feat(ethexe): Producer provides only promises hashes, instead of its full body

[ecol-master]

No description provided.

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
ethexe/compute/src/tests.rs	93% smaller
ethexe/compute/src/service.rs	89% smaller
ethexe/rpc/src/apis/mod.rs	83% smaller
ethexe/consensus/src/validator/producer.rs	76% smaller
ethexe/network/src/lib.rs	57% smaller
ethexe/rpc/src/tests.rs	42% smaller
ethexe/rpc/src/lib.rs	40% smaller
ethexe/network/src/validator/topic.rs	37% smaller
ethexe/service/src/tests/utils/env.rs	36% smaller
ethexe/compute/src/compute.rs	33% smaller
ethexe/service/src/tests/mod.rs	21% smaller
ethexe/db/src/database.rs	7% smaller
ethexe/service/src/tests/utils/events.rs	5% smaller
ethexe/common/src/injected.rs	3% smaller
ethexe/consensus/src/lib.rs	2% smaller
ethexe/common/src/db.rs	1% smaller
ethexe/common/src/primitives.rs	1% smaller
Cargo.lock	Unsupported file format
Cargo.toml	Unsupported file format
core/src/rpc.rs	0% smaller
ethexe/common/Cargo.toml	Unsupported file format
ethexe/common/src/mock.rs	0% smaller
ethexe/compute/Cargo.toml	Unsupported file format
ethexe/consensus/src/connect/mod.rs	0% smaller
ethexe/network/src/gossipsub.rs	0% smaller
ethexe/rpc/Cargo.toml	Unsupported file format
ethexe/rpc/src/apis/injected.rs	0% smaller
ethexe/rpc/src/apis/injected/mod.rs	0% smaller
ethexe/rpc/src/apis/injected/promise_manager.rs	0% smaller
ethexe/rpc/src/apis/injected/relay.rs	0% smaller
ethexe/rpc/src/apis/injected/server.rs	0% smaller
ethexe/rpc/src/apis/injected/spawner.rs	0% smaller
ethexe/rpc/src/apis/injected/trait.rs	0% smaller
ethexe/service/src/lib.rs	Unsupported file format

[gemini-code-assist]

Code Review

This pull request refactors the handling of promises by the producer to send compact, signed promise hashes instead of the full promise body, which is a good optimization for network bandwidth. The changes are spread across multiple crates, introducing PromisesNetworkBundle and CompactSignedPromise and updating the database, consensus, and network layers to support this new flow.

However, the implementation appears to be incomplete and contains several critical issues that must be addressed:

• The verification logic for promise bundles in ethexe/network/src/validator/topic.rs is commented out, which poses a significant security risk.
• The associated tests for this verification are also disabled.
• The RPC API implementation in ethexe/rpc/src/apis/injected.rs contains multiple todo! placeholders for crucial logic and error handling.

These issues suggest the feature is not ready for merging. I've left specific comments on these points. Additionally, I've suggested a minor performance improvement in ethexe/compute/src/compute.rs.

[grishasobol]

LGTM , but please wait for @ark0f approve

[claude]

Delta Review

This round fixes all three issues from the previous review and adds gossipsub metrics registration, a ConnectService refactor, and node-loader documentation.

Previous Issues

Status	Finding
fixed	cancel_registration incorrectly called on AlreadyRegistered path, dropping the existing subscriber's sender
fixed	todo!() in on_compact_promise error path would crash the node on any signature mismatch
fixed	SubscriptionMessage::from_json(&promise).unwrap() panicked the background task on serialization failure

New Findings

Severity	Finding	Suggestion
medium	Subscriber leaked when relay() returns Err: the registered sender stays in the map indefinitely (receiver is dropped with pending_subscriber), blocking any retry of the same transaction hash with AlreadyRegistered	Call cancel_registration(tx_hash) before propagating the relay error, same as the Reject branch already does

[ecol-master]

/review-delta

[claude]

Delta Review

This round fixes the subscriber leak from the previous review and adds: (1) auto-routing of transactions with a zero recipient to the calculated next-slot producer, and (2) persisting CompactSignedPromise to the DB (renaming the storage key from PromiseSignature to CompactPromise and switching the SCALE-encoded type).

Previous Issues

Status	Finding
fixed	Subscriber leaked when relay() returns Err: registered sender stayed in map indefinitely

New Findings

Severity	Finding	Suggestion
medium	Key::CompactPromise reuses discriminant = 19 (was PromiseSignature) with a different SCALE encoding; no DB version bump or migration added — existing nodes with old key-19 data will expect()-panic on decode	Bump LATEST_VERSION and add a v3 migration that drops key-19 entries, or confirm no deployed DB has ever written PromiseSignature data
low	calculate_next_producer failures (e.g. era validators not in DB) are logged at trace! — in production users get an opaque internal() error with no visible server-side log	Elevate to warn!

[ecol-master]

@claude review

[claude]

Claude finished @ecol-master's task in 4m 6s —— View job

---

PR Review

This PR changes the ethexe producer from gossiping full SignedPromise bodies to lightweight CompactSignedPromise messages (containing only hashed promise components + signature). The full Promise body is computed locally by the RPC node and stored in DB; the compact form travels over the network. On subscription, the full SignedPromise is reconstructed by combining both parts.

Previous issues from earlier review rounds are all resolved. New findings below.

---

severity: high — verify_promise_ok is silently skipped with no documented reason

File: ethexe/network/src/validator/topic.rs line 684

#[ignore = "TODO"]
#[tokio::test]
async fn verify_promise_ok() {

This is the only test exercising the happy-path compact-promise verification flow. The implementation of inner_verify_promise is straightforward (checks address in snapshot, returns the compact promise), and the test helper logic looks correct — compact_promise.address() recovers from the same key used to populate the snapshot. The #[ignore] was presumably left over from the refactor. If the test actually fails, explain why and track it as a follow-up; if it passes, remove the attribute.

---

severity: medium — waiting_for_compute map is unbounded with no eviction

File: ethexe/rpc/src/apis/injected/promise_manager.rs lines 42–43, 133–137

type PromisesComputationWaiting = Arc<DashMap<HashOf<InjectedTransaction>, CompactSignedPromise>>;

A validator with a valid signing key can insert an arbitrary number of compact promises for nonexistent tx_hashes. Each entry in waiting_for_compute persists indefinitely — there is no TTL, no maximum size, and no eviction path unless on_computed_promise fires for that exact hash. Sustained flooding could exhaust node memory. Consider a bounded structure (e.g. LruCache) or a background cleanup task that evicts entries older than some multiple of MAX_PROMISE_WAITING.

---

severity: medium — routing failures are silent in production logs

File: ethexe/rpc/src/apis/injected/relay.rs line 109

let next_producer = calculate_next_producer(db, now).map_err(|err| {
    trace!("calculate next producer error: {err}");
    crate::errors::internal()
})?;

This was flagged in the previous delta review and remains unchanged. Routing failures (e.g. era validators not yet in DB, system clock errors) are logged at trace!, so clients get an opaque internal() error with no visible server-side context unless trace logging is enabled. Change to warn!.

---

severity: low — ConnectService::receive_promise_for_signing silently drops all diagnostics

File: ethexe/consensus/src/connect/mod.rs lines 282–291

The previous implementation emitted error! + debug_assert! when a connect node received a promise for signing. The replacement is a no-op with only a code comment. The comment explains the intent ("connect node can also be an RPC node"), but removing all logging makes it impossible to distinguish "expected no-op" from "unexpected scenario that silently succeeds" during debugging. A single trace! would preserve observability without noise.

---

severity: low — compact_promise trait method missing doc comment

File: ethexe/common/src/db.rs line 137

/// Returns the promise by its transaction hash.
fn promise(&self, hash: HashOf<InjectedTransaction>) -> Option<Promise>;

fn compact_promise(&self, hash: HashOf<InjectedTransaction>) -> Option<CompactSignedPromise>;

promise() has a doc comment; compact_promise() does not. Minor but inconsistent.

---

Previously Fixed Issues

Status	Finding
✅ fixed	cancel_registration incorrectly called on AlreadyRegistered path
✅ fixed	todo!() in on_compact_promise error path
✅ fixed	unwrap() panic in spawner.rs
✅ fixed	Subscriber leak when relay() returns Err
✅ not applicable	DB discriminant = 19 collision — PromiseSignature key never existed in master; Promise = 18 and CompactPromise = 19 are fresh additions

---

After pushing new commits, comment /review-delta to get an incremental review.

[ecol-master]

This pull request is reopened in #5377