From de1d9194d038796dff0ee7eb9b7755a10ccad8ad Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Tue, 23 Jun 2026 09:38:41 -0400 Subject: [PATCH 01/12] Add a 'trustEnclaves' setting to confidential relay for testing --- .../capabilities/confidentialrelay/handler.go | 21 ++++++++++++++----- .../confidentialrelay/handler_test.go | 2 +- .../capabilities/confidentialrelay/service.go | 5 ++++- core/config/cre_config.go | 3 +++ core/config/docs/core.toml | 2 ++ core/config/toml/types.go | 7 +++++++ core/services/chainlink/config_cre.go | 12 ++++++++--- core/services/chainlink/config_test.go | 3 ++- .../testdata/config-empty-effective.toml | 1 + .../chainlink/testdata/config-full.toml | 1 + .../config-multi-chain-effective.toml | 1 + core/services/cre/cre.go | 1 + .../testdata/config-empty-effective.toml | 1 + core/web/resolver/testdata/config-full.toml | 1 + .../config-multi-chain-effective.toml | 1 + .../confidentialrelay/confidentialrelay.go | 12 +++++++++-- 16 files changed, 61 insertions(+), 13 deletions(-) diff --git a/core/capabilities/confidentialrelay/handler.go b/core/capabilities/confidentialrelay/handler.go index 8a60d8388d7..1f99867b58c 100644 --- a/core/capabilities/confidentialrelay/handler.go +++ b/core/capabilities/confidentialrelay/handler.go @@ -112,10 +112,14 @@ type Handler struct { // validateAttestation validates TEE attestation documents. // Defaults to the Nitro validator; overridden in tests. validateAttestation attestationValidatorFunc - limitsFactory limits.Factory + // trustEnclaves relaxes attestation validation for fake (non-Nitro) + // enclaves. INSECURE; test-only. When set, the custom-CA-roots validation + // path is skipped in favour of validateAttestation (the accept-all func). + trustEnclaves bool + limitsFactory limits.Factory } -func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory) (*Handler, error) { +func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory, trustEnclaves bool) (*Handler, error) { if responseSigner == nil { return nil, errors.New("response signer is required") } @@ -124,13 +128,20 @@ func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnecto return nil, fmt.Errorf("failed to create metrics: %w", err) } + named := logger.Named(lggr, HandlerName) + validate := nitro.ValidateAttestation + if trustEnclaves { + validate = func(_, _, _ []byte) error { return nil } + } + h := &Handler{ capRegistry: capRegistry, gatewayConnector: conn, responseSigner: responseSigner, - lggr: logger.Named(lggr, HandlerName), + lggr: named, metrics: m, - validateAttestation: nitro.ValidateAttestation, + validateAttestation: validate, + trustEnclaves: trustEnclaves, limitsFactory: lf, } h.Service, h.eng = services.Config{ @@ -622,7 +633,7 @@ func (h *Handler) verifyAttestationHash(ctx context.Context, attestationB64 stri var validationErr error for _, m := range measurements { var err error - if caRootsPEM != "" { + if caRootsPEM != "" && !h.trustEnclaves { err = nitro.ValidateAttestationWithRoots(attestationBytes, hash, m, caRootsPEM) } else { err = h.validateAttestation(attestationBytes, hash, m) diff --git a/core/capabilities/confidentialrelay/handler_test.go b/core/capabilities/confidentialrelay/handler_test.go index 2967c395bd3..4ee7bb4c587 100644 --- a/core/capabilities/confidentialrelay/handler_test.go +++ b/core/capabilities/confidentialrelay/handler_test.go @@ -132,7 +132,7 @@ func newTestHandler(t *testing.T, registry core.CapabilitiesRegistry, gwConn cor require.NoError(t, err) key, err := p2pkey.NewV2() require.NoError(t, err) - h, err := NewHandler(registry, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}) + h, err := NewHandler(registry, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}, false) require.NoError(t, err) h.validateAttestation = noopValidator return h diff --git a/core/capabilities/confidentialrelay/service.go b/core/capabilities/confidentialrelay/service.go index 9be91349698..dd6ba1ffce4 100644 --- a/core/capabilities/confidentialrelay/service.go +++ b/core/capabilities/confidentialrelay/service.go @@ -31,6 +31,7 @@ type Service struct { peerID p2pkey.PeerID lggr logger.Logger limitsFactory limits.Factory + trustEnclaves bool handler *Handler } @@ -42,6 +43,7 @@ func NewService( peerID p2pkey.PeerID, lggr logger.Logger, limitsFactory limits.Factory, + trustEnclaves bool, ) *Service { s := &Service{ wrapper: wrapper, @@ -50,6 +52,7 @@ func NewService( peerID: peerID, lggr: lggr, limitsFactory: limitsFactory, + trustEnclaves: trustEnclaves, } s.Service, s.eng = services.Config{ Name: "ConfidentialRelayService", @@ -68,7 +71,7 @@ func (s *Service) start(ctx context.Context) error { if err != nil { return fmt.Errorf("failed to get p2p key for confidential relay signing: %w", err) } - h, err := NewHandler(s.capRegistry, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory) + h, err := NewHandler(s.capRegistry, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory, s.trustEnclaves) if err != nil { return err } diff --git a/core/config/cre_config.go b/core/config/cre_config.go index 15a77f4a86e..2781ef75064 100644 --- a/core/config/cre_config.go +++ b/core/config/cre_config.go @@ -25,6 +25,9 @@ type WorkflowFetcher interface { // CREConfidentialRelay defines configuration for the confidential relay handler. type CREConfidentialRelay interface { Enabled() bool + // TrustEnclaves reports whether the relay should trust fake (non-Nitro) + // enclaves by relaxing TEE attestation validation. INSECURE; test-only. + TrustEnclaves() bool } // CRELinking defines configuration for connecting to the CRE linking service diff --git a/core/config/docs/core.toml b/core/config/docs/core.toml index f37e63fd41a..e680cd20e16 100644 --- a/core/config/docs/core.toml +++ b/core/config/docs/core.toml @@ -969,6 +969,8 @@ DebugMode = false # Default [CRE.ConfidentialRelay] # Enabled controls whether the confidential relay gateway handler should be configured. Enabled = false # Default +# TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. +TrustEnclaves = false # Default # Sharding holds settings for node sharding configuration. [Sharding] diff --git a/core/config/toml/types.go b/core/config/toml/types.go index adc5c681064..63ff0f4abc1 100644 --- a/core/config/toml/types.go +++ b/core/config/toml/types.go @@ -1957,6 +1957,10 @@ type WorkflowFetcherConfig struct { // validating enclave attestations and proxying capability requests. type ConfidentialRelayConfig struct { Enabled *bool `toml:",omitempty"` + // TrustEnclaves relaxes TEE attestation validation so the relay trusts + // fake (non-Nitro) enclaves. INSECURE; intended only for tests/E2E that run + // against the fake enclave environment. + TrustEnclaves *bool `toml:",omitempty"` } // LinkingConfig holds the configuration for connecting to the CRE linking service @@ -2020,6 +2024,9 @@ func (c *CreConfig) setFrom(f *CreConfig) { if v := f.ConfidentialRelay.Enabled; v != nil { c.ConfidentialRelay.Enabled = v } + if v := f.ConfidentialRelay.TrustEnclaves; v != nil { + c.ConfidentialRelay.TrustEnclaves = v + } } } diff --git a/core/services/chainlink/config_cre.go b/core/services/chainlink/config_cre.go index ff58345c9a6..775e2b39fc6 100644 --- a/core/services/chainlink/config_cre.go +++ b/core/services/chainlink/config_cre.go @@ -106,10 +106,12 @@ func (c *creConfig) Linking() config.CRELinking { } type confidentialRelayConfig struct { - enabled bool + enabled bool + trustEnclaves bool } -func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } +func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } +func (cr *confidentialRelayConfig) TrustEnclaves() bool { return cr.trustEnclaves } func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay == nil { @@ -119,7 +121,11 @@ func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay.Enabled != nil { enabled = *c.c.ConfidentialRelay.Enabled } - return &confidentialRelayConfig{enabled: enabled} + trustEnclaves := false + if c.c.ConfidentialRelay.TrustEnclaves != nil { + trustEnclaves = *c.c.ConfidentialRelay.TrustEnclaves + } + return &confidentialRelayConfig{enabled: enabled, trustEnclaves: trustEnclaves} } func (c *creConfig) LocalSecretOverrides() map[string]map[string]string { diff --git a/core/services/chainlink/config_test.go b/core/services/chainlink/config_test.go index 127261bc388..b40fd511812 100644 --- a/core/services/chainlink/config_test.go +++ b/core/services/chainlink/config_test.go @@ -593,7 +593,8 @@ func TestConfig_Marshal(t *testing.T) { TLSEnabled: ptr(true), }, ConfidentialRelay: &toml.ConfidentialRelayConfig{ - Enabled: ptr(false), + Enabled: ptr(false), + TrustEnclaves: ptr(false), }, } full.Billing = toml.Billing{ diff --git a/core/services/chainlink/testdata/config-empty-effective.toml b/core/services/chainlink/testdata/config-empty-effective.toml index f6eb5121505..c95082005a2 100644 --- a/core/services/chainlink/testdata/config-empty-effective.toml +++ b/core/services/chainlink/testdata/config-empty-effective.toml @@ -386,6 +386,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-full.toml b/core/services/chainlink/testdata/config-full.toml index 782db0949d7..4b8a44cbed5 100644 --- a/core/services/chainlink/testdata/config-full.toml +++ b/core/services/chainlink/testdata/config-full.toml @@ -425,6 +425,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-multi-chain-effective.toml b/core/services/chainlink/testdata/config-multi-chain-effective.toml index 86121aaa1b8..a47d93fa3ce 100644 --- a/core/services/chainlink/testdata/config-multi-chain-effective.toml +++ b/core/services/chainlink/testdata/config-multi-chain-effective.toml @@ -386,6 +386,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/core/services/cre/cre.go b/core/services/cre/cre.go index bf3d74cc9cb..f92f8cddd3d 100644 --- a/core/services/cre/cre.go +++ b/core/services/cre/cre.go @@ -217,6 +217,7 @@ func (s *Services) newSubservices( confidentialRelayPeerID(cfg, capCfg), lggr, opts.LimitsFactory, + cfg.CRE().ConfidentialRelay().TrustEnclaves(), ) srvs = append(srvs, relayService) } diff --git a/core/web/resolver/testdata/config-empty-effective.toml b/core/web/resolver/testdata/config-empty-effective.toml index f6eb5121505..c95082005a2 100644 --- a/core/web/resolver/testdata/config-empty-effective.toml +++ b/core/web/resolver/testdata/config-empty-effective.toml @@ -386,6 +386,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-full.toml b/core/web/resolver/testdata/config-full.toml index dd7fb035052..f82eb098335 100644 --- a/core/web/resolver/testdata/config-full.toml +++ b/core/web/resolver/testdata/config-full.toml @@ -404,6 +404,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-multi-chain-effective.toml b/core/web/resolver/testdata/config-multi-chain-effective.toml index 68a0130ae84..edd22d0da41 100644 --- a/core/web/resolver/testdata/config-multi-chain-effective.toml +++ b/core/web/resolver/testdata/config-multi-chain-effective.toml @@ -386,6 +386,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go index f6f72802ac3..17f54164f79 100644 --- a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go +++ b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go @@ -17,7 +17,11 @@ import ( const flag = cre.ConfidentialRelayCapability -type ConfidentialRelay struct{} +type ConfidentialRelay struct { + // TrustEnclaves makes the relay trust fake (non-Nitro) enclaves by + // relaxing TEE attestation validation. INSECURE; test/E2E use only. + TrustEnclaves bool +} func (o *ConfidentialRelay) Flag() cre.CapabilityFlag { return flag @@ -59,7 +63,11 @@ func (o *ConfidentialRelay) PreEnvStartup( } enabled := true - typedConfig.CRE.ConfidentialRelay = &coretoml.ConfidentialRelayConfig{Enabled: &enabled} + trustEnclaves := o.TrustEnclaves + typedConfig.CRE.ConfidentialRelay = &coretoml.ConfidentialRelayConfig{ + Enabled: &enabled, + TrustEnclaves: &trustEnclaves, + } out, err := tomlser.Marshal(typedConfig) if err != nil { From 8bb0c1ba2da2c1bd60d1d17d1fde8b52761f409b Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Tue, 23 Jun 2026 10:46:24 -0400 Subject: [PATCH 02/12] update devenv to allow an envar-based override --- devenv/config.