feat: [IC-1992] Implement do_split_subnet endpoint#8692
Merged
kpop-dfinity merged 274 commits intomasterfrom Mar 26, 2026
Merged
feat: [IC-1992] Implement do_split_subnet endpoint#8692kpop-dfinity merged 274 commits intomasterfrom
do_split_subnet endpoint#8692kpop-dfinity merged 274 commits intomasterfrom
Conversation
…8673) Support `--since DATETIME` and `--until DATETTIME` arguments for ` //ci/githubstats:query`. For example: ``` bazel run //ci/githubstats:query -- top 10 impact --since '2026-01-30 12:23' --verbose ... AND (bt.first_start_time >= '2026-01-30 12:23:00+00:00'::timestamptz) ... ``` --------- Co-authored-by: IDX GitHub Automation <infra+github-automation@dfinity.org>
…til arguments (#8674) I occasionally want to see if a specific commit fixed an error so I want to see the test statistics since the time of that commit. To not have to figure out the date and time of a commit manually this extends the `--since` and `--until` flags to also accept git commits from which the time will then be taken. For example to see if bbb6cb0 has the effect we hoped for you could run: ``` $ bazel run //ci/githubstats:query -- top 10 impact --since bbb6cb0 --verbose ... WHERE ... AND (bt.first_start_time >= '2026-01-30 12:23:19+00:00'::timestamptz) ... ... ``` --------- Co-authored-by: IDX GitHub Automation <infra+github-automation@dfinity.org>
Update the proposal descriptions based on several rules: - Match [NNS Dapp](https://github.com/dfinity/nns-dapp/blob/main/frontend/src/lib/i18n/en.governance.json) - Use imperative form - they describe actions, e.g. "A proposal to change ..." => "Change", "Updates ..." => "Update ..." - Did not use the ManageNetworkEconomics text from the NNS Dapp, but kept the rewritten one to avoid listing every parameter - they easily get out-dated.
…8667) # Why When maturity disbursement feature was added, it used the same minimum for the spawning neurons. For spawning, the minimum requirement has 2 purposes: (1) avoid spawning too many neurons given the same amount of maturity, i.e. avoid DoS (2) the resulting neuron should always have >= 1 ICP stake (minimum stake) with worst maturity modulation (-5%). For maturity disbursement, (2) isn't needed anymore, and the 1/0.95 value is more confusing than 1, without a good reason. # What Check the maturity disbursement >= 1 ICP, directly, without applying worst maturity modulation. Note that since we are lowering the minimum requirement, all maturity disbursement requests that previously succeed will still succeed, while some requests (`[1, 1 / 0.95)`) that previously fail will now succeed. This should not cause confusing behavior in the frontends, and thus frontend changes can be released independently from this.
The struct was deprecated a long time ago (it's a combination of ICP and cycles; but transferring ICP via canister calls was never implemented; so it was eventually replaced by `Cycles` fields in most places). Following recent changes that added (and populated and persisted) a `Cycles` field next to every `Funds` field, it is now safe to drop the type from the Replicated State and from checkpoints. (Dropping it from the canonical state is independent and also going on in parallel.)
This will stop encoding Funds fields in Request and Response messages in the canonical state tree.
This PR introduces the required changes in the orchestrator to support recalled GuestOS versions as part of SEV recovery. In the upgrade loop, if the upgrade version is recalled according to the latest registry version, we return an error early, but still set the subnet assignment, which allows to provision SSH keys and continue with a normal recovery. Most of the modified logic lies in the registry replicator. Indeed, shortly after booting, the latest registry version available locally might not yet reflect the latest version of the registry canister. Thus, if the GuestOS version was recalled at the latest version in the canister, the node might not yet see it and still proceed with the upgrade. We propose to first check if the replicator _has replicated all versions which were certified before its initialization_, which is done asynchronously. This guarantees that if the GuestOS version was recalled _before the node rebooted_, then the node will not upgrade to it. As a safeguard to not stay stuck forever, if the replicator fails to replicate all versions which were certified before its initialization after 30 minutes, we will proceed with trusting our own view of the registry to determine whether the target version is recalled or not. Also, this change does not target the NNS to avoid delaying NNS Recovery. The NNS should not benefit from SEV anyways. P.S.: A lot of the changed lines mock the `RegistryHelper` to test the implementation even though recalled replica versions are not supported yet. Once they are, a lot of the mocking code can be deleted. They are marked with `TODO(NODE-1754)` in comments. --------- Co-authored-by: IDX GitHub Automation <infra+github-automation@dfinity.org>
Fix for the autofix job [failing](https://github.com/dfinity/ic/actions/runs/21682746474/job/62521450291#step:5:288) on external PRs. --------- Co-authored-by: IDX GitHub Automation <infra+github-automation@dfinity.org>
Co-authored-by: IDX GitHub Automation <infra+github-automation@dfinity.org>
…::list_state_hashes_to_certify (#8678) This PR introduces a new `StateHashMetadata` struct returned by `StateManager::list_state_hashes_to_certify`. The motivation for the change is the function `StateManager::list_state_hashes_to_certify` returns a pair of height and hash and extending the pair into a tuple (to include extra stuff in follow-up PRs) is not a good practice.
