blvm-node 0.1.5

Bitcoin Commons BLVM: Minimal Bitcoin node implementation using blvm-protocol and blvm-consensus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339

[package]
name = "blvm-node"
version = "0.1.5"
edition = "2021"
authors = ["Bitcoin Commons Team"]
description = "Bitcoin Commons BLVM: Minimal Bitcoin node implementation using blvm-protocol and blvm-consensus"
license = "MIT"
repository = "https://github.com/BTCDecoded/blvm-node"
homepage = "https://btcdecoded.org"
documentation = "https://docs.rs/blvm-node"
keywords = ["bitcoin", "node", "blockchain", "cryptocurrency", "p2p"]
categories = ["cryptography::cryptocurrencies", "network-programming"]
rust-version = "1.82"

[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(feature, values("governance", "erlay", "rayon", "wasm-modules"))'] }

[package.metadata.docs.rs]
all-features = true
rustdoc-args = ["--cfg", "docsrs"]

[dependencies]
# Protocol / consensus / spec-lock from crates.io (monorepo: checkout siblings for local iteration).
blvm-protocol = { version = ">=0.1, <1" }
blvm-consensus = { version = ">=0.1, <1", optional = true }
blvm-spec-lock = { version = ">=0.1, <1", optional = true, default-features = false }
# crates.io releases use 0.1 semver; sibling [patch.crates-io] path for monorepo work.
# Node requires current MuHash APIs (running-state serde, insert_mut/remove_mut hot path).
blvm-muhash = { version = ">=0.1, <1" }

# Storage layer - EXACT VERSIONS for security
sled = { version = "=0.34.7", optional = true }
redb = { version = "=1.4", optional = true }
rocksdb = { version = "=0.24.0", optional = true }
# Git-pinned deps: used only where upstream has not cut a crates.io release containing
# the API we need. All are pinned to an exact rev or tag to guarantee reproducibility.
# Policy: upgrade to crates.io as soon as a compatible release ships; never leave
# a git dep on a floating branch. Packagers who disallow git deps should disable the
# relevant feature (e.g. `--no-default-features` for tidesdb).
#
# Pinned rev; build.rs builds libtidesdb from source and links lz4/zstd/snappy (CI installs -dev packages).
tidesdb = { git = "https://github.com/tidesdb/tidesdb-rs.git", rev = "2c128540b02400a538475d992a122d940eb93da3", version = "0.6.7", optional = true }

# Networking layer - EXACT VERSIONS for security
# Explicit features avoid `full` (smaller graphs, clearer deps). Mirrors actual `tokio::` usage
# (`rt-multi-thread`, `sync`, `time`, `net`, `fs`, `process`, `io-util`, `signal`, test macros).
tokio = { version = "=1.48.0", features = [
    "macros",
    "rt",
    "rt-multi-thread",
    "sync",
    "time",
    "net",
    "io-util",
    "fs",
    "process",
    "signal",
] }
tokio-util = { version = "=0.7.17", features = ["codec", "io"] }  # Updated for iroh 0.95 compatibility (requires ^0.7.14)
futures = "=0.3.31"  # Updated for iroh 0.95 compatibility (requires ^0.3.31)
# HTTP server - EXACT VERSIONS for security
http = "=1.1.0"
http-body-util = "=0.1.1"
hyper = { version = "=1.8.0", features = ["server", "http1", "http2"] }  # Updated for iroh 0.95 compatibility (hyper-util 0.1.18 requires ^1.8.0)
hyper-util = { version = "=0.1.18", features = ["server", "http1", "tokio"] }  # Updated for iroh 0.95 compatibility (requires ^0.1.11)

# Serialization - EXACT VERSIONS for security
serde = { version = "=1.0.228", features = ["derive"] }  # Updated for iroh 0.95 compatibility (requires ^1.0.219)
serde_json = "=1.0.108"
serde_bytes = "=0.11.19"  # Updated for iroh 0.95 compatibility (requires ^0.11.17)
bincode = "=1.3.3"
bytes = "=1.11.1"  # RUSTSEC-2026-0007: Integer overflow in BytesMut::reserve (was 1.10.1)
uuid = { version = "=1.6.0", features = ["v4"] }
toml = "=0.8.2"

