fix(forks,validation): post-fork by default on fresh chains + GCREdit hash mismatch

[tcsenpai]

Summary

Two coupled fixes surfaced while debugging why a freshly-booted node refused every transfer with GCREdit mismatch on a chain whose genesis.balances had loaded correctly (PR #858 prerequisite applied).

Change 1 — osDenomination.activationHeight default: null → 0

Every chain shipped via ./run -b true / wipe_and_reboot.sh / docker --clean is a brand-new chain with no pre-fork peers to maintain wire compatibility with. The previous default (null) was a back-compat hedge for the incentives-campaign testnet that crossed the fork mid-flight; that window has closed.

With the old default, operators on a clean docker boot silently ended up pre-fork — only whole-DEM transfers accepted, SubDemPrecisionError on every "10% of a non-round balance" op.

gasFeeSeparation stays at null because its activation requires a real treasury address (the placeholder zero is loader-rejected when activationHeight !== null). Operators who want it on a fresh chain set both fields explicitly.

Cross-fork upgrade path preserved. Operators upgrading an existing pre-fork chain MUST still pin activationHeight: <future block> explicitly — overriding to null remains the safe path for a live cross-fork upgrade.

data/genesis.json in this repo updated to match: osDenomination.activationHeight: 0.

Change 2 — endpointValidation normalises regenerated gcr_edits before hashing

Root cause of the GCREdit mismatch errors:

• SDK serializer rewrites every gcr_edits[].amount for balance/escrow/validatorStake entries to a canonical OS decimal string when the fork is active. The 1-DEM gas edit becomes amount: "1000000000".
• Node then runs GCRGeneration.generate(tx) to recompute the expected edits. That helper is a pure author producing the raw author shape (amount: 1 as a JS number in DEM for the gas edit).
• Hashing the two shapes diverges → GCREdit mismatch on every post-fork transfer even though the edit set is structurally identical (subtract + add + gas + nonce, same accounts, same base amounts).

Fix: wrap the regenerated edits into a throwaway { ...tx.content, gcr_edits } envelope and run denomination.serializeTransactionContent on it, then pull .gcr_edits back out. That reuses the SDK's canonical wire-shape transform (per transformEditPostFork / …PreFork) without us having to mirror the per-edit-type rewrite logic node-side.

Block-height source is Chain.getLastBlockNumber(); postFork is decided by isForkActive("osDenomination", blockHeight), the same gate the SDK ultimately consults via getNetworkInfo.

Change 3 — Forks unit-test setup hardened

Pre-existing forks unit tests that asserted "default is null" now pin activationHeight = null explicitly so they continue exercising the legacy pre-fork path while the library default is post-fork. No assertion changes — just an explicit setup line per test.

Manual repro on dev.node2.demos.sh:53552

• Pre-fix: bun transfer_10pct.mjs failed at confirm() with "GCREdit mismatch".
• With this fix + wipe_and_reboot.sh applied: confirm + broadcast land, receiver balance updates within one block (verified via repeated getAddressInfo polls).

Diagnosis artefacts

Side-by-side dump of SDK-shipped tx.content.gcr_edits vs GCRGeneration.generate(tx) regen (see debug_gcr_edits.mjs — kept out of this PR; sanity script):

[2] DIFF
    sdk : {"type":"balance","operation":"remove",…,"amount":"1000000000",…}  ← OS string
    node: {"type":"balance","operation":"remove",…,"amount":1,…}              ← DEM number

Test plan

• bun test testing/forks/ — 156 pass / 9 skip (Postgres-gated)
• bun run type-check-ts — no new errors introduced (pre-existing l2ps-messaging + worker-threads-test errors unchanged)
• Manual: dry-run + broadcast on dev.node2 returns "broadcast OK" + receiver balance increment
• Manual on dev.node3: requires wipe_and_reboot.sh first (chain isn't yet on a build with PR fix(genesis): overlay genesisData.balances on snapshot rows #858)

Pre-existing failures NOT introduced by this PR

bun test testing/forks/ shows 6 failures that reproduce on stabilisation baseline:

• forks integration (P3d) > scenario 1: snapshot replay across fork height …
• osDenomination migration > Test 3 / 4 / 6 / 9 / 10

Verified by stashing this diff and re-running — same failures. Out of scope.

