…ersion code:18634 (tronprotocol#6508)

…,version code:18636 (tronprotocol#6542)

New workflows:
- pr-build.yml: multi-OS build matrix (macOS, Ubuntu, RockyLinux, Debian11)
  and changed-line/overall coverage gate
- pr-check.yml: PR title/body lint + Checkstyle
- pr-reviewer.yml: scope-based reviewer auto-assignment
- pr-cancel.yml: cancel in-progress runs when PR is closed unmerged
- system-test.yml: spin up FullNode and run the system-test suite

Existing workflows:
- codeql.yml: bump to v4/v5 actions, switch to manual build-mode with
  JDK 8, add paths-ignore for docs-only changes
- math-check.yml: bump checkout/upload-artifact/github-script versions

…ersion code:18643

* fix readme typo and format

…NF (tronprotocol#6555)

…tocol#6564)

…otocol#6565)

Removed 4 config files from framework/src/main/resources that were
not referenced anywhere in the codebase:
- config-backup.conf: no references
- config-beta.conf: no references
- config-test-net.conf: no references
- config-localtest.conf: only used in tests, shadowed by
  src/test/resources/config-localtest.conf on the test classpath

…tocol#6574)

…tronprotocol#6569)

…ronprotocol#6586)

* test: add dual DB engine (LevelDB + RocksDB) test coverage

Changes:
- Add a registration status check to prevent duplicate initialization during CI test runs.
- Throw TronError on actuator instantiation failures to improve error visibility and debugging.
- Narrow package scanning from "org.tron" to "org.tron.core.actuator" to reduce reflection overhead and speed up registration.
- Remove JVM args for CI test to avoid JDK8 G1 GC bugs and Evacuation Pause failures.
- Optimize console output to prevent test OOM for CI
- Adjust memory and parallelism settings
- Exclude dnsjava InetAddressResolverProvider

…ation test

TronError extends Error, not Exception, so use Throwable to ensure
worker thread failures are properly captured.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(config): remove redundant JSON-RPC config fields and consolidate parameter binding

Remove maxBlockFilterNum, maxAddressSize, and maxRequestTimeout from NodeConfig/CommonParameter
since they were superseded by the jsonRpcMaxBatchSize/jsonRpcMaxResponseSize parameters.
Consolidate the config binding path so all JSON-RPC size limits flow through a single
reference.conf entry, and clean up stale test-config fixtures.

* fix bug of NodeConfigTest

* remove allowShieldedTransactionApi from reference.conf

* add testcase of external.ip is null

* change comment

* fix the bug of --es and 7 failed testcases

…onprotocol#6760)

Pre-3.0.0(The previous event-plugin public release is 2.2.0)
event-plugin builds still link against com.alibaba.fastjson, which
was removed from java-tron in tronprotocol#6701. When such a plugin is loaded, the
NoClassDefFoundError surfaces inside the plugin's own worker thread and is
swallowed by its catch(Throwable) handler. The node keeps running while
silently dropping every trigger, leaving operators with no signal that the
event subscription is broken.

Enforce a minimum Plugin-Version at startup in EventPluginLoader.startPlugin
using pf4j's VersionManager (semver). When the descriptor version is below
3.0.0, log a clear upgrade hint and return false; the existing call chain in
Manager.startEventSubscribing wraps that into TronError(EVENT_SUBSCRIBE_INIT)
and aborts node startup instead of silently degrading.

…rs (tronprotocol#6761)

- Add `rate.limiter.apiNonBlocking` switch (default false). When off, callers wait for a permit; when on, they reject immediately and shed load.
- Wire the switch through `RateLimiterConfig` → `Args` → `CommonParameter`; update `reference.conf` / `config.conf`.
- Add blocking `acquire()` paths on `IRateLimiter`, `GlobalRateLimiter`, and `QpsStrategy` / `IPQpsStrategy` / `GlobalPreemptibleStrategy`. Only the semaphore-based strategy is bounded (2s); the QPS-based paths use unbounded Guava `RateLimiter.acquire()`.
- Introduce `acquirePermit()` dispatcher (default method on `IRateLimiter`; static on `GlobalRateLimiter`) that picks blocking vs non-blocking based on the switch.
- Swap `tryAcquire` → `acquirePermit` at the `RateLimiterServlet` and `RateLimiterInterceptor` call sites; preserve per-endpoint-before-global ordering to avoid consuming global quota on per-endpoint rejection.
- Extract `loadIpLimiter()` in `GlobalRateLimiter` and `loadLimiter()` in `IPQpsStrategy` to share cache+exception handling between `tryAcquire` and `acquire`.
- Add unit tests covering dispatcher routing (both directions), acquire IP-before-global ordering, and IP-loader-failure fail-closed behaviour.

)

…ion (tronprotocol#6763)

…onprotocol#6791)

- P2pEventHandlerImpl.processException's switch did not include the
  BLOCK_MERKLE_ERROR type introduced by PR tronprotocol#6716. The new type fell through
  to the default branch, so peers whose blocks failed merkle root
  validation were disconnected with ReasonCode.UNKNOWN instead of
  BAD_BLOCK, missing the bad-peer ban window in
  PeerConnection.processDisconnect.
- Add the case alongside BAD_BLOCK and BLOCK_SIGN_INVALID so the
  disconnect reason is reported as BAD_BLOCK end-to-end.
- Rename the two enum constants for naming consistency:
  BLOCK_SIGN_ERROR    -> BLOCK_SIGN_INVALID,
  BLOCK_MERKLE_ERROR  -> BLOCK_MERKLE_INVALID,
  and reword their descriptions to 'sign failed' / 'merkle failed' to
  match the imperative style used by the other nearby enum entries.
  All call sites updated.
- Add two regression tests in P2pEventHandlerImplTest:
  one pins BLOCK_MERKLE_INVALID -> BAD_BLOCK (the actual fix);
  the other pins BLOCK_SIGN_INVALID -> BAD_BLOCK so a future switch
  refactor cannot silently drop either back to UNKNOWN.

…ocol#6777)

- Manager.switchFork now re-validates each replayed block's witness signature
  before applying. The witness account's permission can change between forks
  (via permission-update transactions), so a signature that was valid on the
  original chain may no longer be valid on the replay path.
- Use `if (!validateSignature(...)) throw new ValidateSignatureException`
  rather than discarding the boolean return: validateSignature only throws
  on malformed signature bytes; an attacker-supplied valid-format signature
  with a wrong-signer address returns false. Discarding the return would let
  that attack through.
- The existing switchFork catch list already includes
  ValidateSignatureException, so the new throw is wired into the existing
  switchback path with no additional handling.
- Add three BlockCapsule.validateSignature contract tests pinning the two
  failure modes the fix relies on: signer-mismatch returns false, signer-match
  returns true, and a 65-byte malformed signature throws
  ValidateSignatureException.

…ronprotocol#6796)

Initialize multiAddresses from ownerAddressSet so that getVerifyTxs
still forces re-verification of an owner's later txs even after the
owner's permission-change tx has been packed and is no longer present
in pendingTransactions.

Main changes:
- Manager.getVerifyTxs: seed multiAddresses with ownerAddressSet to
  cover the case where a permission-change tx has been consumed but
  ownerAddressSet still retains the owner (kept alive by in-flight
  txs in pushTransactionQueue / rePushTransactions via
  filterOwnerAddress).
- ManagerTest: add getVerifyTxsSkipsBlockWhenPermissionTxAlreadyConsumed
  reproducing the bypass — pending contains only B (transfer, old sig,
  isVerified=true), ownerAddressSet contains the owner, block contains
  only B without the permission-change tx. Assertion checks B is placed
  in the re-verify list instead of being short-circuited via setVerified.

…col#6780)

* fix(vm): canonicalize ModExp zero modulus output (TIP-871)

* func(vm): remove account name for history block hash contract

* test(db): align BlockHashHistory account name assertion

* feat(net): normalize inbound messages

* perf(net): skip wire-byte rewrite when sanitize is a no-op

…ronprotocol#6800)

…tronprotocol#6794)

…protocol#6801)

…ams (tronprotocol#6790)