# Pure-Rust secp256k1 (same implementation as blvm-consensus/blvm-protocol)
blvm-secp256k1 = { version = ">=0.1, <1" }
sha2 = "=0.10.9"
ripemd = "=0.1.3"
hex = "=0.4.3"
siphasher = "=0.3"
# bindgen (via librocksdb-sys) requires rustc-hash ^2.1; pin must match lockfile/resolver.
rustc-hash = "=2.1.1"  # FxHashMap/FxHashSet for disk_utxo hot path (2-3× faster than SipHash)
zeroize = { version = "=1.8.2", features = ["zeroize_derive"] }  # ^1.8 required by rustls (iroh); pin patch

# Network utilities
local-ip-address = "=0.6"  # For LAN peer discovery
constant_time_eq = "=0.3"  # Constant-time comparison for token authentication
aes-gcm = "=0.10.3"  # Module encryption
hkdf = "=0.12.4"  # Key derivation for module encryption

# Random number generation for Dandelion++
rand = "=0.8.5"
# Directory utilities for Bitcoin Core detection
dirs = "=5.0"
# SmallVec for production optimizations
smallvec = { version = "=1.15.1", optional = true, features = ["serde", "const_generics"] }

# Multi-consumer channel for prefetch workers
crossbeam-channel = "=0.5"
# Lower-contention mutex for IBD feeder buffer (validation + feeder hot path)
parking_lot = "=0.12"

# Address encoding (BIP173/350/351)
bech32 = "=0.9"
# Legacy P2PKH/P2SH (Base58Check)
bs58 = { version = "=0.5", features = ["check"] }

# Error handling - EXACT VERSIONS for security
anyhow = "=1.0.93"
thiserror = "=1.0.69"

# Logging - EXACT VERSIONS for security
tracing = "=0.1.41"  # Updated for iroh 0.95 compatibility (requires ^0.1.41)
tracing-subscriber = { version = "=0.3.20", features = ["env-filter"] }

# CLI - EXACT VERSIONS for security
clap = { version = "=4.4.11", features = ["derive"] }

# Async traits - for transport abstraction
async-trait = "=0.1.75"

# Bitflags for transport preference combinations
bitflags = "^2.6"

# lru and rayon come from blvm-protocol when production is enabled

# Concurrent HashMap for IBD v2 (zero lock contention); works on all platforms
dashmap = "=6.0"

# Memory allocator optimization
# Disabled for Windows cross-compilation (mimalloc linking issues with MinGW)
[target.'cfg(not(target_os = "windows"))'.dependencies]
mimalloc = { version = "=0.1", default-features = false, optional = true }
libmimalloc-sys = { version = "=0.1", features = ["extended"], optional = true }

# System calls for process sandboxing (Unix)
nix = { version = "=0.28", features = ["process", "resource"], optional = true }
libc = { version = "=0.2", optional = true }

# System information for memory stats (non-Windows only)
sysinfo = { version = "=0.30", optional = true }

# HTTP client for governance auto-detect / webhooks (feature `governance` only)
reqwest = { version = "=0.12", optional = true, features = ["json"] }

# Compression for storage optimization (optional feature)
zstd = { version = "=0.13", optional = true }

# FEC (Forward Error Correction) for FIBRE
# FIBRE relay (node `network::fibre`): FEC encode/decode — omit from default builds via `fibre` feature
reed-solomon-erasure = { version = "=6.0.0", optional = true }
# FIBRE integration tests only in this crate (`tests/fibre_integration_tests.rs`); blvm-protocol ships its own crc32fast for packet types
crc32fast = { version = "=1.3", optional = true }

