input-output-hk · Alenar · Jun 23, 2025 · Jun 23, 2025 · Jun 23, 2025
diff --git a/.prettierignore b/.prettierignore
@@ -13,3 +13,7 @@ mithril-test-lab/mithril-devnet/configuration/
 flake.lock
 **/dist/
 **/pkg/
+.jlv.jsonc
+
+# CI
+rust-clippy-results.sarif
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,14 +32,11 @@ As a minor extension, we have adopted a slightly different versioning convention
 - Support for recording client types origin (library, CLI and WASM) in the aggregator metrics.
 
 - **UNSTABLE** :
-
   - New UTxO-HD snapshot converter command for client CLI:
-
     - Added the `tools utxo-hd snapshot-converter` command to the client CLI that converts a restored UTxO-HD snapshot to another flavor.
     - Support for converting to `LMDB` on-disk and `Legacy` in-memory flavors.
 
   - New api for client CLI partial cardano database restoration (aka Cardano DB V2):
-
     - Support for switching the backend with parameter `--backend [v1,v2]` to `cardano-database` snapshot list, snapshot show and download subcommands:
       - backend `v1` (default): support full database restoration only.
       - backend `v2` (require `--unstable`): support full and partial database restoration.
@@ -63,7 +60,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2517.0] - 2025-05-05
 
 - **BREAKING** changes in Mithril client CLI and library:
-
   - To fast bootstrap a Cardano node, the new `--include-ancillary` option has been added to the _Cardano node database_ command in the Mithril client CLI.
   - Without this option, only final immutable files are downloaded, and the ledger state must be computed from the genesis block when the Cardano node starts.
   - The `--include-ancillary` option requires the usage of an **ancillary verification key** (`--ancillary-verification-key` or `ANCILLARY_VERIFICATION_KEY`) which is specified in the [Networks configuration](https://mithril.network/doc/manual/getting-started/network-configurations) page.
@@ -92,7 +88,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2513.0] - 2025-03-28
 
 - **BREAKING** changes in Mithril nodes:
-
   - Upgraded the minimum required `glibc` version from `2.31` to `2.35` for the pre-built Linux binaries
   - Mithril signer with versions `<=0.2.200` **must be updated** following the cleanup of `Thales` era legacy code
   - Mithril client library `with_snapshot_uploader` function has been renamed to `with_file_uploader`.
@@ -102,15 +97,13 @@ As a minor extension, we have adopted a slightly different versioning convention
 - End support for **macOS x64 pre-built binaries** for the client CLI.
 
 - Cardano database full certification:
-
   - Creation of two separate archives for the immutable files and for the ancillary files.
   - Added a signed manifest file to the ancillary archive (contains the list of all files in the archive and their sha256 hashes).
   - Added client validation of the signature of the manifest file and the integrity of the files in the archive after downloading an ancillary archive.
 
 - **UNSTABLE** Implement a follower signer registration mode in the aggregator.
 
 - **UNSTABLE** Cardano database incremental certification:
-
   - Implement the client library for the signed entity type `CardanoDatabase` (download and prove snapshot).
   - Implement the client CLI commands for the signed entity type `CardanoDatabase` (snapshot list, snapshot show and download commands).
   - Implement an example crate for the signed entity type `CardanoDatabase`.
@@ -145,7 +138,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 - Support certification of the protocol parameters and epoch in the certificate chain.
 
 - **UNSTABLE** Cardano database incremental certification:
-
   - Implement the artifact routes of the aggregator for the signed entity type `CardanoDatabase`.
   - Implement the immutable file digests route in the aggregator.
   - Implement the artifact ancillary builder in the aggregator.
@@ -169,7 +161,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2450.0] - 2024-12-17
 
 - **BREAKING** changes in Mithril client library, CLI, and WASM:
-
   - Remove deprecated `network` field from the internal `CardanoDbBeacon`.
   - The Mithril certificates of type `CardanoImmutableFilesFull` can't be verified anymore with the previous clients.
   - Clients from distribution [`2445`](#mithril-distribution-24450---2024-11-07) and earlier must be updated.
@@ -188,7 +179,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 - Update to Rust `1.83`.
 
 - **UNSTABLE** Cardano database incremental certification:
-
   - Implement the new signed entity type `CardanoDatabase`.
   - Implement the signable builder for the signed entity type `CardanoDatabase`.
 
@@ -207,7 +197,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2445.0] - 2024-11-07
 
 - **BREAKING** changes in Mithril client library, CLI, and WASM:
-
   - Remove deprecated `beacon` field from Mithril certificates.
   - Clients from distribution [`2430`](#mithril-distribution-24300---2024-07-30) and above are compatible with this change.
 
@@ -236,7 +225,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2442.0] - 2024-10-21
 
 - Decentralization of the signature orchestration:
-
   - Optimizations of the state machine used by the signer to create individual signatures.
 
   - Support for buffering of incoming single signatures by the aggregator if it can not aggregate them yet.
@@ -272,7 +260,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2437.1] - 2024-09-23
 
 - **BREAKING** changes in Mithril client WASM:
-
   - Implementation of seamless transition from **unstable** to **stable** features.
   - A new `unstable` option in the client allows the usage of unstable features.
   - The previous `client.unstable` implementation is not supported anymore and must be replaced with `client`.
@@ -288,13 +275,11 @@ As a minor extension, we have adopted a slightly different versioning convention
 - Post `Chang` hard fork cleanup of the CI, devnet and infrastructure.
 
 - Cardano transactions certification (stable for signer and aggregator):
-
   - Support for Mithril signer memory optimization when signing Cardano transactions with multiple Merkle tree storage backends.
   - Support infinite preloading of Cardano transactions in signer.
   - Fix Cardano transactions rollbacks creating panics in signer and aggregator.
 
 - Cardano stake distribution certification (stable for signer and aggregator):
-
   - Implement the signable and artifact builders for the signed entity type `CardanoStakeDistribution`.
   - Implement the HTTP routes related to the signed entity type `CardanoStakeDistribution` on the aggregator REST API.
   - Added support in the `mithril-client` library for retrieving `CardanoStakeDistribution` by epoch or by hash, and for listing all available `CardanoStakeDistribution`.
@@ -325,7 +310,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 - Support better disk configuration in terraform deployments with the CI/CD workflows.
 
 - **UNSTABLE** Cardano transactions certification:
-
   - Make Cardano transaction signing settings configurable via the CD.
 
 - Crates versions:
@@ -361,7 +345,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 - Field `beacon` becomes optional in `CertificatePendingMessage` response of `/certificate-pending` route.
 
 - **UNSTABLE** Cardano transactions certification:
-
   - Optimize the performances of the computation of the proof with a Merkle map.
   - Handle rollback events from the Cardano chain by removing stale data.
   - Preload Cardano transactions and Block Range Roots at signer & aggregator startup.
@@ -385,14 +368,12 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2423.0] - 2024-06-12
 
 - **BREAKING** changes in Mithril client CLI:
-
   - The deprecated `snapshot` command is removed from the Mithril client CLI
   - Use the `cardano-db snapshot` command instead.
 
 - Update website and explorer user interface to use the new mithril logo.
 
 - **UNSTABLE** Cardano transactions certification:
-
   - Support computation of the Cardano Transactions signature and proving with the pre-computed Block Range Merkle Roots retrieved from the database.
   - Prune Cardano Transactions from the signer database after the Block Range Merkle Roots have been computed.
   - Implement a Chain Reader which retrieves blocks from the Cardano chain with Pallas through the `chainsync` mini-protocol.
@@ -414,7 +395,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 ## Mithril Distribution [2418.1] - 2024-05-13
 
 - **BREAKING** changes in Mithril client CLI:
-
   - Certificate chain structure has been modified to remove coupling with immutable file number.
   - Client needs to be updated to verify certificate chain.
 
