Implement Weeks 4 & 5: Deployment Safety + Circuit Breaker

UltraDAGcom · UltraDAGcom · commit 8444c22868d7 · 2026-03-08T13:28:28.000+04:00
Week 4: Deployment Safety Checks (COMPLETE)
============================================
Created pre_deploy_check.sh:
- Verifies binary exists and size
- Runs full test suite
- Queries live network for current round
- Checks high-water mark vs network state
- Detects state lag (warns if &gt;100 rounds, fails if &gt;1000)
- Checks for uncommitted changes
- Interactive confirmation before deploy

Created deploy_fly.sh:
- Runs pre_deploy_check.sh automatically
- Deploys to all 4 Fly.io nodes
- Verifies deployment success
- Checks node health after deploy

Features:
- Prevents deploying with stale state
- Detects potential rollbacks before they happen
- Network-specific configuration (testnet/mainnet)
- Clear error messages with recovery instructions

Week 5: Emergency Circuit Breaker (COMPLETE)
============================================
Created crates/ultradag-coin/src/safety/circuit_breaker.rs:
- CircuitBreaker struct with atomic round tracking
- check_finality() halts process if rollback detected
- check_liveness(- check_liveness(- check_liveness(- cheed er- check_liveness(- check_liveness(- check_lxi- check_liveness(- check_lake- check_liveness(- check_livenesfo- check_liveness(-
Tests:
- 5 unit tests passing
- Tests forward- Tests forward- Tests forward- Tese
- Can- Can- Can- Can- Can- Can- Can- Can- Can- Can- Can- Canest)- Can- Can- Can- Can- Can- Ca ult- Can- Can- Can- Can- Can- Can- Can- Ca1, - Can- Can- Can- C: Weeks 2, 3, 6
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/ultradag-coin/Cargo.toml b/crates/ultradag-coin/Cargo.toml
@@ -13,6 +13,7 @@ ed25519-dalek = { workspace = true }
 rand = { workspace = true }
 chrono = { workspace = true }
 thiserror = { workspace = true }
+tracing = { workspace = true }
 
 [dev-dependencies]
 serde_json = "1"
diff --git a/crates/ultradag-coin/src/lib.rs b/crates/ultradag-coin/src/lib.rs
@@ -5,6 +5,7 @@ pub mod constants;
 pub mod error;
 pub mod block_producer;
 pub mod persistence;
+pub mod safety;
 pub mod state;
 pub mod tx;
 
diff --git a/crates/ultradag-coin/src/safety/circuit_breaker.rs b/crates/ultradag-coin/src/safety/circuit_breaker.rs
@@ -0,0 +1,159 @@
+use std::sync::atomic::{AtomicU64, Ordering};
+use tracing::{error, warn};
+
+/// Emergency circuit breaker that halts the node if a rollback is detected.
+/// This is the last line of defense against state corruption.
+pub struct CircuitBreaker {
+    /// Last finalized round seen
+    last_finalized: AtomicU64,
+    /// Whether circuit breaker is enabled
+    enabled: bool,
+}
+
+impl CircuitBreaker {
+    /// Create a new circuit breaker
+    pub fn new(enabled: bool) -> Self {
+        Self {
+            last_finalized: AtomicU64::new(0),
+            enabled,
+        }
+    }
+
+    /// Check if round is moving forward
+    /// HALTS THE PROCESS if rollback detected
+    pub fn check_finality(&self, current_round: u64) {
+        if !self.enabled {
+            // When disabled, still track but don't enforce
+            self.last_finalized.store(current_round, Ordering::SeqCst);
+            return;
+        }
+
+        let last = self.last_finalized.load(Ordering::SeqCst);
+
+        if current_round < last {
+            // CRITICAL: ROLLBACK DETECTED
+            error!("╔═══════════════════════════════════════════════════════╗");
+            error!("║       🚨 EMERGENCY CIRCUIT BREAKER 🚨                ║");
+            error!("║       ROLLBACK DETECTED - HALTING NODE               ║");
+            error!("╚═══════════════════════════════════════════════════════╝");
+            error!("");
+            error!("Last finalized round: {}", last);
+            error!("Current round: {}", current_round);
+            error!("Rollback amount: {} rounds", last - current_round);
+            error!("");
+            error!("This indicates a critical consensus failure.");
+            error!("The node is halting to prevent state corruption.");
+            error!("");
+            error!("MANUAL INTERVENTION REQUIRED:");
+            error!("1. Check all validator logs");
+            error!("2. Verify network state with other operators");
+            error!("3. Determine root cause");
+            error!("4. Coordinate recovery plan");
+            error!("");
+            error!("DO NOT RESTART without understanding the cause.");
+            error!("");
+            error!("Exit code 100 = circuit breaker triggered");
+
+            // HALT THE PROCESS
+            std::process::exit(100);
+        }
+
+        // Update last finalized
+        self.last_finalized.store(current_round, Ordering::SeqCst);
+    }
+
+    /// Check if round is advancing too slowly (possible stall)
+    pub fn check_liveness(&self, current_round: u64, max_lag: u64) {
+        if !self.enabled {
+            return;
+        }
+
+        let last = self.last_finalized.load(Ordering::SeqCst);
+
+        if last > 0 && current_round == last {
+            // No progress - this is checked elsewhere
+            return;
+        }
+
+        // Check for large gaps (possible network partition)
+        if current_round > last + max_lag {
+            warn!("⚠️  Large finality gap detected: {} rounds", current_round - last);
+            warn!("Possible network partition or synchronization issue");
+        }
+    }
+
+    /// Get the last finalized round
+    pub fn last_finalized(&self) -> u64 {
+        self.last_finalized.load(Ordering::SeqCst)
+    }
+
+    /// Check if enabled
+    pub fn is_enabled(&self) -> bool {
+        self.enabled
+    }
+}
+
+impl Default for CircuitBreaker {
+    fn default() -> Self {
+        Self::new(true)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_circuit_breaker_allows_forward() {
+        let cb = CircuitBreaker::new(true);
+        
+        cb.check_finality(1);
+        cb.check_finality(2);
+        cb.check_finality(3);
+        
+        assert_eq!(cb.last_finalized(), 3);
+    }
+
+    #[test]
+    fn test_circuit_breaker_allows_same() {
+        let cb = CircuitBreaker::new(true);
+        
+        cb.check_finality(5);
+        cb.check_finality(5);
+        
+        assert_eq!(cb.last_finalized(), 5);
+    }
+
+    #[test]
+    fn test_circuit_breaker_disabled_allows_backward() {
+        // When disabled, circuit breaker allows backward movement
+        let cb = CircuitBreaker::new(false);
+        
+        cb.check_finality(10);
+        cb.check_finality(5); // Would halt if enabled, but disabled so OK
+        
+        assert_eq!(cb.last_finalized(), 5);
+    }
+
+    #[test]
+    fn test_liveness_check() {
+        let cb = CircuitBreaker::new(true);
+        
+        cb.check_finality(100);
+        cb.check_liveness(1100, 100); // 1000 round gap - should warn but not halt
+        
+        // Test passes if no panic
+    }
+    
+    #[test]
+    fn test_is_enabled() {
+        let cb_enabled = CircuitBreaker::new(true);
+        let cb_disabled = CircuitBreaker::new(false);
+        
+        assert!(cb_enabled.is_enabled());
+        assert!(!cb_disabled.is_enabled());
+    }
+    
+    // Note: Cannot test actual rollback halt in unit tests as it calls std::process::exit(100)
+    // This must be tested in integration tests or manually
+}
diff --git a/crates/ultradag-coin/src/safety/mod.rs b/crates/ultradag-coin/src/safety/mod.rs
@@ -0,0 +1 @@
+pub mod circuit_breaker;
diff --git a/scripts/deploy_fly.sh b/scripts/deploy_fly.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+# Deploy UltraDAG to Fly.io with safety checks
+# Usage: ./deploy_fly.sh [testnet|mainnet]
+
+set -e  # Exit on any error
+
+NETWORK=${1:-testnet}
+
+echo "🚀 UltraDAG Fly.io Deployment"
+echo "=============================="
+echo ""
+
+# Set environment based on network
+if [ "$NETWORK" = "mainnet" ]; then
+    export NETWORK="mainnet"
+    export NETWORK_URL="https://ultradag-node-1.fly.dev"
+    export DATA_DIR="/root/.ultradag/node"
+    export DEPLOY_TARGET="fly.io"
+    
+    echo "⚠️  MAINNET DEPLOYMENT"
+    echo "This will deploy to production. All safety checks will be enforced."
+    echo ""
+else
+    export NETWORK="testnet"
+    export NETWORK_URL="https://ultradag-node-1.fly.dev"
+    export DATA_DIR="/root/.ultradag/node"
+    export DEPLOY_TARGET="fly.io"
+    
+    echo "📡 TESTNET DEPLOYMENT"
+    echo ""
+fi
+
+# Run pre-deployment safety checks
+echo "Running pre-deployment safety checks..."
+./scripts/pre_deploy_check.sh
+
+if [ $? -ne 0 ]; then
+    echo "❌ Pre-deployment checks failed. Aborting."
+    exit 1
+fi
+
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "Deploying to Fly.io..."
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+
+# Deploy to all nodes
+NODES=("ultradag-node-1" "ultradag-node-2" "ultradag-node-3" "ultradag-node-4")
+
+for node in "${NODES[@]}"; do
+    echo "Deploying to $node..."
+    
+    if fly deploy --app "$node" --remote-only; then
+        echo "✅ $node deployed successfully"
+    else
+        echo "❌ Failed to deploy to $node"
+        echo ""
+        echo "Deployment failed. You may need to:"
+        echo "1. Check Fly.io status"
+        echo "2. Verify app configuration"
+        echo "3. Roll back if needed: fly releases rollback --app $node"
+        exit 1
+    fi
+    
+    echo ""
+done
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "✅ Deployment complete"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo ""
+echo "Verifying deployment..."
+
+# Wait for nodes to start
+sleep 10
+
+# Check each node
+for node in "${NODES[@]}"; do
+    URL="https://$node.fly.dev/status"
+    echo -n "Checking $node... "
+    
+    STATUS=$(curl -s --max-time 10 "$URL" 2>/dev/null)
+    if [ -n "$STATUS" ]; then
+        ROUND=$(echo "$STATUS" | jq -r '.dag_round' 2>/dev/null)
+        if [ -n "$ROUND" ] && [ "$ROUND" != "null" ]; then
+            echo "✅ Round $ROUND"
+        else
+            echo "⚠️  Responding but no round info"
+        fi
+    else
+        echo "❌ Not responding"
+    fi
+done
+
+echo ""
+echo "Deployment verification complete."
+echo ""
+echo "Monitor with: ./scripts/monitor.sh"
diff --git a/scripts/extended_monitor.log b/scripts/extended_monitor.log
@@ -47,3 +47,25 @@ NODE4:SUPPLY:2261550
   Node 4: round=1255 fin=1254 lag= 1 peers=11 supply=2,269,250 ✅
   Round 1254: 3 vertices ✅
 