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/devenv/config.go b/devenv/config.go index 213e6cac9c3..5aed1b70594 100644 --- a/devenv/config.go +++ b/devenv/config.go @@ -25,6 +25,8 @@ import ( const ( // DefaultConfigDir is the default directory we are expecting TOML config to be. DefaultConfigDir = "." + // EnvVarConfigDir is the environment variable name to read config directory from, ex.: CTF_CONFIG_DIR=./configs. + EnvVarConfigDir = "CTF_CONFIG_DIR" // EnvVarTestConfigs is the environment variable name to read config paths from, ex.: CTF_CONFIGS=env.toml,overrides.toml. EnvVarTestConfigs = "CTF_CONFIGS" // DefaultOverridesFilePath is the default overrides.toml file path. @@ -42,7 +44,12 @@ func Load[T any]() (*T, error) { paths := strings.SplitSeq(os.Getenv(EnvVarTestConfigs), ",") for path := range paths { L.Info().Str("Path", path).Msg("Loading configuration input") - data, err := os.ReadFile(filepath.Join(DefaultConfigDir, path)) + if os.Getenv(EnvVarConfigDir) != "" { + path = filepath.Join(os.Getenv(EnvVarConfigDir), path) + } else { + path = filepath.Join(DefaultConfigDir, path) + } + data, err := os.ReadFile(path) if err != nil { if path == DefaultOverridesFilePath { L.Info().Str("Path", path).Msg("Overrides file not found or empty") From dd94584e74a4976d9162758cda6bc8b46c7fe59f Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Tue, 23 Jun 2026 23:02:31 -0400 Subject: [PATCH 03/12] fix doc tests --- docs/CONFIG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/CONFIG.md b/docs/CONFIG.md index d283f2faf4a..d8273ce7c05 100644 --- a/docs/CONFIG.md +++ b/docs/CONFIG.md @@ -2724,6 +2724,7 @@ DebugMode enables additional tracing and logging for workflow engines. ```toml [CRE.ConfidentialRelay] Enabled = false # Default +TrustEnclaves = false # Default ``` @@ -2733,6 +2734,12 @@ Enabled = false # Default ``` Enabled controls whether the confidential relay gateway handler should be configured. +### TrustEnclaves +```toml +TrustEnclaves = false # Default +``` +TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. + ## Sharding ```toml [Sharding] From 391dd727cf9744d186287c5d6a1aeb4b0ddbfc8d Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Tue, 23 Jun 2026 23:13:13 -0400 Subject: [PATCH 04/12] fix docs 2 --- testdata/scripts/config/merge_raw_configs.txtar | 1 + testdata/scripts/node/validate/default.txtar | 1 + testdata/scripts/node/validate/defaults-override.txtar | 1 + testdata/scripts/node/validate/disk-based-logging-disabled.txtar | 1 + testdata/scripts/node/validate/disk-based-logging-no-dir.txtar | 1 + testdata/scripts/node/validate/disk-based-logging.txtar | 1 + testdata/scripts/node/validate/fallback-override.txtar | 1 + testdata/scripts/node/validate/invalid-ocr-p2p.txtar | 1 + testdata/scripts/node/validate/invalid.txtar | 1 + testdata/scripts/node/validate/valid.txtar | 1 + testdata/scripts/node/validate/warnings.txtar | 1 + 11 files changed, 11 insertions(+) diff --git a/testdata/scripts/config/merge_raw_configs.txtar b/testdata/scripts/config/merge_raw_configs.txtar index 06ac519d21d..105b7e61686 100644 --- a/testdata/scripts/config/merge_raw_configs.txtar +++ b/testdata/scripts/config/merge_raw_configs.txtar @@ -533,6 +533,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/default.txtar b/testdata/scripts/node/validate/default.txtar index 87476ac18f8..2bbb80ee01a 100644 --- a/testdata/scripts/node/validate/default.txtar +++ b/testdata/scripts/node/validate/default.txtar @@ -398,6 +398,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/defaults-override.txtar b/testdata/scripts/node/validate/defaults-override.txtar index a0bd0f22ca8..48f058be61e 100644 --- a/testdata/scripts/node/validate/defaults-override.txtar +++ b/testdata/scripts/node/validate/defaults-override.txtar @@ -459,6 +459,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar index b514320e81e..67f4aa4fd36 100644 --- a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar @@ -442,6 +442,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar index 09d630f0410..ea414ddad3f 100644 --- a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar @@ -442,6 +442,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging.txtar b/testdata/scripts/node/validate/disk-based-logging.txtar index efa55d6c4a3..ed9379e7659 100644 --- a/testdata/scripts/node/validate/disk-based-logging.txtar +++ b/testdata/scripts/node/validate/disk-based-logging.txtar @@ -442,6 +442,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/fallback-override.txtar b/testdata/scripts/node/validate/fallback-override.txtar index 4f5406cf44d..24c918961cf 100644 --- a/testdata/scripts/node/validate/fallback-override.txtar +++ b/testdata/scripts/node/validate/fallback-override.txtar @@ -544,6 +544,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/invalid-ocr-p2p.txtar b/testdata/scripts/node/validate/invalid-ocr-p2p.txtar index 63ac3270c61..c6bd8e6bfb5 100644 --- a/testdata/scripts/node/validate/invalid-ocr-p2p.txtar +++ b/testdata/scripts/node/validate/invalid-ocr-p2p.txtar @@ -427,6 +427,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/invalid.txtar b/testdata/scripts/node/validate/invalid.txtar index 2ea583aa574..012b0a8ce20 100644 --- a/testdata/scripts/node/validate/invalid.txtar +++ b/testdata/scripts/node/validate/invalid.txtar @@ -438,6 +438,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = '' diff --git a/testdata/scripts/node/validate/valid.txtar b/testdata/scripts/node/validate/valid.txtar index d8a68cdc8a4..8f43ed3c2cf 100644 --- a/testdata/scripts/node/validate/valid.txtar +++ b/testdata/scripts/node/validate/valid.txtar @@ -439,6 +439,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/warnings.txtar b/testdata/scripts/node/validate/warnings.txtar index cc7c437f38a..6c9c3ea134f 100644 --- a/testdata/scripts/node/validate/warnings.txtar +++ b/testdata/scripts/node/validate/warnings.txtar @@ -421,6 +421,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false +TrustEnclaves = false [Billing] URL = 'localhost:4319' From 97049cefd2869e40cacdd1312e977996b8ab0b2c Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Tue, 23 Jun 2026 23:23:02 -0400 Subject: [PATCH 05/12] fix lint --- core/services/chainlink/config_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/services/chainlink/config_test.go b/core/services/chainlink/config_test.go index b40fd511812..4b81abff647 100644 --- a/core/services/chainlink/config_test.go +++ b/core/services/chainlink/config_test.go @@ -593,8 +593,8 @@ func TestConfig_Marshal(t *testing.T) { TLSEnabled: ptr(true), }, ConfidentialRelay: &toml.ConfidentialRelayConfig{ - Enabled: ptr(false), - TrustEnclaves: ptr(false), + Enabled: new(bool), + TrustEnclaves: new(bool), }, } full.Billing = toml.Billing{ From b88858f1333604f40bd6c11a1458d3da5c9f7552 Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Tue, 23 Jun 2026 23:23:11 -0400 Subject: [PATCH 06/12] Revert "update devenv to allow an envar-based override" This reverts commit 8bb0c1ba2da2c1bd60d1d17d1fde8b52761f409b. --- devenv/config.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/devenv/config.go b/devenv/config.go index 5aed1b70594..213e6cac9c3 100644 --- a/devenv/config.go +++ b/devenv/config.go @@ -25,8 +25,6 @@ import ( const ( // DefaultConfigDir is the default directory we are expecting TOML config to be. DefaultConfigDir = "." - // EnvVarConfigDir is the environment variable name to read config directory from, ex.: CTF_CONFIG_DIR=./configs. - EnvVarConfigDir = "CTF_CONFIG_DIR" // EnvVarTestConfigs is the environment variable name to read config paths from, ex.: CTF_CONFIGS=env.toml,overrides.toml. EnvVarTestConfigs = "CTF_CONFIGS" // DefaultOverridesFilePath is the default overrides.toml file path. @@ -44,12 +42,7 @@ func Load[T any]() (*T, error) { paths := strings.SplitSeq(os.Getenv(EnvVarTestConfigs), ",") for path := range paths { L.Info().Str("Path", path).Msg("Loading configuration input") - if os.Getenv(EnvVarConfigDir) != "" { - path = filepath.Join(os.Getenv(EnvVarConfigDir), path) - } else { - path = filepath.Join(DefaultConfigDir, path) - } - data, err := os.ReadFile(path) + data, err := os.ReadFile(filepath.Join(DefaultConfigDir, path)) if err != nil { if path == DefaultOverridesFilePath { L.Info().Str("Path", path).Msg("Overrides file not found or empty") From 61ed5ede974b8f07d5a18c5852986c665eace579 Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Mon, 29 Jun 2026 16:02:12 -0400 Subject: [PATCH 07/12] Add new quorumFMultiplier config, bump chainlink-common, refactor use of test boolean --- .../capabilities/confidentialrelay/handler.go | 73 ++++++++++++------- .../confidentialrelay/handler_test.go | 8 +- .../capabilities/confidentialrelay/service.go | 35 +++++---- core/config/cre_config.go | 4 + core/config/docs/core.toml | 2 + core/config/toml/types.go | 7 ++ core/scripts/go.mod | 4 +- core/scripts/go.sum | 8 +- core/services/chainlink/config_cre.go | 23 ++++-- core/services/chainlink/config_test.go | 5 +- .../testdata/config-empty-effective.toml | 1 + .../chainlink/testdata/config-full.toml | 1 + .../config-multi-chain-effective.toml | 1 + core/services/cre/cre.go | 13 +++- .../testdata/config-empty-effective.toml | 1 + core/web/resolver/testdata/config-full.toml | 1 + .../config-multi-chain-effective.toml | 1 + deployment/go.mod | 4 +- deployment/go.sum | 8 +- docs/CONFIG.md | 7 ++ go.mod | 4 +- go.sum | 8 +- integration-tests/go.mod | 4 +- integration-tests/go.sum | 8 +- integration-tests/load/go.mod | 4 +- integration-tests/load/go.sum | 8 +- plugins/plugins.private.yaml | 4 - system-tests/lib/go.mod | 4 +- system-tests/lib/go.sum | 8 +- system-tests/tests/go.mod | 4 +- system-tests/tests/go.sum | 8 +- 31 files changed, 168 insertions(+), 103 deletions(-) diff --git a/core/capabilities/confidentialrelay/handler.go b/core/capabilities/confidentialrelay/handler.go index 1f99867b58c..ce9632936a9 100644 --- a/core/capabilities/confidentialrelay/handler.go +++ b/core/capabilities/confidentialrelay/handler.go @@ -94,8 +94,30 @@ func newMetrics() (*handlerMetrics, error) { }, nil } -// attestationValidatorFunc validates a TEE attestation document. -type