fix(onboarding): serve finalized data ungated + rebroadcast NodeRegistration; quiet log levels

- Remove the pre-activation serve-gate from handle_block_request and handle_macroblock_request. Finalized blocks/macroblocks/snapshots are QC-bound public data, served to any peer (sync-first, register-second) — a peer cannot forge a block without a 2f+1 QC. Unblocks block-sync and snapshot fast-sync for a fresh super-node not yet on-chain registered; DoS stays bounded by the per-(IP,id) rate-limit + leader-shed.

- Rebroadcast a node's own NodeRegistration (bounded, ~30x/60s) from the periodic registration loop so a dropped join-time broadcast still reaches a producer for inclusion (one-shot send was lost when the joining node was poorly connected).

- Log hygiene: set_node_reputation deprecation spam -> DBG; epoch_boundary_crossed and storage startup notes WARN -> DBG; VRF key-without-PoP WARN only for non-genesis; narrow the private-IP label to RFC1918 172.16/12.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: AIQnetLab

development/qnet-integration/src/node.rs

@@ -182,6 +182,16 @@ pub static SYNC_IN_PROGRESS: AtomicBool = AtomicBool::new(false);
 pub static FAST_SYNC_IN_PROGRESS: AtomicBool = AtomicBool::new(false);
 pub static NODE_IS_SYNCHRONIZED: AtomicBool = AtomicBool::new(false);
 
+/// Signed NodeRegistration awaiting on-chain inclusion: (node_id, tx_bytes, attempts_left). The
+/// periodic registration loop rebroadcasts it (one per ~60s cycle, bounded budget) so a single
+/// join-time broadcast that is dropped while the node is poorly connected still reaches a producer.
+/// One-shot send does not scale to thousands of joining super-nodes. Cleared when the budget runs out
+/// (by then, with serving open, the node is well-connected and inclusion has long since happened).
+pub static PENDING_NODE_REGISTRATION: std::sync::Mutex<Option<(String, Vec<u8>, u32)>> =
+    std::sync::Mutex::new(None);
+/// Rebroadcast budget for a pending NodeRegistration (~1 per 60s ⇒ ~30 min of retries).
+pub const PENDING_REGISTRATION_MAX_REBROADCASTS: u32 = 30;
+
 // ═══════════════════════════════════════════════════════════════════════════════
 // L1 ARCHITECTURE: Global coordinator handle for phase-aware decisions
 // Set once during node startup, read from anywhere.
@@ -4869,8 +4879,15 @@ impl BlockchainNode {
                         if pk_hex.len() == crate::crypto::vrf::D3_PK_BYTES * 2 {
                             // Log if registering key from unsigned TX (no proof-of-possession)
                             if tx.dilithium_signature.is_none() || tx.dilithium_signature.as_ref().map(|s| s.is_empty()).unwrap_or(true) {
-                                println!("[WARN][VRF] key_registered_without_pop node={}",
-                                         &node_id[..16.min(node_id.len())]);
+                                // Genesis identities install their key from the trusted genesis block
+                                // (no proof-of-possession by design) — DBG. Only a NON-genesis unsigned
+                                // key warrants a WARN (real missing-PoP signal).
+                                if node_id.starts_with("genesis_node_") {
+                                    if is_debug() { println!("[DBG][VRF] genesis_key_registered node={}", &node_id[..16.min(node_id.len())]); }
+                                } else {
+                                    println!("[WARN][VRF] key_registered_without_pop node={}",
+                                             &node_id[..16.min(node_id.len())]);
+                                }
                             }
                             if !crate::genesis_constants::has_vrf_key(node_id) {
                                 if let Ok(pk_bytes) = hex::decode(pk_hex) {
@@ -15151,6 +15168,27 @@ impl BlockchainNode {
                         if let Some(ref p2p) = unified_p2p {
                             if is_info() { println!("[INFO][ACTIVE] periodic_registration h={} best={}", reg_our_h, reg_best_h); }
                             p2p.register_as_active_node_async().await;
+
+                            // Bounded rebroadcast of our own NodeRegistration so a dropped join-time
+                            // broadcast still reaches a producer. Re-applying an already-included
+                            // registration is a no-op (nonce/dedup), so this is safe; the budget stops it.
+                            let resend = if let Ok(mut guard) = PENDING_NODE_REGISTRATION.lock() {
+                                let out = if let Some((id, bytes, attempts)) = guard.as_mut() {
+                                    if *attempts > 0 {
+                                        *attempts -= 1;
+                                        Some((id.clone(), bytes.clone(), *attempts))
+                                    } else { None }
+                                } else { None };
+                                if matches!(guard.as_ref(), Some((_, _, 0))) { *guard = None; } // budget spent
+                                out
+                            } else { None };
+                            if let Some((reg_id, reg_bytes, attempts_left)) = resend {
+                                if let Err(e) = p2p.broadcast_transaction(reg_bytes) {
+                                    if is_warn() { println!("[WARN][REG] rebroadcast_fail id={} err={}", reg_id, e); }
+                                } else if is_info() {
+                                    println!("[INFO][REG] registration_rebroadcast id={} attempts_left={}", reg_id, attempts_left);
+                                }
+                            }
                         }
                     } else {
                         if is_info() {
@@ -15422,8 +15460,14 @@ impl BlockchainNode {
 
