0xMiden · sergerad · May 6, 2026 · May 6, 2026 · May 6, 2026 · May 6, 2026
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -13,15 +13,28 @@ permissions:
 jobs:
   docker-build:
     runs-on: Linux-ARM64-Runner
+    strategy:
+      matrix:
+        include:
+          - component: node
+            bin: miden-node
+            port: 57291
+          - component: validator
+            bin: miden-validator
+            port: 50101
+    name: Build ${{ matrix.component }}
     steps:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
 
-      - name: Build and push
+      - name: Build
         uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
         with:
           push: false
-          file: ./bin/node/Dockerfile
+          file: ./Dockerfile
+          build-args: |
+            BIN=${{ matrix.bin }}
+            PORT=${{ matrix.port }}
           cache-from: type=gha
           # Only save cache on push into next
           cache-to: ${{ github.event_name == 'push' && github.ref == 'refs/heads/next' && 'type=gha,mode=max' || '' }}
diff --git a/.github/workflows/publish-debian-all.yml b/.github/workflows/publish-debian-all.yml
@@ -72,6 +72,34 @@ jobs:
           crate: miden-remote-prover
           arch: ${{ matrix.arch }}
 
+  publish-validator:
+    name: Publish Validator ${{ matrix.arch }} Debian
+    permissions:
+      contents: write
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    runs-on:
+      labels: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - uses: ./.github/actions/install-rocksdb
+      - uses: ./.github/actions/install-protobuf-compiler
+      - name: Build and Publish Validator
+        uses: ./.github/actions/debian
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          gitref: ${{ env.version }}
+          crate_dir: validator
+          package: miden-validator
+          packaging_dir: validator
+          crate: miden-validator
+          arch: ${{ matrix.arch }}
+
   publish-network-monitor:
     name: Publish Network Monitor ${{ matrix.arch }} Debian
     permissions:

diff --git a/.github/workflows/publish-debian.yml b/.github/workflows/publish-debian.yml
@@ -3,40 +3,15 @@ name: Publish Debian Package
 on:
   workflow_dispatch:
     inputs:
-      package:
-        description: "Name of package to publish"
+      component:
+        description: "Component to publish"
         required: true
         type: choice
-        options:
-          - miden-network-monitor
-          - miden-node
-          - miden-prover
-          - miden-prover-proxy
-      crate_dir:
-        required: true
-        description: "Name of crate directory"
-        type: choice
-        options:
-          - network-monitor
-          - node
-          - remote-prover
-      packaging_dir:
-        required: true
-        description: "Name of packaging directory"
-        type: choice
         options:
           - network-monitor
           - node
           - prover
-          - prover-proxy
-      crate:
-        description: "Name of the binary crate to publish"
-        required: true
-        type: choice
-        options:
-          - miden-network-monitor
-          - miden-node
-          - miden-remote-prover
+          - validator
       version:
         description: "Version to release (E.G. v0.10.0-rc.1, v0.10.0). Corresponding git tag must already exist."
         required: true
@@ -47,7 +22,7 @@ permissions:
 
 jobs:
   publish:
-    name: Publish ${{ inputs.package }} ${{ matrix.arch }} Debian
+    name: Publish ${{ inputs.component }} ${{ matrix.arch }} Debian
     permissions:
       contents: write
     strategy:
@@ -62,6 +37,29 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
+      - name: Resolve component inputs
+        id: resolve
+        shell: bash
+        env:
+          COMPONENT: ${{ inputs.component }}
+        run: |
+          package="miden-${COMPONENT}"
+          packaging_dir="${COMPONENT}"
+
+          # prover's binary crate lives in bin/remote-prover and is named miden-remote-prover
+          if [ "${COMPONENT}" = "prover" ]; then
+            crate_dir="remote-prover"
+            crate="miden-remote-prover"
+          else
+            crate_dir="${COMPONENT}"
+            crate="miden-${COMPONENT}"
+          fi
+
+          echo "package=${package}"       >> "$GITHUB_OUTPUT"
+          echo "crate_dir=${crate_dir}"   >> "$GITHUB_OUTPUT"
+          echo "packaging_dir=${packaging_dir}" >> "$GITHUB_OUTPUT"
+          echo "crate=${crate}"           >> "$GITHUB_OUTPUT"
+
       - uses: ./.github/actions/install-rocksdb
       - uses: ./.github/actions/install-protobuf-compiler
 