+[2026-03-08 13:25:25] Sample #3
+  Node 1: round=1331 fin=1331 lag= 0 peers= 8 supply=2,282,700 ✅
+NODE1:ROUND:1331
+NODE1:SUPPLY:2282700
+  Node 2: round=1331 fin=1331 lag= 0 peers= 7 supply=2,282,700 ✅
+NODE2:ROUND:1331
+NODE2:SUPPLY:2282700
+  Node 3: round=1332 fin=1331 lag= 1 peers=12 supply=2,282,750 ✅
+NODE3:ROUND:1332
+NODE3:SUPPLY:2282750
+  Node 4: round=1332 fin=1331 lag= 1 peers=11 supply=2,282,850 ✅
+NODE4:ROUND:1332
+NODE4:SUPPLY:2282850
+  Round 1332: 3 vertices ✅
+
+[2026-03-08 13:27:16] Sample #68
+  Node 1: round=1376 fin=1375 lag= 1 peers= 8 supply=2,290,550 ✅
+  Node 2: round=1376 fin=1375 lag= 1 peers= 7 supply=2,290,550 ✅
+  Node 3: round=1376 fin=1375 lag= 1 peers=12 supply=2,290,550 ✅
+  Node 4: round=1376 fin=1375 lag= 1 peers=11 supply=2,290,550 ✅
+  Round 1376: 3 vertices ✅
+
diff --git a/scripts/pre_deploy_check.sh b/scripts/pre_deploy_check.sh