                                     if mb_missing && expected_mb > 0 {
                                         let blocks_since = canonical_height.saturating_sub(check_boundary);
-                                        println!("[WARN][SYNC] epoch_boundary_crossed h={} mb={} MISSING blocks_without={} → direct macroblock sync",
-                                                 canonical_height, expected_mb, blocks_since);
+                                        // Routine: fires at every macroblock boundary whose macroblock
+                                        // the node has not sealed locally yet (finality trails production) → triggers
+                                        // a direct macroblock sync. DBG, not WARN — a persistent gap surfaces via
+                                        // finality height / consensus_driver_behind, not this per-boundary trace.
+                                        if is_debug() {
+                                            println!("[DBG][SYNC] epoch_boundary_crossed h={} mb={} missing blocks_without={} → direct macroblock sync",
+                                                     canonical_height, expected_mb, blocks_since);
+                                        }
 
                                         let p2p_pfp = unified_p2p.clone();
                                         tokio::spawn(async move {
@@ -27865,11 +27909,13 @@ if is_info() { println!("[INFO][SYNC] recovered node={} lag={}", node_id_for_syn
                              &wallet_address[..16.min(wallet_address.len())],
                              &tx_hash[..16.min(tx_hash.len())]);
                 }
-                // v6.5 FIX: Broadcast NodeRegistration TX to network
-                // PROBLEM: TX was only added to local mempool without broadcast.
-                //   If this node is not the current producer, TX would never be included in a block.
-                // SOLUTION: Use broadcast_transaction() (Gulf Stream → producer + gossip backup)
-                //   Same as NodeActivation TX in activation_validation.rs:1984
+                // Track for bounded rebroadcast: the periodic registration loop re-sends this so a
+                // dropped join-time broadcast still reaches a producer for inclusion.
+                if let Ok(mut pend) = PENDING_NODE_REGISTRATION.lock() {
+                    *pend = Some((self.node_id.clone(), tx_bytes.clone(), PENDING_REGISTRATION_MAX_REBROADCASTS));
+                }
+                // Broadcast NodeRegistration TX (producer-direct + gossip backup) so a non-producer
+                // node's TX still reaches a producer for inclusion.
                 if let Some(ref p2p) = self.unified_p2p {
                     if let Err(e) = p2p.broadcast_transaction(tx_bytes) {
                         if is_warn() { println!("[WARN][REG] broadcast_fail hash={}... err={}", &tx_hash[..16.min(tx_hash.len())], e); }

development/qnet-integration/src/storage.rs

@@ -1053,8 +1053,8 @@ impl PersistentStorage {
         // Previously had arbitrary `< 100` cutoff — if metadata stuck at e.g. 5000
         // but blocks exist up to 8000, recovery was SKIPPED and node stalled permanently.
         if result.is_none() {
-            if is_warn() {
-                println!("[WARN][STORAGE] no_continuous_from_h={} scanning_for_first_block", metadata_height);
+            if is_debug() {
+                println!("[DBG][STORAGE] no_continuous_from_h={} scanning_for_first_block", metadata_height);
             }
 
             // Find first existing block using RocksDB iterator
@@ -3449,7 +3449,9 @@ impl Storage {
             let network_size = Self::estimate_network_size_from_storage(&persistent);
             let optimal_shards = crate::reward_sharding::calculate_optimal_shards(network_size) as u64;
 
-            println!("[WARN][STORAGE] AUTO-SCALING: Calculated optimal shards: {}", optimal_shards);
+            if crate::node::is_debug() {
+                println!("[DBG][STORAGE] auto_scaling optimal_shards={}", optimal_shards);
+            }
 
             optimal_shards
         };

development/qnet-integration/src/unified_p2p.rs

@@ -482,9 +482,10 @@ pub fn get_pending_sync_count() -> usize {
 pub static SYNC_PEER_COOLDOWN: Lazy<DashMap<String, (u64, u32)>> =
     Lazy::new(|| DashMap::new());
 
-// v32.15: pre-activation P2P sync gate. Holds super-node ids whose on-chain
-// NodeActivation has been applied. Populated from state at boot + on each
-// block apply. Drives admission in handle_block_request / handle_macroblock_sync_request.
+// Super-node ids whose on-chain NodeActivation has been applied (from state at boot + on each
+// block apply). NOTE: no longer gates sync serving — finalized blocks/macroblocks are public,
+// QC-bound data served to any peer (sync-first, register-second). Kept as the registered-super
+// set for participation-side use (eligibility/reputation), NOT for admission.
 pub static REGISTERED_SUPER_NODES: Lazy<DashMap<String, ()>> = Lazy::new(DashMap::new);
 
 pub fn add_registered_super_node(node_id: String) {
@@ -18395,33 +18396,10 @@ impl SimplifiedP2P {
         // Update last_seen for requesting peer
         self.update_peer_last_seen(from_peer);
 
-        // v32.15: pre-activation gate. Genesis IPs always pass. Bootstrap grace
-        // window (chain ≤ 90) allows all peers to solve chicken-and-egg. Past
-        // that, super_node_* requester_ids must be on-chain registered. Reply
-        // with an empty batch so the requester doesn't timeout; they need to
-        // complete activation before bulk-sync is served.
-        let from_ip = from_peer.split(':').next().unwrap_or(from_peer);
-        let is_genesis_peer = is_genesis_node_ip(from_ip);
-        if !is_genesis_peer && requester_id.starts_with("super_node_") {
-            let chain_h = LOCAL_BLOCKCHAIN_HEIGHT.load(std::sync::atomic::Ordering::Relaxed);
-            if chain_h > 90 && !is_super_node_registered(&requester_id) {
-                if crate::node::is_warn() {
-                    let id_short: String = requester_id.chars().take(20).collect();
-                    println!("[WARN][SYNC] gate_unregistered peer={} id={} chain_h={} require_activation",
-                             from_peer, id_short, chain_h);
-                }
-                let response = NetworkMessage::BlocksBatch {
-                    blocks: Vec::new(),
-                    from_height,
-                    to_height: from_height,
-                    sender_id: self.node_id.clone(),
-                };
-                if let Some(peer_addr) = self.peer_id_to_addr.get(&requester_id) {
-                    self.send_network_message(&peer_addr.clone(), response);
-                }
-                return;
-            }
-        }
+        // Finalized blocks are public, QC-bound data: served to ANY peer so a fresh node bootstraps
+        // BEFORE it is on-chain registered (sync-first, register-second). A peer cannot forge a block
+        // (needs a 2f+1 Dilithium3 QC), so identity is not a serving prerequisite. DoS is bounded by
+        // the per-(IP,id) rate-limit below + leader-shed — not by registration status.
 
         // Shed sync-serving ONLY while actively producing (protects the producer's RocksDB I/O
         // budget). A node elected for the next slot but STALLED — no block produced in the last
@@ -18763,24 +18741,10 @@ impl SimplifiedP2P {
         // Update last_seen for requesting peer
         self.update_peer_last_seen(from_peer);
 
-        // v32.15: pre-activation gate — same policy as handle_block_request.
-        // Bootstrap grace (chain ≤ 90), genesis IP, or on-chain registered id.
-        {
-            let from_ip = from_peer.split(':').next().unwrap_or(from_peer);
-            let is_genesis_peer = is_genesis_node_ip(from_ip);
-            if !is_genesis_peer && requester_id.starts_with("super_node_") {
-                let chain_h = LOCAL_BLOCKCHAIN_HEIGHT.load(std::sync::atomic::Ordering::Relaxed);
-                if chain_h > 90 && !is_super_node_registered(&requester_id) {
-                    if crate::node::is_warn() {
-                        let id_short: String = requester_id.chars().take(20).collect();
-                        println!("[WARN][MB_SYNC] gate_unregistered peer={} id={} chain_h={} require_activation",
-                                 from_peer, id_short, chain_h);
-                    }
-                    return;
-                }
-            }
-        }
-        
+        // Finalized macroblocks (and the snapshot-binding fetch that rides this path) are public,
+        // 2f+1-QC-bound data: served to ANY peer so a fresh node can fast-sync via snapshot BEFORE
+        // registration. No identity gate; DoS is bounded by the rate-limit below.
+
         // v3.0: CRITICAL FIX - Genesis nodes bypass rate limiting to prevent network isolation
         let is_genesis_requester = requester_id.starts_with("genesis_node_");
         let is_genesis_peer = from_peer.split(':').next()
@@ -20527,8 +20491,10 @@ impl SimplifiedP2P {
         } else {
             get_privacy_id_for_addr(node_id)
         };
-        if crate::node::is_info() {
-            println!("[WARN][P2P] set_node_reputation() deprecated - {} reputation managed via blockchain", display_id);
+        // Deprecated no-op (reputation is chain-derived). Trace at DBG only — it was firing
+        // hundreds of [WARN] lines per run from recurring call sites, drowning real warnings.
+        if crate::node::is_debug() {
+            println!("[DBG][P2P] set_node_reputation() deprecated - {} reputation managed via blockchain", display_id);
         }
     }