diff --git a/.env.example b/.env.example index 9073d7a8..072ceb06 100644 --- a/.env.example +++ b/.env.example @@ -1,63 +1,59 @@ -# AITBC Environment Configuration -# SECURITY NOTICE: Use service-specific environment files -# -# For development, copy from: -# config/environments/development/coordinator.env -# config/environments/development/wallet-daemon.env -# -# For production, use AWS Secrets Manager and Kubernetes secrets -# Templates available in config/environments/production/ +# AITBC Central Environment Example Template +# SECURITY NOTICE: Use a secrets manager for production. Do not commit real secrets. +# Run: python config/security/environment-audit.py --format text -# ============================================================================= -# BASIC CONFIGURATION ONLY -# ============================================================================= -# Application Environment +# ========================= +# Blockchain core (example values) +# ========================= +chain_id=ait-devnet +supported_chains=ait-devnet +rpc_bind_host=127.0.0.1 +rpc_bind_port=8006 +p2p_bind_host=127.0.0.2 +p2p_bind_port=8005 +proposer_id=ait-devnet-proposer +proposer_key= +keystore_path=./keystore +keystore_password_file=./keystore/.password +gossip_backend=memory +gossip_broadcast_url= +db_path=./data/chain.db +mint_per_unit=0 +coordinator_ratio=0.05 +block_time_seconds=2 +enable_block_production=false + +# ========================= +# Coordinator API (example values) +# ========================= APP_ENV=development -DEBUG=false -LOG_LEVEL=INFO +APP_HOST=127.0.0.1 +APP_PORT=8011 +DATABASE__URL=sqlite:////opt/aitbc/data/coordinator/coordinator.db +BLOCKCHAIN_RPC_URL=http://127.0.0.1:8006 +ALLOW_ORIGINS=["http://localhost:8011","http://localhost:8000"] +JOB_TTL_SECONDS=900 +HEARTBEAT_INTERVAL_SECONDS=10 +HEARTBEAT_TIMEOUT_SECONDS=30 +RATE_LIMIT_REQUESTS=60 +RATE_LIMIT_WINDOW_SECONDS=60 +CLIENT_API_KEYS=["client_dev_key"] +MINER_API_KEYS=["miner_dev_key"] +ADMIN_API_KEYS=["admin_dev_key"] +HMAC_SECRET=change_this_to_a_32_byte_random_secret +JWT_SECRET=change_this_to_another_32_byte_random_secret -# ============================================================================= -# SECURITY REQUIREMENTS -# ============================================================================= -# IMPORTANT: Do NOT store actual secrets in this file -# Use AWS Secrets Manager for production -# Generate secure keys with: openssl rand -hex 32 +# ========================= +# Marketplace Web (example values) +# ========================= +VITE_MARKETPLACE_DATA_MODE=mock +VITE_MARKETPLACE_API=/api +VITE_MARKETPLACE_ENABLE_BIDS=false +VITE_MARKETPLACE_REQUIRE_AUTH=false -# ============================================================================= -# SERVICE CONFIGURATION -# ============================================================================= -# Choose your service configuration: -# 1. Copy service-specific .env file from config/environments/ -# 2. Fill in actual values (NEVER commit secrets) -# 3. Run: python config/security/environment-audit.py - -# ============================================================================= -# DEVELOPMENT QUICK START -# ============================================================================= -# For quick development setup: -# cp config/environments/development/coordinator.env .env -# cp config/environments/development/wallet-daemon.env .env.wallet -# -# Then edit the copied files with your values - -# ============================================================================= -# PRODUCTION DEPLOYMENT -# ============================================================================= -# For production deployment: -# 1. Use AWS Secrets Manager for all sensitive values -# 2. Reference secrets as: secretRef:secret-name:key -# 3. Run security audit before deployment -# 4. Use templates in config/environments/production/ - -# ============================================================================= -# SECURITY VALIDATION -# ============================================================================= -# Validate your configuration: -# python config/security/environment-audit.py --format text - -# ============================================================================= -# FOR MORE INFORMATION -# ============================================================================= -# See: config/security/secret-validation.yaml -# See: config/security/environment-audit.py -# See: config/environments/ directory +# ========================= +# Notes +# ========================= +# For production: copy this to .env and replace with real values/secrets +# Move secrets to a secrets manager and reference via secretRef +# Validate config: python config/security/environment-audit.py --format text diff --git a/apps/blockchain-node/src/aitbc_chain/sync.py b/apps/blockchain-node/src/aitbc_chain/sync.py index 24534300..5ef9e274 100755 --- a/apps/blockchain-node/src/aitbc_chain/sync.py +++ b/apps/blockchain-node/src/aitbc_chain/sync.py @@ -2,6 +2,7 @@ from __future__ import annotations +import asyncio import hashlib import hmac import time @@ -9,6 +10,7 @@ from dataclasses import dataclass from datetime import datetime from typing import Any, Dict, List, Optional, Tuple +import httpx from sqlmodel import Session, select from .config import settings @@ -95,12 +97,92 @@ class ChainSync: max_reorg_depth: int = 10, validator: Optional[ProposerSignatureValidator] = None, validate_signatures: bool = True, + batch_size: int = 50, + poll_interval: float = 0.5, ) -> None: self._session_factory = session_factory self._chain_id = chain_id or settings.chain_id self._max_reorg_depth = max_reorg_depth self._validator = validator or ProposerSignatureValidator() self._validate_signatures = validate_signatures + self._batch_size = batch_size + self._poll_interval = poll_interval + self._client = httpx.AsyncClient(timeout=10.0) + + async def close(self) -> None: + """Close HTTP client.""" + await self._client.aclose() + + async def fetch_blocks_range(self, start: int, end: int, source_url: str) -> List[Dict[str, Any]]: + """Fetch a range of blocks from a source RPC.""" + try: + resp = await self._client.get(f"{source_url}/rpc/blocks-range", params={"start": start, "end": end}) + resp.raise_for_status() + data = resp.json() + if isinstance(data, list): + return data + elif isinstance(data, dict) and "blocks" in data: + return data["blocks"] + else: + logger.error("Unexpected blocks-range response", extra={"data": data}) + return [] + except Exception as e: + logger.error("Failed to fetch blocks range", extra={"start": start, "end": end, "error": str(e)}) + return [] + + async def bulk_import_from(self, source_url: str, import_url: Optional[str] = None) -> int: + """Bulk import missing blocks from source to catch up quickly.""" + if import_url is None: + import_url = "http://127.0.0.1:8006" # default local RPC + + # Get local head + with self._session_factory() as session: + local_head = session.exec( + select(Block).where(Block.chain_id == self._chain_id).order_by(Block.height.desc()).limit(1) + ).first() + local_height = local_head.height if local_head else -1 + + # Get remote head + try: + resp = await self._client.get(f"{source_url}/rpc/head") + resp.raise_for_status() + remote_head = resp.json() + remote_height = remote_head.get("height", -1) + except Exception as e: + logger.error("Failed to fetch remote head", extra={"source_url": source_url, "error": str(e)}) + return 0 + + if remote_height <= local_height: + logger.info("Already up to date", extra={"local_height": local_height, "remote_height": remote_height}) + return 0 + + logger.info("Starting bulk import", extra={"local_height": local_height, "remote_height": remote_height, "batch_size": self._batch_size}) + + imported = 0 + start_height = local_height + 1 + while start_height <= remote_height: + end_height = min(start_height + self._batch_size - 1, remote_height) + batch = await self.fetch_blocks_range(start_height, end_height, source_url) + if not batch: + logger.warning("No blocks returned for