# ZeroMQ moved to first-party `blvm-zmq` module (no longer a blvm-node feature).
# File watcher for module hot-reload on change (optional feature)
notify = { version = "=6.1", optional = true }
# (miniscript, base64, regex removed — now live in blvm-miniscript module only)

# Iroh networking (optional feature)
iroh = { version = "=0.95", optional = true }
# WASM: blvm-node defines WasmModuleLoader trait; blvm-sdk implements it.
# blvm-node does NOT depend on blvm-sdk. The binary injects the loader.
# Quinn QUIC transport (optional feature)
quinn = { version = "=0.11", optional = true }
rcgen = { version = "=0.12", optional = true }
rustls = { version = "=0.23", optional = true }

# Windows Job Objects for process sandboxing (Windows)
[target.'cfg(target_os = "windows")'.dependencies]
windows-sys = { version = "=0.59", features = ["Win32_System_JobObjects", "Win32_System_Threading", "Win32_Foundation", "Win32_Security"] }

# Security Note: Migrated from iroh-net 0.12 to iroh 0.95 to fix vulnerabilities:
# - idna 0.4.0 (RUSTSEC-2024-0421) - FIXED in iroh 0.95
# - ring 0.16.20 (RUSTSEC-2025-0009) - FIXED in iroh 0.95
# - rsa 0.9.8 (RUSTSEC-2023-0071) - FIXED in iroh 0.95
# - paste 1.0.15 (unmaintained) - FIXED in iroh 0.95
# iroh 0.95 transitive stack: `cargo audit` may still flag optional-path crates (e.g. hickory-proto
# RUSTSEC-2026-0118 / RUSTSEC-2026-0119 via DNS resolver) until upstream iroh bumps hickory — see
# `.github/workflows/ci.yml` Run security audit ignores for IDs we accept until then.

[features]
# Storage: `database_backend = "auto"` picks RocksDB when the `rocksdb` feature is enabled
# (see `storage/database/mod.rs::default_backend`). Redb is pure-Rust optional: `--features redb`.
# No LevelDB (backends: rocksdb, redb, sled, tidesdb).
# Pure Rust/no C++ compile: `cargo build --no-default-features --features "redb,production,..."`.
default = ["sysinfo", "rocksdb", "nix", "libc", "production", "governance", "utxo-commitments", "protocol-verification"]
# Note: rocksdb and erlay are mutually exclusive due to clang-sys version conflicts
iroh = ["dep:iroh"]
quinn = ["dep:quinn", "dep:rcgen", "dep:rustls"]
utxo-commitments = ["blvm-protocol/utxo-commitments"]
stratum-v2 = []
# Block filtering (BIP158)
bip158 = []
# Signature operations counting
sigop = []
# FIBRE relay (FEC shards + UDP-style chunks); keeps reed-solomon / test crc32 out of default builds
fibre = ["dep:reed-solomon-erasure", "dep:crc32fast"]
# System information for memory stats (sysinfo is always included)
sysinfo = ["dep:sysinfo"]
# Storage backends
sled = ["dep:sled"]
redb = ["dep:redb"]
# Note: rocksdb and erlay are mutually exclusive due to clang-sys version conflicts
rocksdb = ["dep:rocksdb"]
tidesdb = ["dep:tidesdb"]
# Process sandboxing (Unix)
nix = ["dep:nix", "dep:libc"]
libc = ["dep:libc"]
# Rayon parallel iterators (enabled by production)
rayon = []
# Production optimizations (parallel block validation, etc.)
production = ["blvm-protocol/production", "dep:blvm-consensus", "dep:smallvec", "rayon", "mimalloc", "libc"]
# Profiling: IBD_PROFILE, PERF, BATCH logs. NOT for production.
profile = ["blvm-protocol/profile", "dep:blvm-consensus"]
# Privacy relay (Dandelion++) compiled behind feature flag; default OFF
# blvm-spec-lock: #[spec_locked("10.6")] for Orange Paper Dandelion verification
dandelion = ["dep:blvm-spec-lock", "blvm-protocol/dandelion"]
# Protocol (10.1) and handshake (10.2) verification
protocol-verification = ["dep:blvm-spec-lock", "blvm-protocol/protocol-verification"]
# CTV (BIP119 CheckTemplateVerify) - passed through from blvm-protocol
ctv = ["blvm-protocol/ctv", "dep:blvm-consensus"]
# Governance (auto-detect Commons server, HTTP client)
governance = ["dep:reqwest"]
# Memory allocator optimization (mimalloc) - faster than default allocator
# Disabled for Windows cross-compilation (mimalloc linking issues with MinGW)
mimalloc = ["dep:mimalloc", "dep:libmimalloc-sys"]
# JSON logging format for structured logging (production/monitoring)
json-logging = []
# Modern REST API (runs alongside JSON-RPC)
rest-api = []
# HTTP BIP70 payment protocol support (requires rest-api)
bip70-http = ["rest-api"]
# Module file watcher for hot-reload on module.toml/config.toml change
module-watcher = ["dep:notify"]
# WASM module support (load .wasm modules in-process, hotloading)
wasm-modules = []
# miniscript feature removed — see blvm-miniscript module