@@ -423,7 +403,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 - Chain observers support the retrieval of the current Cardano chain point.
 
 - Deprecate `portable` feature of `mithril-stm` and `mithril-client`:
-
   - Instead, always enable BLST `portable` feature in `mithril-stm` for runtime check of intel ADX instruction set.
   - `portable` feature now has no effect and should be removed from crate dependencies.
   - Removed it from all other crates (including `mithril-common`).
@@ -447,7 +426,6 @@ As a minor extension, we have adopted a slightly different versioning convention
 - **GitHub release**: <https://github.com/input-output-hk/mithril/releases/tag/2412.0>
 
 - _DEPRECATED_ the `snapshot` command in the Mithril client CLI:
-
   - Renamed to `cardano-db snapshot`.
   - Will be **removed** in **2** distributions.
 

diff --git a/README.md b/README.md
@@ -80,7 +80,6 @@ This repository consists of the following parts:
 - [**Mithril signer**](./mithril-signer): the node of the **Mithril network** responsible for producing individual signatures that are collected and aggregated by the **Mithril aggregator**.
 
 - [**Internal**](./internal): the shared tools and API used by **Mithril** crates.
-
   - [**Mithril build script**](./internal/mithril-build-script): a toolbox for Mithril crates that uses a build script phase.
 
   - [**Mithril cardano-node-chain**](./internal/cardano-node/mithril-cardano-node-chain): mechanisms to read and interact with the **Cardano chain** through a Cardano node, used by **Mithril network** nodes.
@@ -108,13 +107,11 @@ This repository consists of the following parts:
   - [**Mithril signed entity prealoader**](./internal/signed-entity/mithril-signed-entity-preloader): a **preload** mechanism for the Cardano transaction signed entity, used by **Mithril network** nodes.
 
   - [**tests**](./internal/tests): shared testing tools used by **Mithril** crates.
-
     - [**Mithril api spec**](./internal/tests/mithril-api-spec): toolset to verify conformity of http routes against an Open Api specification, used by **Mithril network** nodes.
 
     - [**Mithril test http server**](internal/tests/mithril-test-http-server): provides a test http server, used by **Mithril network** nodes.
 
 - [**Mithril test lab**](./mithril-test-lab): the suite of tools that allow us to test and stress the **Mithril** protocol implementations.
-
   - [**Mithril devnet**](./mithril-test-lab/mithril-devnet): the private **Mithril/Cardano network** used to scaffold a **Mithril network** on top of a **Cardano network**.
 
   - [**Mithril end to end**](./mithril-test-lab/mithril-end-to-end): the tool used to run test scenarios against a **Mithril devnet**.

diff --git a/SECURITY.md b/SECURITY.md
@@ -53,7 +53,6 @@ Please include as much details as needed to clearly qualify the issue:
    a. **Mitigation**: Depending on the severity and criticity of the issue, the team can decide to disclose the issue publicly in the absence of a fix _if and only if_ a clear, simple, and effective mitigation plan is defined. This _must_ include instructions for users and operators of the software, and a time horizon at which the issue will be properly fixed (eg. version number).
 
    b. **Fix**: When a fix is available and approved, it should be merged and made available as quickly as possible:
-
    - All commits to the private repository are squashed into a single commit whose description _should not_ make any reference it relates to a security vulnerability
    - A new Pull Request is created with this single commit
    - This PR's review and merging is expedited as all the work as already been done

diff --git a/docs/website/blog/2022-10-11-keys-certification-badge/index.md b/docs/website/blog/2022-10-11-keys-certification-badge/index.md
@@ -50,13 +50,11 @@ sqlite3 ${DATA_STORES_DIRECTORY}/signer.sqlite3 "UPDATE protocol_initializer SET
 From now, SPOs can either run their node by:
 
 - **Declaring their Cardano `PoolId`**:
-
   - This is the mode that all nodes were running prior to this release
   - This mode is still the **stable** mode
   - We intend to deprecate this mode in the near future
 
 - **Certifying their Cardano `PoolId`**:
-
   - The certification is done by providing the Mithril Signer node with `KES Secret Key Path` and `Operational Certificate Path`
   - This is an **experimental** mode
   - We intend to make this mode the only way of providing a `PoolId` in the near future

diff --git a/docs/website/blog/2024-12-17-era-switch-pythagoras.md b/docs/website/blog/2024-12-17-era-switch-pythagoras.md
@@ -47,12 +47,10 @@ curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/input-out
 #### Era switch plan for `Pythagoras`
 
 - **pre-release-preview** network:
-
   - [x] Create the era switch transaction (done at epoch `757`)
   - [x] Complete the era switch to `Pythagoras` at the transition to epoch `759`
 
 - **release-preprod** network:
-
   - [x] Create the era switch transaction (done at epoch `184`)
   - [x] Complete the era switch to `Pythagoras` at the transition to epoch `186`
 

diff --git a/docs/website/blog/2025-06-17-client-cli-cardano-database-backends.md b/docs/website/blog/2025-06-17-client-cli-cardano-database-backends.md
@@ -35,24 +35,20 @@ In particular, the `cardano-db` command in the Mithril client CLI has been updat
 To support this transition, both certification versions will remain available during the migration period, allowing users to adapt at their own pace.
 
 - [x] **Distribution [2524](https://github.com/input-output-hk/mithril/releases/tag/2524.0)**:
-
   - Introduced the `--backend` parameter in the `cardano-db` command
   - The default backend is `v1`; the `v2` backend is still considered **unstable**
   - No breaking changes in the client CLI
   - The `v2` backend is accessible via the `cardano_database_v2` function in the client library.
 
 - [ ] **Distribution +1**:
-
   - The `v2` backend will be promoted to **stable** status but will remain optional
   - The `v1` backend will continue to be the default.
 
 - [ ] **Distribution +2**:
-
   - The `v2` backend will become the default
   - The `v1` backend will be deprecated.
 
 - [ ] **Distribution +3**:
-
   - The `v1` backend will be decommissioned and removed from the client CLI and library.
 
 - [ ] **Distribution +4**:

diff --git a/docs/website/root/manual/operate/run-signer-node.md b/docs/website/root/manual/operate/run-signer-node.md
@@ -99,12 +99,10 @@ Note that this guide works on a Linux machine only.
 :::
 
 - To operate a **Cardano node** as a **stake pool**, you need:
-
   - The pool's `operational certificate`
   - The pool's `KES secret key`
 
 - To access the file system of the **Cardano block producer** node for **production** deployment (or of the **Cardano relay** node for **naive** deployment), you will need the following permissions:
-
   - Read rights on the `Database` folder (specified by the `--database-path` setting of the **Cardano node**)
   - Read and write rights on the `Inter Process Communication` file (typically defined by the `CARDANO_NODE_SOCKET_PATH` environment variable used to launch the **Cardano node**)
 
@@ -548,7 +546,6 @@ sudo systemctl restart mithril-signer
 :::info
 
 - If you have already installed `Squid` via `apt` package manager, we recommend that you delete it before manually building it from source by running the following commands:
-
   - `sudo systemctl stop squid`
   - `sudo apt remove squid`
   - `sudo apt autoremove`.

diff --git a/docs/website/root/mithril/advanced/mithril-protocol/protocol.md b/docs/website/root/mithril/advanced/mithril-protocol/protocol.md
@@ -103,7 +103,6 @@ a quorum of `k` valid signatures must be submitted.
 - For every valid signature, the party creates a proof (`π`) containing a signature of the message, verification key, stake, and paths of the party in the Merkle tree.
 
 - Then, multiple signatures can be aggregated together to form a certificate (`τ`) by:
-
   - Verifying signatures from each party:
     - Checking the party is authorized to sign for the given index (using the same procedure as signing)
     - Checking the proof is valid which means:

diff --git a/docs/website/root/mithril/advanced/threat-model.md b/docs/website/root/mithril/advanced/threat-model.md
@@ -114,7 +114,6 @@ For each asset, we first identify which part of the **CIA triad** (Confidentiali
 - The KES key is present only on the block-producing (BP) node but needs to be shared with both the `cardano-node` process and the `mithril-signer` process.
 - KES keys are needed by `mithril-signer` to sign a verification key along with an operational certificate that authenticates the key for this stake pool ID.
 - This signing happens at every epoch.
-
   - **Confidentiality**: Yes  
     Capturing KES private keys allows an attacker to impersonate a registered SPO on-chain and produce blocks on its behalf until the keys are rotated.
 
@@ -325,7 +324,6 @@ A DoS on the `mithril-aggregator`.
 Data integrity of the Cardano block producer’s on-disk database could be compromised either by the action of the Mithril signer or by an attacker with access to the signer.
 
 - **Assets at risk**:
-
   - [Block production](#block-production)
   - [Cardano chain database](#cardano-chain-database).
 

diff --git a/docs/website/versioned_docs/version-maintained/manual/operate/run-signer-node.md b/docs/website/versioned_docs/version-maintained/manual/operate/run-signer-node.md
@@ -99,12 +99,10 @@ Note that this guide works on a Linux machine only.
 :::
 
 - To operate a **Cardano node** as a **stake pool**, you need:
-
   - The pool's `operational certificate`
   - The pool's `KES secret key`
 
 - To access the file system of the **Cardano block producer** node for **production** deployment (or of the **Cardano relay** node for **naive** deployment), you will need the following permissions:
-
   - Read rights on the `Database` folder (specified by the `--database-path` setting of the **Cardano node**)
   - Read and write rights on the `Inter Process Communication` file (typically defined by the `CARDANO_NODE_SOCKET_PATH` environment variable used to launch the **Cardano node**)
 
@@ -548,7 +546,6 @@ sudo systemctl restart mithril-signer
 :::info
 
 - If you have already installed `Squid` via `apt` package manager, we recommend that you delete it before manually building it from source by running the following commands:
-
   - `sudo systemctl stop squid`
   - `sudo apt remove squid`
   - `sudo apt autoremove`.

diff --git a/...versioned_docs/version-maintained/mithril/advanced/mithril-protocol/protocol.md b/...versioned_docs/version-maintained/mithril/advanced/mithril-protocol/protocol.md
@@ -103,7 +103,6 @@ a quorum of `k` valid signatures must be submitted.
 - For every valid signature, the party creates a proof (`π`) containing a signature of the message, verification key, stake, and paths of the party in the Merkle tree.
 
 - Then, multiple signatures can be aggregated together to form a certificate (`τ`) by:
-
   - Verifying signatures from each party:
     - Checking the party is authorized to sign for the given index (using the same procedure as signing)
     - Checking the proof is valid which means:

diff --git a/docs/website/versioned_docs/version-maintained/mithril/advanced/threat-model.md b/docs/website/versioned_docs/version-maintained/mithril/advanced/threat-model.md
@@ -114,7 +114,6 @@ For each asset, we first identify which part of the **CIA triad** (Confidentiali
 - The KES key is present only on the block-producing (BP) node but needs to be shared with both the `cardano-node` process and the `mithril-signer` process.
 - KES keys are needed by `mithril-signer` to sign a verification key along with an operational certificate that authenticates the key for this stake pool ID.
 - This signing happens at every epoch.
-
   - **Confidentiality**: Yes  
     Capturing KES private keys allows an attacker to impersonate a registered SPO on-chain and produce blocks on its behalf until the keys are rotated.
 
@@ -325,7 +324,6 @@ A DoS on the `mithril-aggregator`.
 Data integrity of the Cardano block producer’s on-disk database could be compromised either by the action of the Mithril signer or by an attacker with access to the signer.
 
 - **Assets at risk**:
-
   - [Block production](#block-production)
   - [Cardano chain database](#cardano-chain-database).