…Rs (#8689) Co-authored-by: IDX GitHub Automation <infra+github-automation@dfinity.org>
kpop-dfinity
changed the title
Contributor
alin-at-dfinity
left a comment
alin-at-dfinity
left a comment
There was a problem hiding this comment.
LGTM, thank you!
This adds correct workflow permissions and introduces a dry-run mode. Successful run here: https://github.com/dfinity/ic/actions/runs/21712164393/job/62618331297 Crate publishing based on this example: https://github.com/dfinity/ic-bn-lib/blob/main/.github/workflows/publish-ic-bn-lib.yml
We already check (and actually panic) if we attempt to call `SystemState::push_input()` with a message addressed to a different canister. So the `Callback::originator` field is entirely redundant.
…nit test (#8656) Following @AleDema's [suggestion](9d8ad1b43#r176197856), this PR uses `matches!` instead of an equality check for the new subnet assignment in upgrade loop unit tests. Indeed, since `SubnetAssignment::Unknown != SubnetAssignment::Unknown` ([source](https://sourcegraph.com/github.com/dfinity/ic@0e4b3d10a063292b9432ba529381b0fff7f8a166/-/blob/rs/orchestrator/src/orchestrator.rs?L60)), `assert_ne!(new_subnet_assignment, SubnetAssignment::Unknown)` would always pass, even if the assignment was `Unknown`. Using pattern matching fixes this. The original comment suggested to preserve the reflexive property, i.e. have that `SubnetAssignment::Unknown == SubnetAssignment::Unknown`. Though I think that from a conceptual point of view, two unknown assignments should not be considered equal, as they could be unknown for different reasons (similar to `NaN != NaN` for floating point numbers).
The pre-generated dev launch measurement should match the actual dev SEV launch measurement. This fixes a bug where a dev SEV node is unable to join a dev testnet because the blessed version contained a "prod" measurement. Fix: correct the `vcpus` used in the pre-generated dev launch measurement to match the dev defaults (in deployment.json.template).
Last follow up PR that replaces `local_test_on_nns_subnet` with `state_machine_test_on_nns_subnet`. Results in significant speed up in 3 out of 4 tests (smaller speed up in the last one) that were using the proc macro `parameterized_upgrades`.
Another improvement in the SNS integration tests replacing the older `local_test_on_sns_subnet` with the more efficient `state_machine_test_on_sns_subnet`. For tests that are using it, the speed up ranges from roughly 30% up to 50%. Note that there is still one file (`rs/sns/integration_tests/src/neuron.rs`) where the older function is used as it was not a simple string replace to make it work. It can be replaced in another PR in the future.
Following up to #8679, performing a similar speed up in Root canister's integration tests. The results are even more dramatic in this case, a ~5x speed up, roughly going from ~25s to about ~5s for most tests.
kpop-dfinity
dismissed
github-actions[bot]’s stale review
-
Update unreleased_changelog.md (if there are behavior changes, even if they are non-breaking).- Done -
Are there BREAKING changes?- no, the endpoint was unimplemented until now -
Is a data migration needed?- no -
Security review?- design has been reviewed, implementation review is scheduled to happen soon
Co-authored-by: Pierugo Pace <pierugo.pace@dfinity.org>
jasonz-dfinity
approved these changes
Mar 25, 2026
pierugo-dfinity
approved these changes
Mar 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduce a new registry canister endpoint
split_subnetwhich when executed, as the name suggest, will instruct the specified subnet to split into two.When executed the following mutations will be made to the registry:
Note
For now the endpoint is not enabled as there is still work to be done on the consensus side.