Skip to content

Anchor mutable DAR candidates to DevNet#289

Closed
HardlyDifficult wants to merge 5 commits into
mainfrom
codex/devnet-aware-dar-versions
Closed

Anchor mutable DAR candidates to DevNet#289
HardlyDifficult wants to merge 5 commits into
mainfrom
codex/devnet-aware-dar-versions

Conversation

@HardlyDifficult

Copy link
Copy Markdown
Collaborator

Summary

  • anchor the mutable OpenCapTable DAR candidate to exact preferred packages from both DevNet providers
  • use 0.0.1 when absent, otherwise reuse the exact live candidate or select exactly one patch above the highest preferred DevNet version
  • keep one replaceable networks: [] candidate while preserving every recorded or exact-live DAR as immutable history
  • run dpm upgrade-check --both from every distinct exact DevNet predecessor and deploy only bytes matching the committed candidate
  • persist DevNet markers immediately, serialize releases, and require the exact DevNet-validated candidate for Mainnet
  • add a trusted pull_request_target check that executes default-branch code and treats the detached PR checkout only as bounded data
  • bind Mainnet marker additions to one immutable release artifact and exact lock key; harden hostile ZIP/LFS inputs before DAML tooling parses them

Live DevNet audit and normalization

Trusted audit: https://github.com/Fairmint/daml/actions/runs/29274341662

Both providers preferred OpenCapTable-v34 0.0.1 with package ID 9f94e5a0084b8fd45e3a53a9f8d896dd2cc584bf1ceff90b6b8bf036b336b565. The exact historical DAR was recovered under a distinct immutable alias (SHA-256 85a53aa0cec145e92a453ad59f03e5cd03d8ba400ce8bb5759bf0f55edbf5056) without changing the canonical recorded 0.0.1 artifact.

The current mutable candidate is normalized to 0.0.2, package ID f1042c0593b5e999ca17bc76159b1dba2746564df623a14cbfeffb8585de249a, SHA-256 524b71370b42d579bd3b204c2ca05023da73c1bd4396efe9aa1aabf438576143. Superseded undeployed 0.0.3 was pruned after exact live-ID proof.

The audit queried DevNet only. Mainnet was not queried and does not influence candidate selection.

Safety behavior

  • provider version divergence chooses one patch above the higher version but validates every distinct predecessor
  • same-version/different-ID provider results fail for reconciliation
  • split-provider partial uploads retain the exact live unmarked DAR as an immutable compatibility baseline
  • archive validation bounds actual inflation and verifies CRC/size, including forged declared-size regressions
  • Mainnet provenance authorizes exactly one attested lock entry, never a global marker bypass

Validation

  • npm run build
  • npm run build:ts
  • npm run lint (0 errors; existing warnings only)
  • npm run format
  • npm run lint:daml
  • npm test
  • npm run verify-dars (3 DARs)
  • npm run check-upgrade-compat (exact recovered 0.0.1 → candidate 0.0.2)
  • npm run test:dar-version-policy (51/51)
  • git diff --check

Deployment prerequisite

The repository currently has no Canton DevNet client-secret entries. The trusted live check and release workflow will remain blocked until a human provisions CANTON_DEVNET_INTELLECT_LEDGER_JSON_API_CLIENT_SECRET and CANTON_DEVNET_5N_LEDGER_JSON_API_CLIENT_SECRET.

Durable policy and recovery guidance is published in the repository wiki.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 432a0fe7-44a5-40a4-afc4-c8f666395f84

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/devnet-aware-dar-versions

Comment @coderabbitai help to get the list of available commands.

Copy link
Copy Markdown
Collaborator Author

Superseded by the simpler repository-tag design requested during review. CI must not query DevNet. A successful deployment workflow will create an immutable package-scoped deployment tag, and ordinary PRs will derive the reusable candidate version from Git tags only. Closing this oversized draft; no part of it will be merged.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Replacement draft: #290 implements the smaller tag-only policy. CI reads Git tags and committed DARs; no Canton lookup or trusted PR workflow is involved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant