `on_block_received`
short-circuits when a hash is in any of those, so a peer re-offering an
abandoned block after a deliberate self-reorg was silently dropped —
`chain_tree` never re-acquired it and the node was pinned on its dead
fork, defeating post-chaos recovery.

Mirror the k-prune retention pattern from `on_block_applied` in the
opposite direction: retain `block_cache` to entries with `block_no <=
target_bn`, then drop `validated` / `in_flight_validation` /
`header_first_seen` to hashes still in `block_cache`.

Test extended to assert the suffix is gone from cache + validated.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
bf357356 · prc/deep-rollback-fork-prune · 1/22 ++ 0 --
scarmuega
scarmuega · · dolos
feat(grpc): expose configurable HTTP/2 transport tuning via GrpcConfig 
The gRPC server built its tonic transport with no HTTP/2 tuning, inheriting
hyper/h2 defaults (64 KiB per-stream flow-control window, adaptive windowing
off) with no way for operators to influence them.

Add optional HTTP/2 fields to GrpcConfig (http2_adaptive_window,
http2_initial_stream_window_size, http2_initial_connection_window_size,
http2_max_frame_size, http2_max_concurrent_streams), all backwards-compatible
optional fields, and plumb them into the server builder via a dedicated
apply_http2_tuning helper.

Adaptive windowing defaults to on. NOTE: this is a behavior change for existing
deployments (windows now auto-size to the BDP instead of being pinned at
64 KiB). Adaptive and explicit fixed windows are mutually exclusive in hyper;
setting both logs a warning rather than silently dropping the fixed sizes.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
be44a903 · pull/1011/head · 3/89 ++ 7 --
sandtreader
sandtreader · · ouroboros-leios
praos: surface upstream gappy ChainSync via two complementary WARNs 
Diagnosing a wedged catch-up against the public Leios dev relay
required grepping across the orphan / fork-mismatch INFO traffic and
inferring the cause from cache state.  Two new WARNs hand the
diagnosis directly to an operator skimming logs:

- **ChainSync ingress contiguity check** in `record_peer_tip`: when an
  arriving header's `prev_hash` doesn't match the previously-announced
  one's hash, log the (block_no, hash) pair on each side and the
  implied skipped-block count.  Throttled per peer
  (`GAP_WARNING_INTERVAL = 10 s`) so a sustained non-contiguous forward
  doesn't flood the log.  This is the direct signal — the WARN fires
  the moment upstream commits the offence.

- **Stuck-validation rollup** in `retry_select_chain`: when validation
  has been frozen for `STUCK_THRESHOLD = 30 s` and some peer offers a
  strictly-better tip, emit one rollup line summarising stuck duration,
  adopted vs best-peer block_no, the count of entries in that peer's
  replay whose parent_hash we don't have locally, and the peer-chain
  size.  Throttled to one fire per `STUCK_WARNING_INTERVAL = 60 s`.
  This covers the general "stuck for any reason" case and stays
  informative when the ingress check has gone quiet under its
  per-peer cooldown.

Both lines were verified against the dev relay: ingress fires within
~30 s of catch-up reaching the wedge boundary (with the exact missing
block hash prefix in the message), and the rollup fires 30 s later
with `unreachable_parent_hashes > 0`, both throttled correctly under
sustained wedge load.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
b3cec6b1 · prc/deep-rollback-fork-prune · 1/166 ++ 3 --
sandtreader
sandtreader · · ouroboros-leios
coordinator: throttle re-intersection per address to stop fork-loop spin 
A peer stuck on an unreconcilable fork re-intersects in a tight loop
(the original relay wedge spun at ~1.4 orphan/re-intersect per second).
The per-peer-id orphan cooldown in shared-consensus doesn't survive the
reconnect handovers that assign a fresh PeerId each time.