attestationValidatorFunc func(attestation []byte, expectedUserData []byte, trustedMeasurements []byte) error +// AttestationValidator validates TEE attestation documents, with or without a +// custom CA root. Both the production Nitro validator and the insecure +// passthrough validator implement it, so the handler validates the same way +// regardless of which is configured. +type AttestationValidator interface { + ValidateAttestation(attestation, expectedUserData, trustedMeasurements []byte) error + ValidateAttestationWithRoots(attestation, expectedUserData, trustedMeasurements []byte, caRootsPEM string) error +} + +// nitroValidator is the production validator backed by AWS Nitro. +type nitroValidator struct{} + +func (nitroValidator) ValidateAttestation(attestation, expectedUserData, trustedMeasurements []byte) error { + return nitro.ValidateAttestation(attestation, expectedUserData, trustedMeasurements) +} + +func (nitroValidator) ValidateAttestationWithRoots(attestation, expectedUserData, trustedMeasurements []byte, caRootsPEM string) error { + return nitro.ValidateAttestationWithRoots(attestation, expectedUserData, trustedMeasurements, caRootsPEM) +} + +// NewAttestationValidator returns the production validator backed by AWS Nitro. +func NewAttestationValidator() AttestationValidator { + return nitroValidator{} +} // Handler processes enclave relay requests from the gateway. // It validates attestations and proxies requests to VaultDON or capability DONs. @@ -109,17 +131,15 @@ type Handler struct { lggr logger.Logger metrics *handlerMetrics - // validateAttestation validates TEE attestation documents. - // Defaults to the Nitro validator; overridden in tests. - validateAttestation attestationValidatorFunc - // trustEnclaves relaxes attestation validation for fake (non-Nitro) - // enclaves. INSECURE; test-only. When set, the custom-CA-roots validation - // path is skipped in favour of validateAttestation (the accept-all func). - trustEnclaves bool - limitsFactory limits.Factory + // validator validates TEE attestation documents. + validator AttestationValidator + // quorumFMultiplier multiplies the Workflow DON fault tolerance when + // computing the required signature quorum: threshold = quorumFMultiplier*F + 1. + quorumFMultiplier uint32 + limitsFactory limits.Factory } -func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory, trustEnclaves bool) (*Handler, error) { +func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory, validator AttestationValidator, quorumFMultiplier uint32) (*Handler, error) { if responseSigner == nil { return nil, errors.New("response signer is required") } @@ -129,20 +149,16 @@ func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnecto } named := logger.Named(lggr, HandlerName) - validate := nitro.ValidateAttestation - if trustEnclaves { - validate = func(_, _, _ []byte) error { return nil } - } h := &Handler{ - capRegistry: capRegistry, - gatewayConnector: conn, - responseSigner: responseSigner, - lggr: named, - metrics: m, - validateAttestation: validate, - trustEnclaves: trustEnclaves, - limitsFactory: lf, + capRegistry: capRegistry, + gatewayConnector: conn, + responseSigner: responseSigner, + lggr: named, + metrics: m, + validator: validator, + quorumFMultiplier: quorumFMultiplier, + limitsFactory: lf, } h.Service, h.eng = services.Config{ Name: HandlerName, @@ -633,10 +649,10 @@ func (h *Handler) verifyAttestationHash(ctx context.Context, attestationB64 stri var validationErr error for _, m := range measurements { var err error - if caRootsPEM != "" && !h.trustEnclaves { - err = nitro.ValidateAttestationWithRoots(attestationBytes, hash, m, caRootsPEM) + if caRootsPEM != "" { + err = h.validator.ValidateAttestationWithRoots(attestationBytes, hash, m, caRootsPEM) } else { - err = h.validateAttestation(attestationBytes, hash, m) + err = h.validator.ValidateAttestation(attestationBytes, hash, m) } if err == nil { return nil @@ -666,8 +682,9 @@ func (h *Handler) verifyWorkflowAuthorization(don capabilities.DON, params confi } // Match the enclave's own quorum: server.go requires config.F+1 unique signers where the - // config-tracker sets config.F = 2*don.F, i.e. 2*F+1. - threshold := 2*int(don.F) + 1 + // config-tracker sets config.F = quorumFMultiplier*don.F, i.e. quorumFMultiplier*F+1 + // (the default multiplier of 2 gives the standard 2*F+1). + threshold := int(h.quorumFMultiplier)*int(don.F) + 1 // The forwarded requests differ only in their signature; they all sign one shared // ComputeRequest hash. Reconstruct that hash once and verify each signature over it. diff --git a/core/capabilities/confidentialrelay/handler_test.go b/core/capabilities/confidentialrelay/handler_test.go index 4ee7bb4c587..5b3e8892712 100644 --- a/core/capabilities/confidentialrelay/handler_test.go +++ b/core/capabilities/confidentialrelay/handler_test.go @@ -25,6 +25,7 @@ import ( "github.com/smartcontractkit/chainlink-common/pkg/logger" "github.com/smartcontractkit/chainlink-common/pkg/settings" "github.com/smartcontractkit/chainlink-common/pkg/settings/limits" + "github.com/smartcontractkit/chainlink-common/pkg/teeattestation/passthrough" "github.com/smartcontractkit/chainlink-common/pkg/types/core" sdkpb "github.com/smartcontractkit/chainlink-protos/cre/go/sdk" "github.com/smartcontractkit/chainlink-protos/cre/go/values" @@ -52,8 +53,6 @@ func makeCapabilityPayload(t *testing.T, inputs map[string]any) string { const testAttestationB64 = "ZHVtbXktYXR0ZXN0YXRpb24=" // base64("dummy-attestation") -func noopValidator(_ []byte, _, _ []byte) error { return nil } - type mockGatewayConnector struct { core.UnimplementedGatewayConnector lastResp *jsonrpc.Response[json.RawMessage] @@ -132,9 +131,10 @@ func newTestHandler(t *testing.T, registry core.CapabilitiesRegistry, gwConn cor require.NoError(t, err) key, err := p2pkey.NewV2() require.NoError(t, err) - h, err := NewHandler(registry, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}, false) + validator, err := passthrough.New() + require.NoError(t, err) + h, err := NewHandler(registry, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}, validator, 2) require.NoError(t, err) - h.validateAttestation = noopValidator return h } diff --git a/core/capabilities/confidentialrelay/service.go b/core/capabilities/confidentialrelay/service.go index dd6ba1ffce4..f3ecec5225d 100644 --- a/core/capabilities/confidentialrelay/service.go +++ b/core/capabilities/confidentialrelay/service.go @@ -25,13 +25,14 @@ type Service struct { services.Service eng *services.Engine - wrapper *gatewayconnector.ServiceWrapper - capRegistry core.CapabilitiesRegistry - p2pKeystore keystore.P2P - peerID p2pkey.PeerID - lggr logger.Logger - limitsFactory limits.Factory - trustEnclaves bool + wrapper *gatewayconnector.ServiceWrapper + capRegistry core.CapabilitiesRegistry + p2pKeystore keystore.P2P + peerID p2pkey.PeerID + lggr logger.Logger + limitsFactory limits.Factory + validator AttestationValidator + quorumFMultiplier uint32 handler *Handler } @@ -43,16 +44,18 @@ func NewService( peerID p2pkey.PeerID, lggr logger.Logger, limitsFactory limits.Factory, - trustEnclaves bool, + validator AttestationValidator, + quorumFMultiplier uint32, ) *Service { s := &Service{ - wrapper: wrapper, - capRegistry: capRegistry, - p2pKeystore: p2pKeystore, - peerID: peerID, - lggr: lggr, - limitsFactory: limitsFactory, - trustEnclaves: trustEnclaves, + wrapper: wrapper, + capRegistry: capRegistry, + p2pKeystore: p2pKeystore, + peerID: peerID, + lggr: lggr, + limitsFactory: limitsFactory, + validator: validator, + quorumFMultiplier: quorumFMultiplier, } s.Service, s.eng = services.Config{ Name: "ConfidentialRelayService", @@ -71,7 +74,7 @@ func (s *Service) start(ctx context.Context) error { if err != nil { return fmt.Errorf("failed to get p2p key for confidential relay signing: %w", err) } - h, err := NewHandler(s.capRegistry, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory, s.trustEnclaves) + h, err := NewHandler(s.capRegistry, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory, s.validator, s.quorumFMultiplier) if err != nil { return err } diff --git a/core/config/cre_config.go b/core/config/cre_config.go index 2781ef75064..3422dd15e6e 100644 --- a/core/config/cre_config.go +++ b/core/config/cre_config.go @@ -28,6 +28,10 @@ type CREConfidentialRelay interface { // TrustEnclaves reports whether the relay should trust fake (non-Nitro) // enclaves by relaxing TEE attestation validation. INSECURE; test-only. TrustEnclaves() bool + // QuorumFMultiplier is the multiplier applied to the Workflow DON fault + // tolerance when computing the relay's signature quorum: + // threshold = QuorumFMultiplier*F + 1. Defaults to 2. + QuorumFMultiplier() uint32 } // CRELinking defines configuration for connecting to the CRE linking service diff --git a/core/config/docs/core.toml b/core/config/docs/core.toml index e680cd20e16..2d640f27923 100644 --- a/core/config/docs/core.toml +++ b/core/config/docs/core.toml @@ -971,6 +971,8 @@ DebugMode = false # Default Enabled = false # Default # TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. TrustEnclaves = false # Default +# QuorumFMultiplier sets the multiplier applied to the Workflow DON fault tolerance when computing the relay's signature quorum: threshold = QuorumFMultiplier*F + 1. +QuorumFMultiplier = 2 # Default # Sharding holds settings for node sharding configuration. [Sharding] diff --git a/core/config/toml/types.go b/core/config/toml/types.go index 63ff0f4abc1..7cbd528962c 100644 --- a/core/config/toml/types.go +++ b/core/config/toml/types.go @@ -1961,6 +1961,10 @@ type ConfidentialRelayConfig struct { // fake (non-Nitro) enclaves. INSECURE; intended only for tests/E2E that run // against the fake enclave environment. TrustEnclaves *bool `toml:",omitempty"` + // QuorumFMultiplier sets the multiplier applied to the Workflow DON fault + // tolerance when computing the signature quorum the relay requires: + // threshold = QuorumFMultiplier*F + 1. Defaults to 2 (2*F+1). + QuorumFMultiplier *uint32 `toml:",omitempty"` } // LinkingConfig holds the configuration for connecting to the CRE linking service @@ -2027,6 +2031,9 @@ func (c *CreConfig) setFrom(f *CreConfig) { if v := f.ConfidentialRelay.TrustEnclaves; v != nil { c.ConfidentialRelay.TrustEnclaves = v } + if v := f.ConfidentialRelay.QuorumFMultiplier; v != nil { + c.ConfidentialRelay.QuorumFMultiplier = v + } } } diff --git a/core/scripts/go.mod b/core/scripts/go.mod index a1c7bed0ec3..741c6315af3 100644 --- a/core/scripts/go.mod +++ b/core/scripts/go.mod @@ -43,13 +43,13 @@ require ( github.com/smartcontractkit/chain-selectors v1.0.103 github.com/smartcontractkit/chainlink-automation v0.8.1 github.com/smartcontractkit/chainlink-ccip/chains/evm v0.0.0-20260618155522-3600f66e26cd - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-data-streams v0.1.15-0.20260522094612-5f9f748bd87a github.com/smartcontractkit/chainlink-deployments-framework v0.105.0 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260618132327-105433c1ac66 github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20260521215851-3fdbb363496f - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 github.com/smartcontractkit/chainlink-testing-framework/framework v0.16.2 github.com/smartcontractkit/chainlink-testing-framework/framework/components/dockercompose v0.1.23 diff --git a/core/scripts/go.sum b/core/scripts/go.sum index 483d6be1897..93242e2426b 100644 --- a/core/scripts/go.sum +++ b/core/scripts/go.sum @@ -1571,8 +1571,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 h1:QZkJ/gh/XSiNnLCBGF2+vpIgI6yxOaYROReCbkjeuyM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650/go.mod h1:paOB/6dy57owHtOGzhgaRBWRDT5BEWfnJF5M7sgkcro= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= @@ -1609,8 +1609,8 @@ github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0- github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735/go.mod h1:zAJq6Tpkx5AdFUwW67dIYnW+Bdf50drCCpMR81Qxb4E= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d h1:AJy55QJ/pBhXkZjc7N+ATnWfxrcjq9BI9DmdtdjwDUQ= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d/go.mod h1:5JdppgngCOUS76p61zCinSCgOhPeYQ+OcDUuome5THQ= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 h1:iRFmfMFQtcnhGDjCuARQG4MPbcmbbJDDw7MUH3GcGy8= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b h1:VDgJWDipihV9f7M5+d21d1RzSsg5rEv+iI12oN1VQbo= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 h1:SG+wAsNyAcA6Kk19ljuxi3HK9Ll2lpHik8OKoY4x7A0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36/go.mod h1:vL1bDgPSJjV0EqHYs4dDlR+EEE0cJchgvGLYXhwIjXY= github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 h1:q+VDPcxWrj5k9QizSYfUOSMnDH3Sd5HvbPguZOgfXTY= diff --git a/core/services/chainlink/config_cre.go b/core/services/chainlink/config_cre.go index 775e2b39fc6..4796cf8285d 100644 --- a/core/services/chainlink/config_cre.go +++ b/core/services/chainlink/config_cre.go @@ -105,17 +105,24 @@ func (c *creConfig) Linking() config.CRELinking { return &linkingConfig{url: url, tlsEnabled: tlsEnabled} } +// defaultQuorumFMultiplier is the multiplier applied to the Workflow DON fault +// tolerance when no QuorumFMultiplier is configured, yielding the standard +// 2*F+1 quorum. +const defaultQuorumFMultiplier uint32 = 2 + type confidentialRelayConfig struct { - enabled bool - trustEnclaves bool + enabled bool + trustEnclaves bool + quorumFMultiplier uint32 } -func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } -func (cr *confidentialRelayConfig) TrustEnclaves() bool { return cr.trustEnclaves } +func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } +func (cr *confidentialRelayConfig) TrustEnclaves() bool { return cr.trustEnclaves } +func (cr *confidentialRelayConfig) QuorumFMultiplier() uint32 { return cr.quorumFMultiplier } func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay == nil { - return &confidentialRelayConfig{} + return &confidentialRelayConfig{quorumFMultiplier: defaultQuorumFMultiplier} } enabled := false if c.c.ConfidentialRelay.Enabled != nil { @@ -125,7 +132,11 @@ func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay.TrustEnclaves != nil { trustEnclaves = *c.c.ConfidentialRelay.TrustEnclaves } - return &confidentialRelayConfig{enabled: enabled, trustEnclaves: trustEnclaves} + quorumFMultiplier := defaultQuorumFMultiplier + if c.c.ConfidentialRelay.QuorumFMultiplier != nil { + quorumFMultiplier = *c.c.ConfidentialRelay.QuorumFMultiplier + } + return &confidentialRelayConfig{enabled: enabled, trustEnclaves: trustEnclaves, quorumFMultiplier: quorumFMultiplier} } func (c *creConfig) LocalSecretOverrides() map[string]map[string]string { diff --git a/core/services/chainlink/config_test.go b/core/services/chainlink/config_test.go index 4b81abff647..fe68ca57b5d 100644 --- a/core/services/chainlink/config_test.go +++ b/core/services/chainlink/config_test.go @@ -593,8 +593,9 @@ func TestConfig_Marshal(t *testing.T) { TLSEnabled: ptr(true), }, ConfidentialRelay: &toml.ConfidentialRelayConfig{ - Enabled: new(bool), - TrustEnclaves: new(bool), + Enabled: new(bool), + TrustEnclaves: new(bool), + QuorumFMultiplier: ptr(uint32(3)), }, } full.Billing = toml.Billing{ diff --git a/core/services/chainlink/testdata/config-empty-effective.toml b/core/services/chainlink/testdata/config-empty-effective.toml index c95082005a2..e35c83293a4 100644 --- a/core/services/chainlink/testdata/config-empty-effective.toml +++ b/core/services/chainlink/testdata/config-empty-effective.toml @@ -387,6 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +QuorumFMultiplier = 2 [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-full.toml b/core/services/chainlink/testdata/config-full.toml index 4b8a44cbed5..6e9feb526da 100644 --- a/core/services/chainlink/testdata/config-full.toml +++ b/core/services/chainlink/testdata/config-full.toml @@ -426,6 +426,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +QuorumFMultiplier = 3 [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-multi-chain-effective.toml b/core/services/chainlink/testdata/config-multi-chain-effective.toml index a47d93fa3ce..c54b55933c1 100644 --- a/core/services/chainlink/testdata/config-multi-chain-effective.toml +++ b/core/services/chainlink/testdata/config-multi-chain-effective.toml @@ -387,6 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +QuorumFMultiplier = 2 [Billing] URL = 'localhost:4319' diff --git a/core/services/cre/cre.go b/core/services/cre/cre.go index f92f8cddd3d..b6e46cace76 100644 --- a/core/services/cre/cre.go +++ b/core/services/cre/cre.go @@ -29,6 +29,7 @@ import ( "github.com/smartcontractkit/chainlink-common/pkg/settings/limits" "github.com/smartcontractkit/chainlink-common/pkg/sqlutil" "github.com/smartcontractkit/chainlink-common/pkg/storage" + "github.com/smartcontractkit/chainlink-common/pkg/teeattestation/passthrough" commontypes "github.com/smartcontractkit/chainlink-common/pkg/types" "github.com/smartcontractkit/chainlink-common/pkg/workflows/dontime" "github.com/smartcontractkit/chainlink-evm/pkg/keys" @@ -210,6 +211,15 @@ func (s *Services) newSubservices( srvs = append(srvs, gatewayConnectorWrapper) if cfg.CRE().ConfidentialRelay().Enabled() { + var attestationValidator confidentialrelay.AttestationValidator + if cfg.CRE().ConfidentialRelay().TrustEnclaves() { + attestationValidator, ierr = passthrough.New() + if ierr != nil { + return nil, fmt.Errorf("could not create passthrough attestation validator: %w", ierr) + } + } else { + attestationValidator = confidentialrelay.NewAttestationValidator() + } relayService := confidentialrelay.NewService( gatewayConnectorWrapper, opts.CapabilitiesRegistry, @@ -217,7 +227,8 @@ func (s *Services) newSubservices( confidentialRelayPeerID(cfg, capCfg), lggr, opts.LimitsFactory, - cfg.CRE().ConfidentialRelay().TrustEnclaves(), + attestationValidator, + cfg.CRE().ConfidentialRelay().QuorumFMultiplier(), ) srvs = append(srvs, relayService) } diff --git a/core/web/resolver/testdata/config-empty-effective.toml b/core/web/resolver/testdata/config-empty-effective.toml index c95082005a2..e35c83293a4 100644 --- a/core/web/resolver/testdata/config-empty-effective.toml +++ b/core/web/resolver/testdata/config-empty-effective.toml @@ -387,6 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +QuorumFMultiplier = 2 [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-full.toml b/core/web/resolver/testdata/config-full.toml index f82eb098335..282e5d3bb68 100644 --- a/core/web/resolver/testdata/config-full.toml +++ b/core/web/resolver/testdata/config-full.toml @@ -405,6 +405,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +QuorumFMultiplier = 3 [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-multi-chain-effective.toml b/core/web/resolver/testdata/config-multi-chain-effective.toml index edd22d0da41..ffa9a669c8b 100644 --- a/core/web/resolver/testdata/config-multi-chain-effective.toml +++ b/core/web/resolver/testdata/config-multi-chain-effective.toml @@ -387,6 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +QuorumFMultiplier = 2 [Billing] URL = 'localhost:4319' diff --git a/deployment/go.mod b/deployment/go.mod index ca704b44d50..0f2779ecdea 100644 --- a/deployment/go.mod +++ b/deployment/go.mod @@ -42,14 +42,14 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7 github.com/smartcontractkit/chainlink-ccip/deployment v0.0.0-20260618155522-3600f66e26cd - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-data-streams v0.1.15-0.20260522094612-5f9f748bd87a github.com/smartcontractkit/chainlink-deployments-framework v0.105.0 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260618132327-105433c1ac66 github.com/smartcontractkit/chainlink-evm/contracts/cre/gobindings v0.0.0-20260403151002-2c91155b5501 github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20260521215851-3fdbb363496f - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 github.com/smartcontractkit/chainlink-protos/orchestrator v0.10.1-0.20260528221400-84746b70eeeb github.com/smartcontractkit/chainlink-solana v1.3.1-0.20260605202330-b5a89c32fdc1 diff --git a/deployment/go.sum b/deployment/go.sum index f56e76ecd1f..8c551b8d4c8 100644 --- a/deployment/go.sum +++ b/deployment/go.sum @@ -1380,8 +1380,8 @@ github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194 h1:QxZkbKtQyPtVLYP4eMwc+VbXY7M5ve1deSiLZ2pOA+Y= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194/go.mod h1:bNMFRxwWdgVFdSsFZRmsUUPoBUncU3RM765K99svIKM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 h1:QZkJ/gh/XSiNnLCBGF2+vpIgI6yxOaYROReCbkjeuyM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650/go.mod h1:paOB/6dy57owHtOGzhgaRBWRDT5BEWfnJF5M7sgkcro= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= @@ -1418,8 +1418,8 @@ github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0- github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735/go.mod h1:zAJq6Tpkx5AdFUwW67dIYnW+Bdf50drCCpMR81Qxb4E= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d h1:AJy55QJ/pBhXkZjc7N+ATnWfxrcjq9BI9DmdtdjwDUQ= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d/go.mod h1:5JdppgngCOUS76p61zCinSCgOhPeYQ+OcDUuome5THQ= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 h1:iRFmfMFQtcnhGDjCuARQG4MPbcmbbJDDw7MUH3GcGy8= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b h1:VDgJWDipihV9f7M5+d21d1RzSsg5rEv+iI12oN1VQbo= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 h1:SG+wAsNyAcA6Kk19ljuxi3HK9Ll2lpHik8OKoY4x7A0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36/go.mod h1:vL1bDgPSJjV0EqHYs4dDlR+EEE0cJchgvGLYXhwIjXY= github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 h1:q+VDPcxWrj5k9QizSYfUOSMnDH3Sd5HvbPguZOgfXTY= diff --git a/docs/CONFIG.md b/docs/CONFIG.md index d8273ce7c05..c44cce13371 100644 --- a/docs/CONFIG.md +++ b/docs/CONFIG.md @@ -2725,6 +2725,7 @@ DebugMode enables additional tracing and logging for workflow engines. [CRE.ConfidentialRelay] Enabled = false # Default TrustEnclaves = false # Default +QuorumFMultiplier = 2 # Default ``` @@ -2740,6 +2741,12 @@ TrustEnclaves = false # Default ``` TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. +### QuorumFMultiplier +```toml +QuorumFMultiplier = 2 # Default +``` +QuorumFMultiplier sets the multiplier applied to the Workflow DON fault tolerance when computing the relay's signature quorum: threshold = QuorumFMultiplier*F + 1. + ## Sharding ```toml [Sharding] diff --git a/go.mod b/go.mod index d9322e15d4b..5958f7f7ff8 100644 --- a/go.mod +++ b/go.mod @@ -85,7 +85,7 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260415165642-49f23e4d76cc github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 github.com/smartcontractkit/chainlink-data-streams v0.1.15-0.20260522094612-5f9f748bd87a @@ -97,7 +97,7 @@ require ( github.com/smartcontractkit/chainlink-framework/chains v0.0.0-20260423135514-5b1a7565a99c github.com/smartcontractkit/chainlink-framework/multinode v0.0.0-20260521164805-26d78d5e1243 github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4 - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20260512230622-65f10f4cd305 github.com/smartcontractkit/chainlink-protos/node-platform v0.0.0-20260512230622-65f10f4cd305 diff --git a/go.sum b/go.sum index 1bc875e96c1..c16ef92d22f 100644 --- a/go.sum +++ b/go.sum @@ -1165,8 +1165,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260415165642-49f23e4d76cc/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 h1:QZkJ/gh/XSiNnLCBGF2+vpIgI6yxOaYROReCbkjeuyM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650/go.mod h1:paOB/6dy57owHtOGzhgaRBWRDT5BEWfnJF5M7sgkcro= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= @@ -1201,8 +1201,8 @@ github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0- github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735/go.mod h1:zAJq6Tpkx5AdFUwW67dIYnW+Bdf50drCCpMR81Qxb4E= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d h1:AJy55QJ/pBhXkZjc7N+ATnWfxrcjq9BI9DmdtdjwDUQ= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d/go.mod h1:5JdppgngCOUS76p61zCinSCgOhPeYQ+OcDUuome5THQ= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 h1:iRFmfMFQtcnhGDjCuARQG4MPbcmbbJDDw7MUH3GcGy8= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b h1:VDgJWDipihV9f7M5+d21d1RzSsg5rEv+iI12oN1VQbo= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 h1:SG+wAsNyAcA6Kk19ljuxi3HK9Ll2lpHik8OKoY4x7A0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36/go.mod h1:vL1bDgPSJjV0EqHYs4dDlR+EEE0cJchgvGLYXhwIjXY= github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20260512230622-65f10f4cd305 h1:NJdGFhzT6zMaTod4QkBqVD2sg0I25iw1boOYtTpEwRo= diff --git a/integration-tests/go.mod b/integration-tests/go.mod index ed8fed7f56d..6e0ecdfd0e9 100644 --- a/integration-tests/go.mod +++ b/integration-tests/go.mod @@ -29,7 +29,7 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/evm v0.0.0-20260618155522-3600f66e26cd github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260506144252-c100eabfda74 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7 - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-deployments-framework v0.105.0 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260618132327-105433c1ac66 @@ -408,7 +408,7 @@ require ( github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-discovery v0.0.0-20251211142334-5c3421fe2c8d // indirect github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735 // indirect github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d // indirect - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 // indirect + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b // indirect github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 // indirect github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20260512230622-65f10f4cd305 // indirect github.com/smartcontractkit/chainlink-protos/node-platform v0.0.0-20260512230622-65f10f4cd305 // indirect diff --git a/integration-tests/go.sum b/integration-tests/go.sum index 1243556ed4f..b986b74dfe3 100644 --- a/integration-tests/go.sum +++ b/integration-tests/go.sum @@ -1365,8 +1365,8 @@ github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194 h1:QxZkbKtQyPtVLYP4eMwc+VbXY7M5ve1deSiLZ2pOA+Y= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194/go.mod h1:bNMFRxwWdgVFdSsFZRmsUUPoBUncU3RM765K99svIKM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 h1:QZkJ/gh/XSiNnLCBGF2+vpIgI6yxOaYROReCbkjeuyM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650/go.mod h1:paOB/6dy57owHtOGzhgaRBWRDT5BEWfnJF5M7sgkcro= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= @@ -1403,8 +1403,8 @@ github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0- github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735/go.mod h1:zAJq6Tpkx5AdFUwW67dIYnW+Bdf50drCCpMR81Qxb4E= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d h1:AJy55QJ/pBhXkZjc7N+ATnWfxrcjq9BI9DmdtdjwDUQ= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d/go.mod h1:5JdppgngCOUS76p61zCinSCgOhPeYQ+OcDUuome5THQ= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 h1:iRFmfMFQtcnhGDjCuARQG4MPbcmbbJDDw7MUH3GcGy8= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b h1:VDgJWDipihV9f7M5+d21d1RzSsg5rEv+iI12oN1VQbo= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 h1:SG+wAsNyAcA6Kk19ljuxi3HK9Ll2lpHik8OKoY4x7A0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36/go.mod h1:vL1bDgPSJjV0EqHYs4dDlR+EEE0cJchgvGLYXhwIjXY= github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 h1:q+VDPcxWrj5k9QizSYfUOSMnDH3Sd5HvbPguZOgfXTY= diff --git a/integration-tests/load/go.mod b/integration-tests/load/go.mod index 689cc28ae5e..6e5e94eefe0 100644 --- a/integration-tests/load/go.mod +++ b/integration-tests/load/go.mod @@ -20,7 +20,7 @@ require ( github.com/smartcontractkit/chainlink-ccip/chains/evm v0.0.0-20260618155522-3600f66e26cd github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260506144252-c100eabfda74 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7 - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-deployments-framework v0.105.0 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260618132327-105433c1ac66 github.com/smartcontractkit/chainlink-testing-framework/framework v0.16.1 @@ -490,7 +490,7 @@ require ( github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-discovery v0.0.0-20251211142334-5c3421fe2c8d // indirect github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735 // indirect github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d // indirect - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 // indirect + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b // indirect github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 // indirect github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 // indirect github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20260512230622-65f10f4cd305 // indirect diff --git a/integration-tests/load/go.sum b/integration-tests/load/go.sum index 5eb00ea569f..127b07b0178 100644 --- a/integration-tests/load/go.sum +++ b/integration-tests/load/go.sum @@ -1631,8 +1631,8 @@ github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194 h1:QxZkbKtQyPtVLYP4eMwc+VbXY7M5ve1deSiLZ2pOA+Y= github.com/smartcontractkit/chainlink-ccv/deployment v0.0.2-0.20260616151800-9a3a31c4e194/go.mod h1:bNMFRxwWdgVFdSsFZRmsUUPoBUncU3RM765K99svIKM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 h1:QZkJ/gh/XSiNnLCBGF2+vpIgI6yxOaYROReCbkjeuyM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650/go.mod h1:paOB/6dy57owHtOGzhgaRBWRDT5BEWfnJF5M7sgkcro= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= @@ -1669,8 +1669,8 @@ github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0- github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735/go.mod h1:zAJq6Tpkx5AdFUwW67dIYnW+Bdf50drCCpMR81Qxb4E= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d h1:AJy55QJ/pBhXkZjc7N+ATnWfxrcjq9BI9DmdtdjwDUQ= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d/go.mod h1:5JdppgngCOUS76p61zCinSCgOhPeYQ+OcDUuome5THQ= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 h1:iRFmfMFQtcnhGDjCuARQG4MPbcmbbJDDw7MUH3GcGy8= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b h1:VDgJWDipihV9f7M5+d21d1RzSsg5rEv+iI12oN1VQbo= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 h1:SG+wAsNyAcA6Kk19ljuxi3HK9Ll2lpHik8OKoY4x7A0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36/go.mod h1:vL1bDgPSJjV0EqHYs4dDlR+EEE0cJchgvGLYXhwIjXY= github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 h1:q+VDPcxWrj5k9QizSYfUOSMnDH3Sd5HvbPguZOgfXTY= diff --git a/plugins/plugins.private.yaml b/plugins/plugins.private.yaml index 856e7cf4caa..46dcf17fc34 100644 --- a/plugins/plugins.private.yaml +++ b/plugins/plugins.private.yaml @@ -45,7 +45,3 @@ plugins: - moduleURI: "github.com/smartcontractkit/capabilities/chain_capabilities/aptos" gitRef: "5424665d88fc5c239a2af353abcf0f0e0e4cb710" installPath: "." - confidential-http: - - moduleURI: "github.com/smartcontractkit/confidential-compute/enclave/apps/confidential-http/capability" - gitRef: "24ffd2435ed7d6bca45525c2189d720b7a4ef6bc" - installPath: "./cmd/confidential-http" diff --git a/system-tests/lib/go.mod b/system-tests/lib/go.mod index e54f636f23c..db271fd6ac8 100644 --- a/system-tests/lib/go.mod +++ b/system-tests/lib/go.mod @@ -33,12 +33,12 @@ require ( github.com/smartcontractkit/chain-selectors v1.0.103 github.com/smartcontractkit/chainlink-aptos v0.0.0-20260609211101-71d38bd6a0a9 github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-deployments-framework v0.105.0 github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260618132327-105433c1ac66 github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20260521215851-3fdbb363496f - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20260512230622-65f10f4cd305 github.com/smartcontractkit/chainlink-protos/workflows/go v0.0.0-20260528221400-84746b70eeeb diff --git a/system-tests/lib/go.sum b/system-tests/lib/go.sum index 64e6cbb6a5c..b5a5c36403c 100644 --- a/system-tests/lib/go.sum +++ b/system-tests/lib/go.sum @@ -1538,8 +1538,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 h1:QZkJ/gh/XSiNnLCBGF2+vpIgI6yxOaYROReCbkjeuyM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650/go.mod h1:paOB/6dy57owHtOGzhgaRBWRDT5BEWfnJF5M7sgkcro= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= @@ -1576,8 +1576,8 @@ github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0- github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735/go.mod h1:zAJq6Tpkx5AdFUwW67dIYnW+Bdf50drCCpMR81Qxb4E= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d h1:AJy55QJ/pBhXkZjc7N+ATnWfxrcjq9BI9DmdtdjwDUQ= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d/go.mod h1:5JdppgngCOUS76p61zCinSCgOhPeYQ+OcDUuome5THQ= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 h1:iRFmfMFQtcnhGDjCuARQG4MPbcmbbJDDw7MUH3GcGy8= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b h1:VDgJWDipihV9f7M5+d21d1RzSsg5rEv+iI12oN1VQbo= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 h1:SG+wAsNyAcA6Kk19ljuxi3HK9Ll2lpHik8OKoY4x7A0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36/go.mod h1:vL1bDgPSJjV0EqHYs4dDlR+EEE0cJchgvGLYXhwIjXY= github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 h1:q+VDPcxWrj5k9QizSYfUOSMnDH3Sd5HvbPguZOgfXTY= diff --git a/system-tests/tests/go.mod b/system-tests/tests/go.mod index b3aacbde8a6..9b9c6e310cb 100644 --- a/system-tests/tests/go.mod +++ b/system-tests/tests/go.mod @@ -58,12 +58,12 @@ require ( github.com/rs/zerolog v1.34.0 github.com/smartcontractkit/chain-selectors v1.0.103 github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260415165642-49f23e4d76cc - github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 + github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf github.com/smartcontractkit/chainlink-common/keystore v1.2.0 github.com/smartcontractkit/chainlink-deployments-framework v0.105.0 github.com/smartcontractkit/chainlink-evm/contracts/cre/gobindings v0.0.0-20260403151002-2c91155b5501 github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20260521215851-3fdbb363496f - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b github.com/smartcontractkit/chainlink-protos/ring/go v0.0.0-20260331131315-f08a616d8dcd github.com/smartcontractkit/chainlink-protos/workflows/go v0.0.0-20260528221400-84746b70eeeb github.com/smartcontractkit/chainlink-testing-framework/framework v0.16.2 diff --git a/system-tests/tests/go.sum b/system-tests/tests/go.sum index e1d4681656f..ca52080715b 100644 --- a/system-tests/tests/go.sum +++ b/system-tests/tests/go.sum @@ -1552,8 +1552,8 @@ github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260 github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260511195239-0f6e1b177fc7/go.mod h1:67YbnoglYD61Pz/jTVCgav9wFq7S35OU8UyQSvPllRw= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033 h1:WjZwKtUA/0TPvzgCt8bcdq+BHMIL65S0oU79mxgZn/Y= github.com/smartcontractkit/chainlink-ccv v0.0.2-0.20260622154332-695181f87033/go.mod h1:15M0qBycFN5jkNjaYFkutYkGAmhuT401IfaJvz32lcg= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650 h1:QZkJ/gh/XSiNnLCBGF2+vpIgI6yxOaYROReCbkjeuyM= -github.com/smartcontractkit/chainlink-common v0.11.2-0.20260622160845-86b9f94f3650/go.mod h1:paOB/6dy57owHtOGzhgaRBWRDT5BEWfnJF5M7sgkcro= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf h1:yz9tXcZ/c5DGFt5Y+yByOEbad+X5QY5YylE2GRwNV10= +github.com/smartcontractkit/chainlink-common v0.11.2-0.20260629191530-0371c428a6cf/go.mod h1:wUK7w5xRrFPD2qQfdt1fLXzQzWSb4PaZaxa4nsqCWVs= github.com/smartcontractkit/chainlink-common/keystore v1.2.0 h1:1BH/b14CkGjArfzznlioQpIJiynECWVT48JUP9E277U= github.com/smartcontractkit/chainlink-common/keystore v1.2.0/go.mod h1:9R/74vN+bJ5PbkOyM/pUy/AeAZaRwYb/k4XPeXcbDio= github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260601211238-9f526774fef0 h1:NExKM/D0HneOq/N5LGTbkV4VOa0UHCvfTNEb4GqYpto= @@ -1590,8 +1590,8 @@ github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0- github.com/smartcontractkit/chainlink-protos/chainlink-ccv/message-rules v0.0.0-20260505131349-78e491b80735/go.mod h1:zAJq6Tpkx5AdFUwW67dIYnW+Bdf50drCCpMR81Qxb4E= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d h1:AJy55QJ/pBhXkZjc7N+ATnWfxrcjq9BI9DmdtdjwDUQ= github.com/smartcontractkit/chainlink-protos/chainlink-ccv/verifier v0.0.0-20251211142334-5c3421fe2c8d/go.mod h1:5JdppgngCOUS76p61zCinSCgOhPeYQ+OcDUuome5THQ= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7 h1:iRFmfMFQtcnhGDjCuARQG4MPbcmbbJDDw7MUH3GcGy8= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260618082634-432eb85805e7/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b h1:VDgJWDipihV9f7M5+d21d1RzSsg5rEv+iI12oN1VQbo= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b/go.mod h1:vTFHTCbLui4Vn8fTmAadfE3rdnvfrDwOmMujmW857D0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36 h1:SG+wAsNyAcA6Kk19ljuxi3HK9Ll2lpHik8OKoY4x7A0= github.com/smartcontractkit/chainlink-protos/data-feeds v0.1.1-0.20260501174546-2e8846986b36/go.mod h1:vL1bDgPSJjV0EqHYs4dDlR+EEE0cJchgvGLYXhwIjXY= github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0 h1:q+VDPcxWrj5k9QizSYfUOSMnDH3Sd5HvbPguZOgfXTY= From c44f1ce78602d400771c64b34da0263584b9eb59 Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Mon, 29 Jun 2026 16:13:53 -0400 Subject: [PATCH 08/12] quorumFMultiplier -> requireBFTQuorum --- .../capabilities/confidentialrelay/handler.go | 36 ++++++++++--------- .../confidentialrelay/handler_test.go | 2 +- .../capabilities/confidentialrelay/service.go | 36 +++++++++---------- core/config/cre_config.go | 8 ++--- core/config/docs/core.toml | 4 +-- core/config/toml/types.go | 12 +++---- core/services/chainlink/config_cre.go | 29 ++++++++------- core/services/chainlink/config_test.go | 6 ++-- .../testdata/config-empty-effective.toml | 2 +- .../chainlink/testdata/config-full.toml | 2 +- .../config-multi-chain-effective.toml | 2 +- core/services/cre/cre.go | 2 +- .../testdata/config-empty-effective.toml | 2 +- core/web/resolver/testdata/config-full.toml | 2 +- .../config-multi-chain-effective.toml | 2 +- docs/CONFIG.md | 8 ++--- 16 files changed, 78 insertions(+), 77 deletions(-) diff --git a/core/capabilities/confidentialrelay/handler.go b/core/capabilities/confidentialrelay/handler.go index ce9632936a9..a254b2c09d2 100644 --- a/core/capabilities/confidentialrelay/handler.go +++ b/core/capabilities/confidentialrelay/handler.go @@ -133,13 +133,14 @@ type Handler struct { // validator validates TEE attestation documents. validator AttestationValidator - // quorumFMultiplier multiplies the Workflow DON fault tolerance when - // computing the required signature quorum: threshold = quorumFMultiplier*F + 1. - quorumFMultiplier uint32 - limitsFactory limits.Factory + // requireBFTQuorum selects the required signature quorum: when true the relay + // demands a Byzantine quorum of 2*F+1 unique signers, otherwise a crash-fault + // quorum of F+1. + requireBFTQuorum bool + limitsFactory limits.Factory } -func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory, validator AttestationValidator, quorumFMultiplier uint32) (*Handler, error) { +func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnector, responseSigner relayResponseSigner, lggr logger.Logger, lf limits.Factory, validator AttestationValidator, requireBFTQuorum bool) (*Handler, error) { if responseSigner == nil { return nil, errors.New("response signer is required") } @@ -151,14 +152,14 @@ func NewHandler(capRegistry core.CapabilitiesRegistry, conn core.GatewayConnecto named := logger.Named(lggr, HandlerName) h := &Handler{ - capRegistry: capRegistry, - gatewayConnector: conn, - responseSigner: responseSigner, - lggr: named, - metrics: m, - validator: validator, - quorumFMultiplier: quorumFMultiplier, - limitsFactory: lf, + capRegistry: capRegistry, + gatewayConnector: conn, + responseSigner: responseSigner, + lggr: named, + metrics: m, + validator: validator, + requireBFTQuorum: requireBFTQuorum, + limitsFactory: lf, } h.Service, h.eng = services.Config{ Name: HandlerName, @@ -681,10 +682,11 @@ func (h *Handler) verifyWorkflowAuthorization(don capabilities.DON, params confi return errors.New("missing signed compute requests") } - // Match the enclave's own quorum: server.go requires config.F+1 unique signers where the - // config-tracker sets config.F = quorumFMultiplier*don.F, i.e. quorumFMultiplier*F+1 - // (the default multiplier of 2 gives the standard 2*F+1). - threshold := int(h.quorumFMultiplier)*int(don.F) + 1 + // Require a quorum of signatures. + threshold := int(don.F) + 1 + if h.requireBFTQuorum { + threshold = 2*int(don.F) + 1 + } // The forwarded requests differ only in their signature; they all sign one shared // ComputeRequest hash. Reconstruct that hash once and verify each signature over it. diff --git a/core/capabilities/confidentialrelay/handler_test.go b/core/capabilities/confidentialrelay/handler_test.go index 5b3e8892712..64e0cbbe4c4 100644 --- a/core/capabilities/confidentialrelay/handler_test.go +++ b/core/capabilities/confidentialrelay/handler_test.go @@ -133,7 +133,7 @@ func newTestHandler(t *testing.T, registry core.CapabilitiesRegistry, gwConn cor require.NoError(t, err) validator, err := passthrough.New() require.NoError(t, err) - h, err := NewHandler(registry, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}, validator, 2) + h, err := NewHandler(registry, gwConn, newRelayResponseSigner(key), lggr, limits.Factory{Logger: lggr}, validator, true) require.NoError(t, err) return h } diff --git a/core/capabilities/confidentialrelay/service.go b/core/capabilities/confidentialrelay/service.go index f3ecec5225d..408720ad55b 100644 --- a/core/capabilities/confidentialrelay/service.go +++ b/core/capabilities/confidentialrelay/service.go @@ -25,14 +25,14 @@ type Service struct { services.Service eng *services.Engine - wrapper *gatewayconnector.ServiceWrapper - capRegistry core.CapabilitiesRegistry - p2pKeystore keystore.P2P - peerID p2pkey.PeerID - lggr logger.Logger - limitsFactory limits.Factory - validator AttestationValidator - quorumFMultiplier uint32 + wrapper *gatewayconnector.ServiceWrapper + capRegistry core.CapabilitiesRegistry + p2pKeystore keystore.P2P + peerID p2pkey.PeerID + lggr logger.Logger + limitsFactory limits.Factory + validator AttestationValidator + requireBFTQuorum bool handler *Handler } @@ -45,17 +45,17 @@ func NewService( lggr logger.Logger, limitsFactory limits.Factory, validator AttestationValidator, - quorumFMultiplier uint32, + requireBFTQuorum bool, ) *Service { s := &Service{ - wrapper: wrapper, - capRegistry: capRegistry, - p2pKeystore: p2pKeystore, - peerID: peerID, - lggr: lggr, - limitsFactory: limitsFactory, - validator: validator, - quorumFMultiplier: quorumFMultiplier, + wrapper: wrapper, + capRegistry: capRegistry, + p2pKeystore: p2pKeystore, + peerID: peerID, + lggr: lggr, + limitsFactory: limitsFactory, + validator: validator, + requireBFTQuorum: requireBFTQuorum, } s.Service, s.eng = services.Config{ Name: "ConfidentialRelayService", @@ -74,7 +74,7 @@ func (s *Service) start(ctx context.Context) error { if err != nil { return fmt.Errorf("failed to get p2p key for confidential relay signing: %w", err) } - h, err := NewHandler(s.capRegistry, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory, s.validator, s.quorumFMultiplier) + h, err := NewHandler(s.capRegistry, conn, newRelayResponseSigner(key), s.lggr, s.limitsFactory, s.validator, s.requireBFTQuorum) if err != nil { return err } diff --git a/core/config/cre_config.go b/core/config/cre_config.go index 3422dd15e6e..9a1a8114ad2 100644 --- a/core/config/cre_config.go +++ b/core/config/cre_config.go @@ -28,10 +28,10 @@ type CREConfidentialRelay interface { // TrustEnclaves reports whether the relay should trust fake (non-Nitro) // enclaves by relaxing TEE attestation validation. INSECURE; test-only. TrustEnclaves() bool - // QuorumFMultiplier is the multiplier applied to the Workflow DON fault - // tolerance when computing the relay's signature quorum: - // threshold = QuorumFMultiplier*F + 1. Defaults to 2. - QuorumFMultiplier() uint32 + // RequireBFTQuorum selects the relay's signature quorum: when true it requires + // a Byzantine quorum of 2*F+1 unique signers, otherwise a crash-fault quorum + // of F+1. Defaults to false. + RequireBFTQuorum() bool } // CRELinking defines configuration for connecting to the CRE linking service diff --git a/core/config/docs/core.toml b/core/config/docs/core.toml index 2d640f27923..fdab98b8be4 100644 --- a/core/config/docs/core.toml +++ b/core/config/docs/core.toml @@ -971,8 +971,8 @@ DebugMode = false # Default Enabled = false # Default # TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. TrustEnclaves = false # Default -# QuorumFMultiplier sets the multiplier applied to the Workflow DON fault tolerance when computing the relay's signature quorum: threshold = QuorumFMultiplier*F + 1. -QuorumFMultiplier = 2 # Default +# RequireBFTQuorum selects the relay's signature quorum: when true a Byzantine quorum of 2*F+1 unique signers, otherwise a crash-fault quorum of F+1. +RequireBFTQuorum = false # Default # Sharding holds settings for node sharding configuration. [Sharding] diff --git a/core/config/toml/types.go b/core/config/toml/types.go index 7cbd528962c..a8fbb7b8674 100644 --- a/core/config/toml/types.go +++ b/core/config/toml/types.go @@ -1961,10 +1961,10 @@ type ConfidentialRelayConfig struct { // fake (non-Nitro) enclaves. INSECURE; intended only for tests/E2E that run // against the fake enclave environment. TrustEnclaves *bool `toml:",omitempty"` - // QuorumFMultiplier sets the multiplier applied to the Workflow DON fault - // tolerance when computing the signature quorum the relay requires: - // threshold = QuorumFMultiplier*F + 1. Defaults to 2 (2*F+1). - QuorumFMultiplier *uint32 `toml:",omitempty"` + // RequireBFTQuorum selects the signature quorum the relay requires from the + // Workflow DON: when true a Byzantine quorum of 2*F+1 unique signers, otherwise + // a crash-fault quorum of F+1. Defaults to false. + RequireBFTQuorum *bool `toml:",omitempty"` } // LinkingConfig holds the configuration for connecting to the CRE linking service @@ -2031,8 +2031,8 @@ func (c *CreConfig) setFrom(f *CreConfig) { if v := f.ConfidentialRelay.TrustEnclaves; v != nil { c.ConfidentialRelay.TrustEnclaves = v } - if v := f.ConfidentialRelay.QuorumFMultiplier; v != nil { - c.ConfidentialRelay.QuorumFMultiplier = v + if v := f.ConfidentialRelay.RequireBFTQuorum; v != nil { + c.ConfidentialRelay.RequireBFTQuorum = v } } } diff --git a/core/services/chainlink/config_cre.go b/core/services/chainlink/config_cre.go index 4796cf8285d..ecebc23acc3 100644 --- a/core/services/chainlink/config_cre.go +++ b/core/services/chainlink/config_cre.go @@ -105,24 +105,23 @@ func (c *creConfig) Linking() config.CRELinking { return &linkingConfig{url: url, tlsEnabled: tlsEnabled} } -// defaultQuorumFMultiplier is the multiplier applied to the Workflow DON fault -// tolerance when no QuorumFMultiplier is configured, yielding the standard -// 2*F+1 quorum. -const defaultQuorumFMultiplier uint32 = 2 +// defaultRequireBFTQuorum is used when RequireBFTQuorum is not configured, +// yielding a crash-fault quorum of F+1. +const defaultRequireBFTQuorum = false type confidentialRelayConfig struct { - enabled bool - trustEnclaves bool - quorumFMultiplier uint32 + enabled bool + trustEnclaves bool + requireBFTQuorum bool } -func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } -func (cr *confidentialRelayConfig) TrustEnclaves() bool { return cr.trustEnclaves } -func (cr *confidentialRelayConfig) QuorumFMultiplier() uint32 { return cr.quorumFMultiplier } +func (cr *confidentialRelayConfig) Enabled() bool { return cr.enabled } +func (cr *confidentialRelayConfig) TrustEnclaves() bool { return cr.trustEnclaves } +func (cr *confidentialRelayConfig) RequireBFTQuorum() bool { return cr.requireBFTQuorum } func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay == nil { - return &confidentialRelayConfig{quorumFMultiplier: defaultQuorumFMultiplier} + return &confidentialRelayConfig{requireBFTQuorum: defaultRequireBFTQuorum} } enabled := false if c.c.ConfidentialRelay.Enabled != nil { @@ -132,11 +131,11 @@ func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay.TrustEnclaves != nil { trustEnclaves = *c.c.ConfidentialRelay.TrustEnclaves } - quorumFMultiplier := defaultQuorumFMultiplier - if c.c.ConfidentialRelay.QuorumFMultiplier != nil { - quorumFMultiplier = *c.c.ConfidentialRelay.QuorumFMultiplier + requireBFTQuorum := defaultRequireBFTQuorum + if c.c.ConfidentialRelay.RequireBFTQuorum != nil { + requireBFTQuorum = *c.c.ConfidentialRelay.RequireBFTQuorum } - return &confidentialRelayConfig{enabled: enabled, trustEnclaves: trustEnclaves, quorumFMultiplier: quorumFMultiplier} + return &confidentialRelayConfig{enabled: enabled, trustEnclaves: trustEnclaves, requireBFTQuorum: requireBFTQuorum} } func (c *creConfig) LocalSecretOverrides() map[string]map[string]string { diff --git a/core/services/chainlink/config_test.go b/core/services/chainlink/config_test.go index fe68ca57b5d..2fd1ede013b 100644 --- a/core/services/chainlink/config_test.go +++ b/core/services/chainlink/config_test.go @@ -593,9 +593,9 @@ func TestConfig_Marshal(t *testing.T) { TLSEnabled: ptr(true), }, ConfidentialRelay: &toml.ConfidentialRelayConfig{ - Enabled: new(bool), - TrustEnclaves: new(bool), - QuorumFMultiplier: ptr(uint32(3)), + Enabled: new(bool), + TrustEnclaves: new(bool), + RequireBFTQuorum: ptr(true), }, } full.Billing = toml.Billing{ diff --git a/core/services/chainlink/testdata/config-empty-effective.toml b/core/services/chainlink/testdata/config-empty-effective.toml index e35c83293a4..c51363d5a11 100644 --- a/core/services/chainlink/testdata/config-empty-effective.toml +++ b/core/services/chainlink/testdata/config-empty-effective.toml @@ -387,7 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -QuorumFMultiplier = 2 +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-full.toml b/core/services/chainlink/testdata/config-full.toml index 6e9feb526da..c8dc18c695f 100644 --- a/core/services/chainlink/testdata/config-full.toml +++ b/core/services/chainlink/testdata/config-full.toml @@ -426,7 +426,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -QuorumFMultiplier = 3 +RequireBFTQuorum = true [Billing] URL = 'localhost:4319' diff --git a/core/services/chainlink/testdata/config-multi-chain-effective.toml b/core/services/chainlink/testdata/config-multi-chain-effective.toml index c54b55933c1..c796e83626b 100644 --- a/core/services/chainlink/testdata/config-multi-chain-effective.toml +++ b/core/services/chainlink/testdata/config-multi-chain-effective.toml @@ -387,7 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -QuorumFMultiplier = 2 +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/services/cre/cre.go b/core/services/cre/cre.go index b6e46cace76..b0636889fc7 100644 --- a/core/services/cre/cre.go +++ b/core/services/cre/cre.go @@ -228,7 +228,7 @@ func (s *Services) newSubservices( lggr, opts.LimitsFactory, attestationValidator, - cfg.CRE().ConfidentialRelay().QuorumFMultiplier(), + cfg.CRE().ConfidentialRelay().RequireBFTQuorum(), ) srvs = append(srvs, relayService) } diff --git a/core/web/resolver/testdata/config-empty-effective.toml b/core/web/resolver/testdata/config-empty-effective.toml index e35c83293a4..c51363d5a11 100644 --- a/core/web/resolver/testdata/config-empty-effective.toml +++ b/core/web/resolver/testdata/config-empty-effective.toml @@ -387,7 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -QuorumFMultiplier = 2 +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-full.toml b/core/web/resolver/testdata/config-full.toml index 282e5d3bb68..b7617c6087b 100644 --- a/core/web/resolver/testdata/config-full.toml +++ b/core/web/resolver/testdata/config-full.toml @@ -405,7 +405,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -QuorumFMultiplier = 3 +RequireBFTQuorum = true [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-multi-chain-effective.toml b/core/web/resolver/testdata/config-multi-chain-effective.toml index ffa9a669c8b..29286f7ba83 100644 --- a/core/web/resolver/testdata/config-multi-chain-effective.toml +++ b/core/web/resolver/testdata/config-multi-chain-effective.toml @@ -387,7 +387,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -QuorumFMultiplier = 2 +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/docs/CONFIG.md b/docs/CONFIG.md index c44cce13371..75d3ee47dac 100644 --- a/docs/CONFIG.md +++ b/docs/CONFIG.md @@ -2725,7 +2725,7 @@ DebugMode enables additional tracing and logging for workflow engines. [CRE.ConfidentialRelay] Enabled = false # Default TrustEnclaves = false # Default -QuorumFMultiplier = 2 # Default +RequireBFTQuorum = false # Default ``` @@ -2741,11 +2741,11 @@ TrustEnclaves = false # Default ``` TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. -### QuorumFMultiplier +### RequireBFTQuorum ```toml -QuorumFMultiplier = 2 # Default +RequireBFTQuorum = false # Default ``` -QuorumFMultiplier sets the multiplier applied to the Workflow DON fault tolerance when computing the relay's signature quorum: threshold = QuorumFMultiplier*F + 1. +RequireBFTQuorum selects the relay's kind of signature quorum. ## Sharding ```toml From bdf02e5d185e408e36cb08a19a59c0afe86a2fcc Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Mon, 29 Jun 2026 16:26:51 -0400 Subject: [PATCH 09/12] Revert plugins.private.yaml; finish RequireBFTQuorum plumbing Restores the confidential-http plugin block accidentally removed in 61ed5ede97. Also propagates the RequireBFTQuorum config to the system-tests E2E helper and the node-validate/config testscript fixtures. Co-Authored-By: Claude Opus 4.8 (1M context) --- plugins/plugins.private.yaml | 4 ++++ .../cre/features/confidentialrelay/confidentialrelay.go | 9 +++++++-- testdata/scripts/config/merge_raw_configs.txtar | 1 + testdata/scripts/node/validate/default.txtar | 1 + testdata/scripts/node/validate/defaults-override.txtar | 1 + .../node/validate/disk-based-logging-disabled.txtar | 1 + .../node/validate/disk-based-logging-no-dir.txtar | 1 + testdata/scripts/node/validate/disk-based-logging.txtar | 1 + testdata/scripts/node/validate/fallback-override.txtar | 1 + testdata/scripts/node/validate/invalid-ocr-p2p.txtar | 1 + testdata/scripts/node/validate/invalid.txtar | 1 + testdata/scripts/node/validate/valid.txtar | 1 + testdata/scripts/node/validate/warnings.txtar | 1 + 13 files changed, 22 insertions(+), 2 deletions(-) diff --git a/plugins/plugins.private.yaml b/plugins/plugins.private.yaml index 46dcf17fc34..856e7cf4caa 100644 --- a/plugins/plugins.private.yaml +++ b/plugins/plugins.private.yaml @@ -45,3 +45,7 @@ plugins: - moduleURI: "github.com/smartcontractkit/capabilities/chain_capabilities/aptos" gitRef: "5424665d88fc5c239a2af353abcf0f0e0e4cb710" installPath: "." + confidential-http: + - moduleURI: "github.com/smartcontractkit/confidential-compute/enclave/apps/confidential-http/capability" + gitRef: "24ffd2435ed7d6bca45525c2189d720b7a4ef6bc" + installPath: "./cmd/confidential-http" diff --git a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go index 17f54164f79..50a14a82e99 100644 --- a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go +++ b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go @@ -21,6 +21,9 @@ type ConfidentialRelay struct { // TrustEnclaves makes the relay trust fake (non-Nitro) enclaves by // relaxing TEE attestation validation. INSECURE; test/E2E use only. TrustEnclaves bool + // RequireBFTQuorum requires a Byzantine quorum of 2*F+1 Workflow DON + // signatures instead of the default crash-fault quorum of F+1. + RequireBFTQuorum bool } func (o *ConfidentialRelay) Flag() cre.CapabilityFlag { @@ -64,9 +67,11 @@ func (o *ConfidentialRelay) PreEnvStartup( enabled := true trustEnclaves := o.TrustEnclaves + requireBFTQuorum := o.RequireBFTQuorum typedConfig.CRE.ConfidentialRelay = &coretoml.ConfidentialRelayConfig{ - Enabled: &enabled, - TrustEnclaves: &trustEnclaves, + Enabled: &enabled, + TrustEnclaves: &trustEnclaves, + RequireBFTQuorum: &requireBFTQuorum, } out, err := tomlser.Marshal(typedConfig) diff --git a/testdata/scripts/config/merge_raw_configs.txtar b/testdata/scripts/config/merge_raw_configs.txtar index 105b7e61686..9c461e9c21d 100644 --- a/testdata/scripts/config/merge_raw_configs.txtar +++ b/testdata/scripts/config/merge_raw_configs.txtar @@ -534,6 +534,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/default.txtar b/testdata/scripts/node/validate/default.txtar index 2bbb80ee01a..2570cd97141 100644 --- a/testdata/scripts/node/validate/default.txtar +++ b/testdata/scripts/node/validate/default.txtar @@ -399,6 +399,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/defaults-override.txtar b/testdata/scripts/node/validate/defaults-override.txtar index 48f058be61e..1e1a7b7160b 100644 --- a/testdata/scripts/node/validate/defaults-override.txtar +++ b/testdata/scripts/node/validate/defaults-override.txtar @@ -460,6 +460,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar index 67f4aa4fd36..056b6d598d7 100644 --- a/testdata/scripts/node/validate/disk-based-logging-disabled.