Skip to content

Apply engine limits on confidential-http #21000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
prashantkumar1982 wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Apply engine limits on confidential-http #21000

prashantkumar1982 wants to merge 4 commits into from

Conversation

@prashantkumar1982
Copy link
Contributor

@prashantkumar1982 prashantkumar1982 commented Feb 3, 2026

No description provided.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 3, 2026

I see you updated files related to core. Please run pnpm changeset in the root directory to add a changeset as well as in the text include at least one of the following tags:

  • #added For any new functionality added.
  • #breaking_change For any functionality that requires manual action for the node to boot.
  • #bugfix For bug fixes.
  • #changed For any change to the existing functionality.
  • #db_update For any feature that introduces updates to database schema.
  • #deprecation_notice For any upcoming deprecation functionality.
  • #internal For changesets that need to be excluded from the final changelog.
  • #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
  • #removed For any functionality/config that is removed.
  • #updated For any functionality that is updated.
  • #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

@trunk-io
Copy link

trunk-io bot commented Feb 3, 2026
edited
Loading

Static BadgeStatic BadgeStatic BadgeStatic Badge

View Full Report ↗︎Docs

@cl-sonarqube-production
Copy link

cl-sonarqube-production bot commented Feb 3, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@prashantkumar1982 prashantkumar1982 marked this pull request as ready for review February 3, 2026 06:38
@prashantkumar1982 prashantkumar1982 requested review from a team as code owners February 3, 2026 06:38
Copilot AI review requested due to automatic review settings February 3, 2026 06:38
Copilot AI reviewed Feb 3, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates workflow engine configuration to introduce a dedicated limiter for confidential HTTP capability calls, alongside bumping github.com/smartcontractkit/chainlink-common across modules to a newer pseudo-version.

Changes:

  • Bump github.com/smartcontractkit/chainlink-common to v0.9.6-0.20260203025122-0da324f1967c across multiple Go modules in the repo.
  • Add ConfidentialHTTPCalls as a new EngineLimiters bound limiter sourced from cfg.ConfidentialHTTP.CallLimit, and include it in limiter shutdown (Close()).
  • Register a call-limiter mapping for {"confidential-http", "SendRequests"} in the workflow capability executor.

Reviewed changes

Copilot reviewed 9 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
system-tests/tests/go.mod Bumps chainlink-common dependency version for system tests module.
system-tests/tests/go.sum Updates sums for the bumped chainlink-common version.
system-tests/lib/go.mod Bumps chainlink-common dependency version for system test lib module.
system-tests/lib/go.sum Updates sums for the bumped chainlink-common version.
integration-tests/load/go.mod Bumps chainlink-common dependency version for load tests module.
integration-tests/load/go.sum Updates sums for the bumped chainlink-common version.
integration-tests/go.mod Bumps chainlink-common dependency version for integration tests module.
integration-tests/go.sum Updates sums for the bumped chainlink-common version.
go.mod Bumps root module chainlink-common dependency version.
go.sum Updates sums for the bumped chainlink-common version in root module.
deployment/go.mod Bumps chainlink-common dependency version for deployment module.
deployment/go.sum Updates sums for the bumped chainlink-common version.
core/scripts/go.mod Bumps chainlink-common dependency version for core scripts module.
core/scripts/go.sum Updates sums for the bumped chainlink-common version.
core/services/workflows/v2/config.go Introduces and initializes ConfidentialHTTPCalls limiter from settings and closes it.
core/services/workflows/v2/capability_executor.go Adds a limiter mapping entry for confidential-http capability calls.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

core/services/workflows/v2/capability_executor.go
Comment on lines +49 to +51
{"evm", "WriteReport"}: limiters.ChainWriteTargets,
{"http-actions", "SendRequest"}: limiters.HTTPActionCalls,
{"confidential-http", "SendRequests"}: limiters.HTTPActionCalls,
Copy link

Copilot AI Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There doesn’t appear to be test coverage asserting that confidential-http calls are bounded by PerWorkflow.ConfidentialHTTP.CallLimit (and not sharing the http-actions limiter). Consider adding a unit/integration test that exercises ExecutionHelper.CallCapability with Id parsing to capName=="confidential-http" and verifies the bound-limiter error once the configured call limit is exceeded.

Copilot uses AI. Check for mistakes.
core/services/workflows/v2/capability_executor.go
{"evm", "FilterLogs"}: limiters.ChainReadCalls,
{"evm", "WriteReport"}: limiters.ChainWriteTargets,
{"http-actions", "SendRequest"}: limiters.HTTPActionCalls,
{"confidential-http", "SendRequests"}: limiters.HTTPActionCalls,
Copy link

Copilot AI Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The confidential-http capability is still being limited by limiters.HTTPActionCalls, so the newly introduced limiters.ConfidentialHTTPCalls (initialized from cfg.ConfidentialHTTP.CallLimit) is never applied. This means confidential-http calls will share the http-actions budget and changes to ConfidentialHTTP.CallLimit won’t have any effect. Map {"confidential-http", "SendRequests"} to limiters.ConfidentialHTTPCalls instead.

Suggested change
{"confidential-http", "SendRequests"}: limiters.HTTPActionCalls,
{"confidential-http", "SendRequests"}: limiters.ConfidentialHTTPCalls,

Copilot uses AI. Check for mistakes.
ecPablo
ecPablo approved these changes Feb 3, 2026
View reviewed changes
Copy link
Contributor

@ecPablo ecPablo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving go mod changes on deployment/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cedric-cordenier cedric-cordenier cedric-cordenier approved these changes

@vreff vreff vreff approved these changes

@ecPablo ecPablo ecPablo approved these changes

@patrickhuie19 patrickhuie19 Awaiting requested review from patrickhuie19

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@prashantkumar1982 @cedric-cordenier @vreff @ecPablo