Skip to content

feat(validator): SIMD-0387 BLS pubkey registration + Agave XDP support#400

Merged
POPPIN-FUMI merged 2 commits into
mainfrom
feat/validator-bls-xdp
Jun 6, 2026
Merged

feat(validator): SIMD-0387 BLS pubkey registration + Agave XDP support#400
POPPIN-FUMI merged 2 commits into
mainfrom
feat/validator-bls-xdp

Conversation

@POPPIN-FUMI

Copy link
Copy Markdown
Contributor

Summary

Adds support for two new testnet/mainnet validator requirements.

BLS public key (SIMD-0387)

Voting validators must register the BLS public key derived from their authorized voter keypair; otherwise the vote account behaves as unstaked once SIMD-0357 (Alpenglow voting) activates.

  • registerBlsPubkey() runs solana vote-authorize-voter-checked … --use-v2-instruction per host, signing with the identity keypair (the default authorized voter), which fills in the derived BLS pubkey without changing the voter.
  • Idempotent & verified: skips hosts whose blsPubkeyCompressed is already set, and reads the key back on-chain before reporting success. Forcing the v2 instruction means that when the feature gate is still inactive the tx fails cleanly at simulation without mutating state (avoids a wasted voter re-authorization that would also burn the once-per-epoch voter-change slot).
  • Auto-runs at the end of slv v deploy for testnet and mainnet (wrapped, non-fatal). Also exposed as slv v register:bls to re-run after the feature activates.

Agave XDP (retransmit acceleration)

  • Per-host inventory vars on NodeConfigBase: xdp_enabled, xdp_interface, xdp_cpu_cores, xdp_zero_copy, xdp_poh_pinned_cpu_core. Captured by promptXdpConfig() during slv v init for agave/jito only (Firedancer uses XDP natively).
  • start-validator*.sh.j2 inject the --experimental-retransmit-xdp-* flags; solv.service.j2 grants CAP_NET_RAW/CAP_NET_ADMIN/CAP_BPF/CAP_PERFMON. All gated by {% if xdp_enabled %}, so existing hosts are unaffected.

Testing

  • New TS files type-check clean (deno check) and are deno fmt formatted; no new type errors introduced.
  • Jinja templates render-tested with Ansible's default trim_blocks=True: XDP flags/capabilities present when enabled, fully absent (no stray blank lines breaking bash line-continuation) when disabled.
  • slv v register:bls exercised end-to-end against a live testnet validator: inventory read → identity-signed tx → on-chain read-back. Confirmed the idempotent/verify path and the clean no-op behavior while SIMD-0387 is not yet gate-active on the cluster.

Notes

  • XDP flags are --experimental- in current Agave; names may change upstream.
  • Requires an Agave/Solana CLI new enough to expose vote-authorize-voter-checked --use-v2-instruction and solana-keygen bls_pubkey (v4.x).

🤖 Generated with Claude Code

POPPIN-FUMI and others added 2 commits June 6, 2026 13:46
Two new testnet/mainnet validator requirements:

BLS public key (SIMD-0387)
- registerBlsPubkey() runs `solana vote-authorize-voter-checked` with
  `--use-v2-instruction` per host, signing with the identity keypair
  (the default authorized voter) to fill in the derived BLS pubkey.
- Idempotent: skips hosts whose blsPubkeyCompressed is already set, and
  verifies the key landed on-chain before reporting success. When the
  feature gate is inactive the forced-v2 tx fails at simulation without
  mutating state (no wasted voter re-authorization).
- Auto-runs at the end of `slv v deploy` (testnet + mainnet, non-fatal);
  also exposed as `slv v register:bls` for re-running after activation.

Agave XDP (retransmit acceleration)
- Per-host inventory vars (xdp_enabled / xdp_interface / xdp_cpu_cores /
  xdp_zero_copy / xdp_poh_pinned_cpu_core) on NodeConfigBase, captured by
  promptXdpConfig() during `slv v init` for agave/jito only (Firedancer
  uses XDP natively).
- start-validator*.sh.j2 inject the --experimental-retransmit-xdp-* flags
  and solv.service.j2 grants CAP_NET_RAW/NET_ADMIN/BPF/PERFMON, all gated
  by `{% if xdp_enabled %}` so existing hosts are unaffected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- registerBlsPubkey: run vote-authorize via Deno.Command argv array (no shell
  word-splitting on keypair paths with spaces); treat empty blsPubkeyCompressed
  as unset; guard non-testnet/mainnet networks and empty HOME; catch malformed
  inventory YAML instead of throwing out of the standalone command.
- promptXdpConfig: validate xdp_cpu_cores / xdp_poh_pinned_cpu_core as
  non-negative integers so a fat-fingered entry can't write NaN (.nan) to the
  inventory and emit a garbage launch flag.
- start-validator*.j2: gate the XDP block on a non-empty xdp_interface and use
  default(1, true) for cpu-cores, so a hand-edited inventory with xdp_enabled
  but a blank interface no longer renders a valueless flag that eats the next.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@POPPIN-FUMI POPPIN-FUMI merged commit a867418 into main Jun 6, 2026
5 of 6 checks passed
@POPPIN-FUMI POPPIN-FUMI deleted the feat/validator-bls-xdp branch June 6, 2026 05:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant