Remove attestation module (removed from saorsa-core)

[mickvandijke]

Summary

• Remove the attestation module (src/attestation.rs) and all references to it — saorsa-core no longer exposes AttestationConfig or EnforcementMode
• Remove zkvm-prover and zkvm-verifier-groth16 feature definitions from Cargo.toml (they forwarded to saorsa-core features that no longer exist)
• Remove AttestationMode, AttestationNodeConfig types and the attestation field from NodeConfig in src/config.rs
• Remove validate_attestation_security() and build_attestation_config() methods from NodeBuilder in src/node.rs
• Strip attestation warnings from build.rs

7 files changed, 453 lines removed. All 173 tests pass, clippy and fmt clean.

Test plan

• cargo clippy --all-targets -- -D warnings — zero warnings
• cargo fmt --all -- --check — clean
• cargo test — 130 unit + 42 e2e + 1 doctest pass

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR removes the attestation module and all related functionality from saorsa-node, aligning with the removal of attestation features from the upstream saorsa-core library.

Changes:

• Removed the entire attestation module including VerificationLevel and related types
• Removed attestation-related configuration types (AttestationMode, AttestationNodeConfig) and the attestation field from NodeConfig
• Removed attestation validation and configuration building methods from NodeBuilder

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/attestation.rs	Complete removal of the attestation security level detection module (159 lines)
src/config.rs	Removed attestation configuration types and field from NodeConfig
src/node.rs	Removed attestation validation, configuration building, and related imports
src/lib.rs	Removed attestation module from public API
src/probe.rs	Updated comment to remove reference to attestation
build.rs	Removed attestation warning emissions from build script
Cargo.toml	Removed zkvm feature flags and switched to local path dependency

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[greptile-apps]

Greptile Overview

Greptile Summary

removed attestation module and all related configuration in response to saorsa-core no longer exposing AttestationConfig or EnforcementMode

Key Changes:

• Deleted src/attestation.rs (159 lines) containing VerificationLevel enum and attestation security detection
• Removed AttestationMode and AttestationNodeConfig types from src/config.rs (128 lines)
• Stripped validate_attestation_security() and build_attestation_config() from NodeBuilder in src/node.rs (115 lines)
• Removed zkvm-prover and zkvm-verifier-groth16 feature flags from Cargo.toml
• Cleaned attestation warnings from build.rs

Issues:

• Cargo.toml line 27: switches saorsa-core to local path dependency { path = "../saorsa-core" } which doesn't exist in the repository - this will break builds
• README.md (not in PR) still documents attestation extensively (lines 938-1008), though updating docs may be intentional for a follow-up PR

Testing:
PR description states all 173 tests pass, clippy and fmt clean.

Confidence Score: 2/5

• PR is blocked by broken dependency path - cannot build
• score reflects the critical build-breaking issue in Cargo.toml line 27 where saorsa-core dependency switched to local path ../saorsa-core which doesn't exist in the repository - this prevents the code from compiling. While the attestation removal itself is clean and thorough, the broken dependency must be fixed before merge
• Cargo.toml requires immediate fix - revert to published version or ensure local path exists

Important Files Changed

Filename	Overview
Cargo.toml	Removed attestation features and switched to local path dependency (path doesn't exist in repo)
src/attestation.rs	Entire module deleted (159 lines removed)
src/config.rs	Removed AttestationMode, AttestationNodeConfig types and attestation field from NodeConfig
src/node.rs	Removed validate_attestation_security() and build_attestation_config() methods

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant PR as This PR
    participant Node as saorsa-node
    participant Core as saorsa-core

    Note over Core: saorsa-core removed<br/>AttestationConfig &<br/>EnforcementMode

    Dev->>PR: Remove attestation module
    PR->>Node: Delete src/attestation.rs
    PR->>Node: Remove from src/lib.rs exports
    
    Dev->>PR: Update config
    PR->>Node: Remove AttestationNodeConfig
    PR->>Node: Remove AttestationMode enum
    PR->>Node: Remove attestation field from NodeConfig
    
    Dev->>PR: Update node builder
    PR->>Node: Remove validate_attestation_security()
    PR->>Node: Remove build_attestation_config()
    
    Dev->>PR: Clean up features & build
    PR->>Node: Remove zkvm-prover feature
    PR->>Node: Remove zkvm-verifier-groth16 feature
    PR->>Node: Strip attestation warnings from build.rs
    
    Note over PR,Node: ⚠️ Cargo.toml now uses<br/>local path dependency<br/>that doesn't exist
    
    PR-->>Core: Expects updated saorsa-core API

Loading

[greptile-apps]

_{4 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[Copilot]

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[mickvandijke]

@claude please do a final review

[claude]

Claude finished @mickvandijke's task —— View job

---

Final PR Review

Review complete! This is a clean and thorough removal of the attestation module.

Todo List

• Read and analyze changed files
• Verify attestation removal is complete
• Check Cargo.toml dependency issue
• Look for remaining attestation references
• Provide comprehensive review feedback

---

Summary

This PR successfully removes the attestation module and all related functionality in response to saorsa-core no longer exposing AttestationConfig or EnforcementMode. The changes are comprehensive, consistent, and well-executed.