@@ -70,8 +68,8 @@ jobs:
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           gitref: ${{ inputs.version }}
-          crate_dir: ${{ inputs.crate_dir }}
-          package: ${{ inputs.package }}
-          packaging_dir: ${{ inputs.packaging_dir }}
-          crate: ${{ inputs.crate }}
+          crate_dir: ${{ steps.resolve.outputs.crate_dir }}
+          package: ${{ steps.resolve.outputs.package }}
+          packaging_dir: ${{ steps.resolve.outputs.packaging_dir }}
+          crate: ${{ steps.resolve.outputs.crate }}
           arch: ${{ matrix.arch }}
diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml
@@ -28,7 +28,13 @@ jobs:
     environment: publish-docker
     strategy:
       matrix:
-        component: [node]
+        include:
+          - component: node
+            bin: miden-node
+            port: 57291
+          - component: validator
+            bin: miden-validator
+            port: 50101
     name: Publish ${{ matrix.component }} ${{ inputs.version }}
     steps:
       - name: Checkout repo
@@ -62,7 +68,10 @@ jobs:
         uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           push: true
-          file: ./bin/${{ matrix.component }}/Dockerfile
+          file: ./Dockerfile
+          build-args: |
+            BIN=${{ matrix.bin }}
+            PORT=${{ matrix.port }}
           tags: ${{ env.registry }}/0xmiden/miden-${{ matrix.component }}:${{ env.version }}
           cache-from: type=s3,region=${{ secrets.AWS_REGION }},bucket=${{ secrets.AWS_CACHE_BUCKET }},name=miden-${{ matrix.component }}
           cache-to: type=s3,region=${{ secrets.AWS_REGION }},bucket=${{ secrets.AWS_CACHE_BUCKET }},name=miden-${{ matrix.component }},mode=max
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@
 - Added `StoreReplica` gRPC service with endpoints for streaming blocks and proofs ([#1987](https://github.com/0xMiden/node/pull/1987)).
 - Replaced the network monitor's JavaScript dashboard with a server-rendered Maud + HTMX frontend ([#2024](https://github.com/0xMiden/node/pull/2024)).
 - [BREAKING] Removed `CheckNullifiers` endpoint ([#2049](https://github.com/0xMiden/node/pull/2049)).
+- Removed `miden-node validator` subcommand and created a separate `miden-validator` binary ([#2053](https://github.com/0xMiden/node/pull/2053)).
 
 ## v0.14.10 (2026-05-29)
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -5,6 +5,7 @@ members = [
   "bin/node",
   "bin/remote-prover",
   "bin/stress-test",
+  "bin/validator",
   "crates/block-producer",
   "crates/db",
   "crates/grpc-error-macro",

diff --git a/bin/node/Dockerfile → Dockerfile b/bin/node/Dockerfile → Dockerfile
@@ -1,3 +1,6 @@
+ARG BIN
+ARG PORT
+
 FROM rust:1.93-slim-bookworm AS chef
 # Install build dependencies. RocksDB is compiled from source by librocksdb-sys.
 RUN apt-get update && \
@@ -20,12 +23,13 @@ COPY . .
 RUN cargo chef prepare --recipe-path recipe.json
 
 FROM chef AS builder
+ARG BIN
 COPY --from=planner /app/recipe.json recipe.json
 # Build dependencies - this is the caching Docker layer!
 RUN cargo chef cook --release --recipe-path recipe.json
 # Build application
 COPY . .
-RUN cargo build --release --locked --bin miden-node
+RUN cargo build --release --locked --bin ${BIN}
 
 # Base line runtime image with runtime dependencies installed.
 FROM debian:bookworm-slim AS runtime-base
@@ -35,7 +39,9 @@ RUN apt-get update && \
     && rm -rf /var/lib/apt/lists/*
 
 FROM runtime-base AS runtime
-COPY --from=builder /app/target/release/miden-node /usr/local/bin/miden-node
+ARG BIN
+ARG PORT
+COPY --from=builder /app/target/release/${BIN} /usr/local/bin/${BIN}
 LABEL org.opencontainers.image.authors=devops@miden.team \
     org.opencontainers.image.url=https://0xMiden.github.io/ \
     org.opencontainers.image.documentation=https://github.com/0xMiden/node \
@@ -48,8 +54,7 @@ ARG COMMIT
 LABEL org.opencontainers.image.created=$CREATED \
     org.opencontainers.image.version=$VERSION \
     org.opencontainers.image.revision=$COMMIT
-
-# Expose RPC port
-EXPOSE 57291
-# Miden node does not spawn sub-processes, so it can be used as the PID1.
-CMD ["miden-node"]
+EXPOSE ${PORT}
+# Use exec to replace the shell so the binary runs as PID 1.
+ENV MIDEN_BIN=${BIN}
+CMD ["/bin/sh", "-c", "exec /usr/local/bin/$MIDEN_BIN"]
diff --git a/Makefile b/Makefile
@@ -7,7 +7,6 @@ help:
 # -- variables ------------------------------------------------------------------------------------
 
 WARNINGS=RUSTDOCFLAGS="-D warnings"
-CONTAINER_RUNTIME ?= docker
 STRESS_TEST_DATA_DIR ?= stress-test-store-$(shell date +%Y%m%d-%H%M%S)
 COMPOSE_FILES = -f docker-compose.yml -f compose/telemetry.yml -f compose/monitor.yml
 