Summary by CodeRabbit

• Configuration Changes

  • osDenomination fork configuration now activates immediately by default on all fresh chains instead of remaining inactive by default.

• Bug Fixes

  • Transaction hash validation now normalizes transaction amounts to the SDK wire format before computing comparison hashes to ensure accurate validation.

• Tests

  • Test fixtures and scenarios updated with explicit fork activation height configurations for improved test isolation and clarity.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d4256abe-c199-4d82-9ba6-b567f3a75f6c

📥 Commits

Reviewing files that changed from the base of the PR and between 0f57efe and 8b54617.

📒 Files selected for processing (8)

• data/genesis.json
• src/forks/forkConfig.ts
• src/libs/network/endpointValidation.ts
• testing/forks/disableForkMachineryFlag.test.ts
• testing/forks/forkGates.test.ts
• testing/forks/getNetworkInfo.test.ts
• testing/forks/loadForkConfig.test.ts
• testing/forks/serializerGate.test.ts

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

Walkthrough

This PR updates the osDenomination fork machinery by changing its default activation from inactive (null) to active on genesis (0), and implements fork-aware normalization of GCR edits in transaction validation. Test fixtures are updated to explicitly pin the legacy pre-fork state where needed.

Changes

osDenomination fork default and validation

Layer / File(s)	Summary
Fork configuration defaults data/genesis.json, src/forks/forkConfig.ts	Default osDenomination fork activation height changes from null to 0, activating the fork immediately on fresh chains. Documentation is updated to reflect the new default and operator expectations. gasFeeSeparation remains inactive by default.
GCR edit hash normalization src/libs/network/endpointValidation.ts	handleValidateTransaction now normalizes regenerated GCR edits through fork-aware serialization (denomination.serializeTransactionContent) using current chain height to determine fork state, then hashes the normalized edits instead of raw edits. Imports updated to include denomination and isForkActive.
Test fixtures pinned to legacy pre-fork state testing/forks/*	Test files explicitly set osDenomination.activationHeight to null in scenarios validating legacy pre-fork behavior, ensuring tests do not rely on changed defaults and verify the fork-inactive code path. Affected tests: disableForkMachineryFlag.test.ts, forkGates.test.ts, getNetworkInfo.test.ts, loadForkConfig.test.ts, serializerGate.test.ts.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• kynesyslabs/node#812: Overlaps on osDenomination fork configuration and serializer/hash gating during DEM→OS denomination migration.

Poem

🐰 A fork awakens at genesis dawn,
No longer null, the fork is on!
Hashes normalize through fork-aware light,
Tests pin the old way to get it right.
The chain evolves, one block at a time. ✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/osdenomination-default-active

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR delivers two coupled fixes for fresh-chain boot issues: it changes the osDenomination fork default from null to 0 so newly-started chains are post-fork by default, and adds a normalisation pass over regenerated gcr_edits before hashing so the node's hash matches the SDK's canonical wire shape, eliminating the spurious "GCREdit mismatch" on every post-fork transfer.

• forkConfig.ts / genesis.json: osDenomination.activationHeight flipped to 0; gasFeeSeparation intentionally stays null because activation requires a real treasury address. Operators upgrading a live chain must still pin an explicit future height.
• endpointValidation.ts: Regenerated GCR edits are piped through denomination.serializeTransactionContent (same SDK transform the client used) before hashing, eliminating the DEM-number vs OS-string divergence. Block height is sampled from Chain.getLastBlockNumber() and fed into isForkActive to pick the correct fork path.
• Fork unit tests (5 files): Pre-fork / null-activation tests gain explicit activationHeight = null pins so they exercise the legacy code path rather than the new post-fork default; no assertion changes needed.

Confidence Score: 4/5

Safe to merge for fresh-chain deployments; live-upgrade operators should be aware of the fork-boundary timing gap documented in the PR description.

The default-flip and the normalisation fix both address clearly diagnosed bugs that were blocking every post-fork transfer on fresh chains. The test hardening is correct and well-isolated. The two remaining concerns — the silent ?? [] fallback masking serialiser failures, and the block-height snapshot being taken at validation time rather than at SDK signing time — are quality issues rather than show-stoppers for the primary fresh-chain use case.

src/libs/network/endpointValidation.ts — the normaliseGcrEditsForHash helper deserves a closer look, particularly the empty-array fallback and the block-height sampling point.

Important Files Changed

Filename	Overview
src/libs/network/endpointValidation.ts	Adds GCR-edit normalisation before hashing to fix post-fork GCREdit mismatch; introduces a ?? [] fallback that could silently swallow serialiser failures, and the block-height sampled at validation time can diverge from what the SDK saw at signing time during a live fork upgrade.
src/forks/forkConfig.ts	Changes osDenomination.activationHeight default from null to 0 so fresh chains boot post-fork; well-documented rationale in the JSDoc, and gasFeeSeparation stays inactive-by-default for good reason.
data/genesis.json	Sets osDenomination.activationHeight to 0 to match the new library default; one-line change, consistent with forkConfig.ts.
testing/forks/forkGates.test.ts	Adds explicit null pin in the legacy-pre-fork test; beforeEach/afterEach correctly snapshots and restores shared state so isolation is maintained.
testing/forks/loadForkConfig.test.ts	Pins activationHeight = null as a sentinel in two no-op tests, enabling them to prove the loader is inactive even with the new post-fork default; beforeEach/afterEach restore state.
testing/forks/disableForkMachineryFlag.test.ts	Adds explicit null pin before testing the DEMOS_DISABLE_FORK_MACHINERY no-op behaviour; avoids a false-pass against the new post-fork default.
testing/forks/getNetworkInfo.test.ts	Two inactive/null scenario tests gain explicit null pins to exercise the legacy pre-fork code path independently of the new default.
testing/forks/serializerGate.test.ts	Pre-fork serialiser identity test gains an explicit null pin to remain valid under the new default; no assertion changes required.

Sequence Diagram

sequenceDiagram
    participant SDK as SDK (Client)
    participant Node as Node (endpointValidation)
    participant Chain as Chain.getLastBlockNumber()
    participant GCRGen as GCRGeneration.generate()
    participant Ser as denomination.serializeTransactionContent()

    SDK->>SDK: getNetworkInfo → isForkActive(blockH_sdk)
    SDK->>SDK: serializeTransactionContent(content, postFork_sdk)
    note over SDK: gcr_edits[].amount = OS string (post-fork)
    SDK->>Node: submit Transaction (signed, wire-shape gcr_edits)

    Node->>GCRGen: generate(tx) → raw edits (DEM numbers)
    Node->>Chain: getLastBlockNumber() → blockH_node
    note over Node: isForkActive("osDenomination", blockH_node) → postFork_node
    Node->>Ser: "serializeTransactionContent({...tx.content, gcr_edits: regenEdits}, postFork_node)"
    Ser-->>Node: "normalisedRegen (gcr_edits[].amount = OS string)"

    Node->>Node: hash(normalisedRegen) vs hash(tx.content.gcr_edits)
    note over Node: ✅ both OS strings → hashes match

Loading

_{Reviews (1): Last reviewed commit: "fix(forks,validation): make fresh chains..." | Re-trigger Greptile}

[greptile-apps]

Silent empty fallback masks serializer failure

parsed.gcr_edits ?? [] returns an empty array if denomination.serializeTransactionContent produces JSON without a gcr_edits key (e.g. unexpected content shape or SDK API drift). In that path, JSON.stringify([]) hashes to a fixed value that will never match the SDK edits, so every transaction silently fails with the generic "GCREdit mismatch" error rather than a diagnostic message pointing at the serializer. A log.warn before the fallback would let operators distinguish a genuine edit mismatch from a serializer contract break.

[greptile-apps]

Fork-state divergence at live-upgrade boundary

blockHeight is sampled at node validation time, but the SDK determines postFork when it calls getNetworkInfo before signing. For a chain doing a live upgrade with an explicit activationHeight: N, a transaction signed at block N-1 (SDK sees pre-fork → serializes pre-fork) can arrive at the node after block N is accepted. The node then samples block N or later, normalises as post-fork, and the hash comparison fails even though the transaction is structurally valid. Fresh chains with activationHeight: 0 are unaffected, but a comment noting this known gap for upgrade scenarios would help operators debugging spurious mismatches at fork transitions.