range", extra={"start": start_height, "end": end_height}) + break + + # Import blocks in order + for block_data in batch: + result = self.import_block(block_data) + if result.accepted: + imported += 1 + else: + logger.warning("Block import failed during bulk", extra={"height": block_data.get("height"), "reason": result.reason}) + # Stop on first failure to avoid gaps + break + + start_height = end_height + 1 + # Brief pause to avoid overwhelming the DB + await asyncio.sleep(self._poll_interval) + + logger.info("Bulk import completed", extra={"imported": imported, "final_height": remote_height}) + return imported def import_block(self, block_data: Dict[str, Any], transactions: Optional[List[Dict[str, Any]]] = None) -> ImportResult: """Import a block from a remote peer. diff --git a/apps/blockchain-node/src/aitbc_chain/sync_cli.py b/apps/blockchain-node/src/aitbc_chain/sync_cli.py new file mode 100644 index 00000000..b5dafb35 --- /dev/null +++ b/apps/blockchain-node/src/aitbc_chain/sync_cli.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python3 +""" +Standalone bulk sync utility for fast catch-up. +Usage: python -m aitbc_chain.sync_cli --source http://10.1.223.40:8006 [--batch-size 100] +""" + +import argparse +import asyncio +import sys +from pathlib import Path + +# Add src to path for standalone execution +sys.path.insert(0, str(Path(__file__).parent)) + +from aitbc_chain.config import Settings, settings +from aitbc_chain.database import session_scope +from aitbc_chain.sync import ChainSync + + +async def main() -> None: + parser = argparse.ArgumentParser(description="Bulk import blocks from a leader to catch up quickly") + parser.add_argument("--source", default="http://10.1.223.40:8006", help="Source RPC URL") + parser.add_argument("--import-url", default="http://127.0.0.1:8006", help="Local RPC URL for import") + parser.add_argument("--batch-size", type=int, default=100, help="Blocks per batch") + parser.add_argument("--poll-interval", type=float, default=0.2, help="Seconds between batches") + args = parser.parse_args() + + sync = ChainSync( + session_factory=session_scope, + chain_id=settings.chain_id, + batch_size=args.batch_size, + poll_interval=args.poll_interval, + ) + try: + imported = await sync.bulk_import_from(args.source, import_url=args.import_url) + print(f"[+] Bulk sync complete: imported {imported} blocks") + finally: + await sync.close() + + +if __name__ == "__main__": + asyncio.run(main()) diff --git a/cli/aitbc_cli/commands/genesis.py b/cli/aitbc_cli/commands/genesis.py index 016aec64..5d7dec53 100755 --- a/cli/aitbc_cli/commands/genesis.py +++ b/cli/aitbc_cli/commands/genesis.py @@ -303,6 +303,29 @@ def template_info(ctx, template_name, output): error(f"Error getting template info: {str(e)}") raise click.Abort() +@genesis.command(name="init-production") +@click.option('--chain-id', default='ait-mainnet', show_default=True, help='Chain ID to initialize') +@click.option('--genesis-file', default='data/genesis_prod.yaml', show_default=True, help='Path to genesis YAML (copy to /opt/aitbc/genesis_prod.yaml if needed)') +@click.option('--force', is_flag=True, help='Overwrite existing DB (removes file if present)') +@click.pass_context +def init_production(ctx, chain_id, genesis_file, force): + """Initialize production chain DB using genesis allocations.""" + db_path = Path("/opt/aitbc/data") / chain_id / "chain.db" + if db_path.exists() and force: + db_path.unlink() + python_bin = Path(__file__).resolve().parents[3] / 'apps' / 'blockchain-node' / '.venv' / 'bin' / 'python3' + cmd = [ + str(python_bin), + str(Path(__file__).resolve().parents[3] / 'scripts' / 'init_production_genesis.py'), + '--chain-id', chain_id, + ] + try: + subprocess.run(cmd, check=True) + success(f"Initialized production genesis for {chain_id} at {db_path}") + except subprocess.CalledProcessError as e: + error(f"Genesis init failed: {e}") + raise click.Abort() + @genesis.command() @click.argument('chain_id') @click.option('--format', type=click.Choice(['json', 'yaml']), default='json', help='Export format')