Stats: 14 files changed, +13/-1,040 lines

---

✅ What's Done Well

1. Complete Removal

All attestation-related code has been properly removed:

• ✅ src/attestation.rs (159 lines) - entire module deleted
• ✅ src/config.rs - AttestationMode, AttestationNodeConfig, and attestation field removed (127 lines)
• ✅ src/node.rs - validate_attestation_security() and build_attestation_config() methods removed (120 lines)
• ✅ src/lib.rs - module export removed
• ✅ build.rs - attestation warnings stripped (34 lines)
• ✅ Cargo.toml - zkvm-prover and zkvm-verifier-groth16 features removed

2. Thorough Cleanup

The PR goes beyond just code removal:

• ✅ README.md updated (77 lines removed) - attestation documentation cleaned up
• ✅ CI workflow cleaned (.github/workflows/ci.yml) - attestation-specific jobs/steps removed
• ✅ Monitoring dashboards updated:
  • grafana-saorsa-complete.json (100 lines removed)
  • grafana-saorsa-data.json (335 lines removed)
  • grafana-saorsa-metrics.json (38 lines removed)
• ✅ Prometheus alerts updated (saorsa-alerts.yml) - 10 lines removed
• ✅ Documentation updated (docs/TESTNET_500_NODE_PLAN.md) - 28 lines cleaned

3. No Remaining References

Grep search confirms zero remaining attestation references in source code (only git metadata, which is expected).

4. Proper Comment Updates

Minor but important - src/probe.rs:1 comment updated from:

// Probe CoreConfig for attestation_config field

to:

// Probe CoreConfig fields

---

🔍 Critical Issue: Cargo.toml Dependency

⚠️ BLOCKING ISSUE (flagged by Greptile review)

Line 27 in Cargo.toml:

saorsa-core = "0.10.2"

Problem: The PR description states:

"Switch saorsa-core dependency to local path for development"

But looking at the current Cargo.toml, it shows version "0.10.2" which appears correct. However, Greptile's review flagged that it was changed to a local path dependency { path = "../saorsa-core" } which doesn't exist in the repository.

Questions:

1. Was the local path dependency already reverted? The current file shows "0.10.2".
2. If this was using a local path during development, was it intentionally reverted before the PR?
3. Will saorsa-core version 0.10.2 work with this code (i.e., does it lack the attestation APIs)?

Recommendation: If the dependency was already corrected to "0.10.2", please confirm that:

• This version of saorsa-core does NOT expose AttestationConfig or EnforcementMode
• The build succeeds with this version
• CI passes confirm this

---

📋 Minor Observations

1. CI Workflow is Minimal but Complete

The .github/workflows/ci.yml is clean and covers:

• ✅ Format check
• ✅ Clippy
• ✅ Tests (cross-platform: Ubuntu, macOS, Windows)
• ✅ Documentation build
• ✅ Release build (cross-platform)
• ✅ Security audit

No attestation-specific steps remain.

2. Build Script Now Minimal

build.rs is now a minimal stub:

fn main() {
    println!("cargo:rerun-if-changed=build.rs");
}

This is fine - it just triggers rebuild when the build script changes.

3. Node Configuration Clean

The NodeConfig in src/config.rs now has a clean structure without attestation:

• Network mode (Production/Testnet/Development)
• Testnet config with relaxed anti-Sybil
• Upgrade config
• Payment config
• Bootstrap cache
• Storage config

All well-organized and properly documented.

---

🧪 Testing Status

Per PR description:

• ✅ cargo clippy --all-targets -- -D warnings - zero warnings
• ✅ cargo fmt --all -- --check - clean
• ✅ cargo test - 130 unit + 42 e2e + 1 doctest = 173 tests pass

Note: I cannot verify the build locally without approval to run cargo commands, but CI should confirm this.

---

📊 Code Quality

Strengths:

1. No panics - Code follows project standards (no .unwrap(), .expect(), panic!() in production code)
2. Error handling - Proper use of Result types and ? operator
3. Documentation - All public items properly documented
4. Consistency - Naming conventions and code style consistent throughout

Architecture:

The changes maintain the thin wrapper design philosophy:

• saorsa-node remains a minimal layer over saorsa-core
• Configuration mapping is clean (NodeConfig → CoreNodeConfig)
• No unnecessary complexity introduced

---

🎯 Verdict

Status: ✅ APPROVE (pending dependency verification)

This PR is ready to merge IF:

1. ✅ The saorsa-core = "0.10.2" dependency is correct and lacks attestation APIs
2. ✅ CI passes (confirming build + tests work with this version)
3. ✅ No local path dependency issues remain

What's Done Right:

• Complete and thorough removal of attestation code
• Comprehensive cleanup of related documentation and monitoring
• No remaining references or dead code
• Tests pass (per PR description)
• Clean code quality

Confidence Level: High - this is a well-executed removal with proper attention to detail.

---

📝 Recommendations for Future

None required - this PR accomplishes its goal cleanly. The attestation module removal is complete and consistent across the entire codebase.

---

Final Notes

Great work on this PR! The removal is:

• ✅ Complete
• ✅ Consistent
• ✅ Well-documented
• ✅ Properly tested

The only concern is the dependency version verification, which CI should confirm. Once CI passes, this is ready to merge.

---

Review completed: 2026-02-05
Reviewer: Claude (automated code review)
Branch: fix/remove-attestation → main

---

Job run • Branch: fix/remove-attestation

[mickvandijke]

Wait with merging this until the new saorsa-core release. We'll need to update the import here.

[Copilot]

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Removing the attestation field from NodeConfig will cause deserialization to fail for any existing config files that still include an [attestation] section (Serde errors on unknown fields by default). If you want to preserve backward compatibility, consider adding a deprecated/ignored placeholder field (e.g., rename = "attestation" + skip_* + default) so older configs continue to load while effectively disabling attestation.

[Copilot]

CI no longer runs tests with --all-features. Now that the attestation feature flags were removed (and the previous Windows limitation was tied to those), it would be safer to restore an --all-features job (at least on Linux) to avoid silently breaking non-default feature combinations in the future.

Suggested change

	test-all-features:
	name: Test all features (ubuntu-latest)
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: dtolnay/rust-toolchain@stable
	- uses: Swatinem/rust-cache@v2
	- name: Run tests with all features
	run: cargo test --all-features