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-disabled.txtar @@ -443,6 +443,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar index ea414ddad3f..cd97450596d 100644 --- a/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar +++ b/testdata/scripts/node/validate/disk-based-logging-no-dir.txtar @@ -443,6 +443,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/disk-based-logging.txtar b/testdata/scripts/node/validate/disk-based-logging.txtar index ed9379e7659..5107c8b5087 100644 --- a/testdata/scripts/node/validate/disk-based-logging.txtar +++ b/testdata/scripts/node/validate/disk-based-logging.txtar @@ -443,6 +443,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/fallback-override.txtar b/testdata/scripts/node/validate/fallback-override.txtar index 24c918961cf..d1394eb74f6 100644 --- a/testdata/scripts/node/validate/fallback-override.txtar +++ b/testdata/scripts/node/validate/fallback-override.txtar @@ -545,6 +545,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/invalid-ocr-p2p.txtar b/testdata/scripts/node/validate/invalid-ocr-p2p.txtar index c6bd8e6bfb5..d34b796be1e 100644 --- a/testdata/scripts/node/validate/invalid-ocr-p2p.txtar +++ b/testdata/scripts/node/validate/invalid-ocr-p2p.txtar @@ -428,6 +428,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/invalid.txtar b/testdata/scripts/node/validate/invalid.txtar index 012b0a8ce20..90187b4caab 100644 --- a/testdata/scripts/node/validate/invalid.txtar +++ b/testdata/scripts/node/validate/invalid.txtar @@ -439,6 +439,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = '' diff --git a/testdata/scripts/node/validate/valid.txtar b/testdata/scripts/node/validate/valid.txtar index 8f43ed3c2cf..8b84a8fbb08 100644 --- a/testdata/scripts/node/validate/valid.txtar +++ b/testdata/scripts/node/validate/valid.txtar @@ -440,6 +440,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/testdata/scripts/node/validate/warnings.txtar b/testdata/scripts/node/validate/warnings.txtar index 6c9c3ea134f..9c5e73f3181 100644 --- a/testdata/scripts/node/validate/warnings.txtar +++ b/testdata/scripts/node/validate/warnings.txtar @@ -422,6 +422,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' From 708a77f17203ddc80e11885df722f4d704da654f Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Mon, 29 Jun 2026 16:30:11 -0400 Subject: [PATCH 10/12] touchups --- core/capabilities/confidentialrelay/handler.go | 4 +--- core/config/cre_config.go | 4 +--- core/config/docs/core.toml | 2 +- core/config/toml/types.go | 4 +--- core/services/chainlink/config_cre.go | 8 ++------ 5 files changed, 6 insertions(+), 16 deletions(-) diff --git a/core/capabilities/confidentialrelay/handler.go b/core/capabilities/confidentialrelay/handler.go index a254b2c09d2..7e613ed3445 100644 --- a/core/capabilities/confidentialrelay/handler.go +++ b/core/capabilities/confidentialrelay/handler.go @@ -133,9 +133,7 @@ type Handler struct { // validator validates TEE attestation documents. validator AttestationValidator - // requireBFTQuorum selects the required signature quorum: when true the relay - // demands a Byzantine quorum of 2*F+1 unique signers, otherwise a crash-fault - // quorum of F+1. + // requireBFTQuorum selects the required signature quorum requireBFTQuorum bool limitsFactory limits.Factory } diff --git a/core/config/cre_config.go b/core/config/cre_config.go index 9a1a8114ad2..878a930b1d5 100644 --- a/core/config/cre_config.go +++ b/core/config/cre_config.go @@ -28,9 +28,7 @@ type CREConfidentialRelay interface { // TrustEnclaves reports whether the relay should trust fake (non-Nitro) // enclaves by relaxing TEE attestation validation. INSECURE; test-only. TrustEnclaves() bool - // RequireBFTQuorum selects the relay's signature quorum: when true it requires - // a Byzantine quorum of 2*F+1 unique signers, otherwise a crash-fault quorum - // of F+1. Defaults to false. + // RequireBFTQuorum selects the required signature quorum RequireBFTQuorum() bool } diff --git a/core/config/docs/core.toml b/core/config/docs/core.toml index fdab98b8be4..d6796e8bb8b 100644 --- a/core/config/docs/core.toml +++ b/core/config/docs/core.toml @@ -971,7 +971,7 @@ DebugMode = false # Default Enabled = false # Default # TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-Nitro) enclaves. intended only for tests. TrustEnclaves = false # Default -# RequireBFTQuorum selects the relay's signature quorum: when true a Byzantine quorum of 2*F+1 unique signers, otherwise a crash-fault quorum of F+1. +# RequireBFTQuorum selects the relay's signature quorum. RequireBFTQuorum = false # Default # Sharding holds settings for node sharding configuration. diff --git a/core/config/toml/types.go b/core/config/toml/types.go index a8fbb7b8674..43cf1037664 100644 --- a/core/config/toml/types.go +++ b/core/config/toml/types.go @@ -1961,9 +1961,7 @@ type ConfidentialRelayConfig struct { // fake (non-Nitro) enclaves. INSECURE; intended only for tests/E2E that run // against the fake enclave environment. TrustEnclaves *bool `toml:",omitempty"` - // RequireBFTQuorum selects the signature quorum the relay requires from the - // Workflow DON: when true a Byzantine quorum of 2*F+1 unique signers, otherwise - // a crash-fault quorum of F+1. Defaults to false. + // RequireBFTQuorum selects the required signature quorum. RequireBFTQuorum *bool `toml:",omitempty"` } diff --git a/core/services/chainlink/config_cre.go b/core/services/chainlink/config_cre.go index ecebc23acc3..884dcb98693 100644 --- a/core/services/chainlink/config_cre.go +++ b/core/services/chainlink/config_cre.go @@ -105,10 +105,6 @@ func (c *creConfig) Linking() config.CRELinking { return &linkingConfig{url: url, tlsEnabled: tlsEnabled} } -// defaultRequireBFTQuorum is used when RequireBFTQuorum is not configured, -// yielding a crash-fault quorum of F+1. -const defaultRequireBFTQuorum = false - type confidentialRelayConfig struct { enabled bool trustEnclaves bool @@ -121,7 +117,7 @@ func (cr *confidentialRelayConfig) RequireBFTQuorum() bool { return cr.requireBF func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay == nil { - return &confidentialRelayConfig{requireBFTQuorum: defaultRequireBFTQuorum} + return &confidentialRelayConfig{} } enabled := false if c.c.ConfidentialRelay.Enabled != nil { @@ -131,7 +127,7 @@ func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay { if c.c.ConfidentialRelay.TrustEnclaves != nil { trustEnclaves = *c.c.ConfidentialRelay.TrustEnclaves } - requireBFTQuorum := defaultRequireBFTQuorum + requireBFTQuorum := false if c.c.ConfidentialRelay.RequireBFTQuorum != nil { requireBFTQuorum = *c.c.ConfidentialRelay.RequireBFTQuorum } From e56a7635a23316188bd9c5be603059168d05fc1c Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Mon, 29 Jun 2026 16:31:50 -0400 Subject: [PATCH 11/12] touchups --- .../lib/cre/features/confidentialrelay/confidentialrelay.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go index 50a14a82e99..ddc316f7302 100644 --- a/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go +++ b/system-tests/lib/cre/features/confidentialrelay/confidentialrelay.go @@ -21,8 +21,7 @@ type ConfidentialRelay struct { // TrustEnclaves makes the relay trust fake (non-Nitro) enclaves by // relaxing TEE attestation validation. INSECURE; test/E2E use only. TrustEnclaves bool - // RequireBFTQuorum requires a Byzantine quorum of 2*F+1 Workflow DON - // signatures instead of the default crash-fault quorum of F+1. + // RequireBFTQuorum determines the required signature quorum for the relay. RequireBFTQuorum bool } From 00cb3111ba5c190104949046c5203ebcb720269f Mon Sep 17 00:00:00 2001 From: vreff <104409744+vreff@users.noreply.github.com> Date: Mon, 29 Jun 2026 17:09:00 -0400 Subject: [PATCH 12/12] fixes --- core/services/chainlink/config_test.go | 2 +- core/services/chainlink/testdata/config-full.toml | 2 +- core/web/resolver/testdata/config-full.toml | 2 +- docs/CONFIG.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/core/services/chainlink/config_test.go b/core/services/chainlink/config_test.go index 2fd1ede013b..fc02e298787 100644 --- a/core/services/chainlink/config_test.go +++ b/core/services/chainlink/config_test.go @@ -595,7 +595,7 @@ func TestConfig_Marshal(t *testing.T) { ConfidentialRelay: &toml.ConfidentialRelayConfig{ Enabled: new(bool), TrustEnclaves: new(bool), - RequireBFTQuorum: ptr(true), + RequireBFTQuorum: new(bool), }, } full.Billing = toml.Billing{ diff --git a/core/services/chainlink/testdata/config-full.toml b/core/services/chainlink/testdata/config-full.toml index c8dc18c695f..f2a81af02b9 100644 --- a/core/services/chainlink/testdata/config-full.toml +++ b/core/services/chainlink/testdata/config-full.toml @@ -426,7 +426,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -RequireBFTQuorum = true +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/core/web/resolver/testdata/config-full.toml b/core/web/resolver/testdata/config-full.toml index b7617c6087b..95109d1a30d 100644 --- a/core/web/resolver/testdata/config-full.toml +++ b/core/web/resolver/testdata/config-full.toml @@ -405,7 +405,7 @@ TLSEnabled = true [CRE.ConfidentialRelay] Enabled = false TrustEnclaves = false -RequireBFTQuorum = true +RequireBFTQuorum = false [Billing] URL = 'localhost:4319' diff --git a/docs/CONFIG.md b/docs/CONFIG.md index 3975dc84798..a41f9b1b1e1 100644 --- a/docs/CONFIG.md +++ b/docs/CONFIG.md @@ -2753,7 +2753,7 @@ TrustEnclaves relaxes TEE attestation validation so the relay trusts fake (non-N ```toml RequireBFTQuorum = false # Default ``` -RequireBFTQuorum selects the relay's kind of signature quorum. +RequireBFTQuorum selects the relay's signature quorum. ## Sharding ```toml