Rate-limit `NetworkCommand::ReIntersect` in the coordinator keyed by peer
*address* (stable across reconnects) with exponential backoff (1s → 30s).
All re-intersections — within a connection and across reconnect handovers
— flow through this command, so one throttle covers both. The first
attempt for an address always passes (legitimate single re-intersects are
never blocked); rapid repeats back off; a peer that goes quiet resets.

Measured on the round-robin divergent-backend repro: orphan/re-intersect
events dropped from ~26/90s (spin) to 3, and the follower makes progress
instead of freezing.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
ce0c3b8f · prc/deep-rollback-fork-prune · 1/51 ++ 1 --
sandtreader
sandtreader · · ouroboros-leios
net-node: configs for the public Leios dev relay 
Split the same way `mainnet.toml` + `follow-real-relay.toml` are: a
base config carrying the dev network's wire parameters (magic 164,
genesis 2026-05-29T00:00:00Z, slot length 1 s, Leios enabled), and a
per-node overlay that puts net-node in stake-0 follower mode against
`leios-node.play.dev.cardano.org:3001`.

Used both to surface and reproduce the at-tip catch-up wedge
described in this PR's "Known limitation" section, and as the
reproduction recipe in the relay-side bug report. The `no_fetch`
eb_txs policy in the overlay sidesteps the relay's RST on
MsgLeiosBlockTxsRequest (cardano-scaling/cardano-blueprint#68).

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
9692b81d · prc/deep-rollback-fork-prune · 2/69 ++ 0 --
sandtreader
sandtreader · · ouroboros-leios
praos: trust the ChainSync intersection anchor as the common ancestor 
After reconnecting to a peer on a divergent fork (the round-robin
relay-backend handover), select_chain could perpetually fail to find a
common ancestor: the per-peer fragment is too short to reach the fork
point and `adopted_ancestors` may be truncated by pruning, so the
strictly-better peer is classified OrphanCandidate forever and the tip
freezes (the original relay wedge: "orphan — no common ancestor found",
looping on re-intersection).

`find_intersection` already probes back to genesis, so its anchor is the
authoritative common ancestor. Add a final fallback in select_chain: when
no ancestor is found via the fragment, trust the peer's intersection
anchor if it is a real block we hold and the resulting reorg is within k.
The bounded (<= k) reorg then proceeds via the existing
WaitingForBlocks/range-fetch path. Reorgs deeper than k are refused
(Praos finality — settled blocks). Origin/genesis anchors are excluded:
a switch sharing only genesis needs a full re-sync from block 1 that the
range fetch can't anchor at Origin, and isn't the round-robin case
(those backends share real history at the fork point).

Tests: select_chain_trusts_intersection_anchor_within_k (verified to fail
without the fallback) and select_chain_refuses_reorg_deeper_than_k. 308
shared-consensus tests pass.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
7009f049 · prc/deep-rollback-fork-prune · 1/102 ++ 0 --
sandtreader
sandtreader · · ouroboros-leios
praos: rate-limit the chain_tree gap-bridge to stop re-fetch amplification 
retry_select_chain bridges [adopted_tip -> best_tip] gated only on the
moving `gap_point`. As a live peer keeps producing, best_tip advances
every tick, so the per-block in-flight dedup never trips and the whole
range re-fetches continuously (observed ~44 blocks/s of re-fetch with the
tip frozen). Rate-limit the bridge per adopted tip (BRIDGE_COOLDOWN,
10s), reset as soon as the adopted tip advances (real progress).

(An earlier version of this commit also tried to "un-starve" the oldest
in-flight gap block on a short timer; that was reverted — it can't tell a
superseded fetch from a slow-but-in-progress one, so during normal
catch-up it re-issued the whole range and amplified block traffic ~47x.
The 15s IN_FLIGHT_TTL already re-tries genuinely stuck blocks.)

308 shared-consensus tests pass.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
29e06de2 · prc/deep-rollback-fork-prune · 1/27 ++ 1 --
Showing 25 of 2783 recent commits.