@@ -105,6 +104,10 @@ build: ## Builds all crates and re-builds protobuf bindings for proto crates
 install-node: ## Installs node
 	cargo install --path bin/node --locked
 
+.PHONY: install-validator
+install-validator: ## Installs validator
+	cargo install --path bin/validator --locked
+
 .PHONY: install-remote-prover
 install-remote-prover: ## Install remote prover's CLI
 	cargo install --path bin/remote-prover --bin miden-remote-prover --locked
@@ -130,46 +133,63 @@ install-network-monitor: ## Installs network monitor binary
 
 .PHONY: compose-genesis
 compose-genesis: ## Wipes node volumes and creates a fresh genesis block
-	$(CONTAINER_RUNTIME) compose $(COMPOSE_FILES) down --volumes --remove-orphans
-	$(CONTAINER_RUNTIME) volume rm -f miden-node_node-data
-	$(CONTAINER_RUNTIME) compose $(COMPOSE_FILES) --profile genesis run --rm genesis
+	docker compose $(COMPOSE_FILES) down --volumes --remove-orphans
+	docker volume rm -f miden-node_node-data
+	docker compose $(COMPOSE_FILES) --profile genesis run --rm genesis-store
+	docker compose $(COMPOSE_FILES) --profile genesis rm -f
 
 .PHONY: compose-up
 compose-up: ## Starts all node components, telemetry, and monitor via docker compose
-	$(CONTAINER_RUNTIME) compose $(COMPOSE_FILES) up -d
+	docker compose $(COMPOSE_FILES) up -d
 
 .PHONY: compose-down
 compose-down: ## Stops and removes all containers via docker compose
-	$(CONTAINER_RUNTIME) compose $(COMPOSE_FILES) down
+	docker compose $(COMPOSE_FILES) down
 
 .PHONY: compose-logs
 compose-logs: ## Follows logs for all components via docker compose
-	$(CONTAINER_RUNTIME) compose $(COMPOSE_FILES) logs -f
+	docker compose $(COMPOSE_FILES) logs -f
+
+.PHONY: docker-build
+docker-build: docker-build-node docker-build-validator ## Builds all Docker images
 
 .PHONY: docker-build-node
-docker-build-node: ## Builds the Miden node using Docker (override with CONTAINER_RUNTIME=podman)
+docker-build-node: ## Builds the Miden node using Docker
 	@CREATED=$$(date) && \
 	VERSION=$$(cat bin/node/Cargo.toml | grep -m 1 '^version' | cut -d '"' -f 2) && \
 	COMMIT=$$(git rev-parse HEAD) && \
-	$(CONTAINER_RUNTIME) build --build-arg CREATED="$$CREATED" \
-        		 --build-arg VERSION="$$VERSION" \
-          		 --build-arg COMMIT="$$COMMIT" \
-                 -f bin/node/Dockerfile \
-                 -t miden-node-image .
+	docker build --build-arg CREATED="$$CREATED" \
+                 --build-arg VERSION="$$VERSION" \
+                 --build-arg COMMIT="$$COMMIT" \
+                 --build-arg BIN=miden-node \
+                 --build-arg PORT=57291 \
+                 -t miden-node .
+
+.PHONY: docker-build-validator
+docker-build-validator: ## Builds the Miden validator using Docker
+	@CREATED=$$(date) && \
+	VERSION=$$(cat bin/validator/Cargo.toml | grep -m 1 '^version' | cut -d '"' -f 2) && \
+	COMMIT=$$(git rev-parse HEAD) && \
+	docker build --build-arg CREATED="$$CREATED" \
+                 --build-arg VERSION="$$VERSION" \
+                 --build-arg COMMIT="$$COMMIT" \
+                 --build-arg BIN=miden-validator \
+                 --build-arg PORT=50101 \
+                 -t miden-validator .
 
 .PHONY: docker-build-monitor
-docker-build-monitor: ## Builds the network monitor using Docker (override with CONTAINER_RUNTIME=podman)
-	$(CONTAINER_RUNTIME) build \
+docker-build-monitor: ## Builds the network monitor using Docker
+	docker build \
                  -f bin/network-monitor/Dockerfile \
                  -t miden-network-monitor-image .
 
 .PHONY: docker-run-node
-docker-run-node: ## Runs the Miden node as a Docker container (override with CONTAINER_RUNTIME=podman)
-	$(CONTAINER_RUNTIME) volume create miden-db
-	$(CONTAINER_RUNTIME) run --name miden-node \
+docker-run-node: ## Runs the Miden node as a Docker container
+	docker volume create miden-db
+	docker run --name miden-node \
 			   -p 57291:57291 \
                -v miden-db:/db \
-               -d miden-node-image
+               -d miden-node
 
 ## --- setup --------------------------------------------------------------------------------------