# Storage compression optimizations
block-compression = ["dep:zstd"]
utxo-compression = ["dep:zstd"]
witness-compression = ["dep:zstd"]
# All compression features
compression = ["block-compression", "utxo-compression", "witness-compression"]

# Erlay (BIP330) transaction relay optimization
# Note: Requires libclang/LLVM for minisketch-rs bindgen compilation
# Erlay is entirely optional - if libclang is not available, simply don't enable this feature
# For CI without libclang: omit the erlay feature entirely
# DISABLED: erlay conflicts with rocksdb due to clang-sys version conflicts
# To enable erlay, uncomment minisketch-rs dependency above and this feature
# erlay = ["dep:minisketch-rs"]


# Security: patch transitive deps via git (crates-io to crates-io patch not allowed)
# RUSTSEC-2026-0037 quinn-proto DoS, RUSTSEC-2026-0009 time stack exhaustion
[dev-dependencies]
blvm-protocol = { version = ">=0.1, <1", features = ["test-utils"] }
blvm-consensus = { version = ">=0.1, <1", features = ["test-utils"] }
tempfile = "=3.8.1"
rand = "0.8"
# For iroh SecretKey generation in iroh-gated tests (avoids RNG version conflicts)
getrandom = "=0.2"
# Module DB / WASM integration tests that used blvm_sdk live under tests/module/ — run them from a
# monorepo checkout with a path dev-dependency, or from blvm-sdk; not required for CI/crates.io.
criterion = "=0.5"
proptest = "=1.4.0"
dhat = "=0.3"  # Heap profiling
serial_test = "=3.0"  # Sequential test execution for database isolation

# Release profile optimizations (mirrors blvm-consensus)
[profile.release]
# Production optimizations (mirrors blvm-consensus)
opt-level = 3
lto = false        # off: fastest iteration; use thin/fat for production/CI
codegen-units = 256  # max parallelism
strip = true  # Remove symbols for smaller binaries
panic = "abort"  # Smaller binaries, no unwinding overhead

[profile.release.package."*"]
opt-level = 3

# Fast release: opt-level 2 for iteration (~2-3x faster compile)
[profile.release-fast]
inherits = "release"
opt-level = 2

[profile.release-fast.package."*"]
opt-level = 2

# Benchmark profile
[profile.bench]
opt-level = 3
debug = false
strip = false
lto = "thin"
codegen-units = 16

# Benchmark targets
# Benchmarks have been moved to blvm-bench crate
# See: https://github.com/BTCDecoded/blvm-bench

# Local development: use .cargo/config.toml or [patch.crates-io] in this file to point at sibling repos.

# IMPORTANT: rocksdb and erlay features are mutually exclusive
# Due to clang-sys version conflicts, you cannot enable both features simultaneously.
# To use rocksdb, you must exclude erlay from your build:
#   cargo build --features rocksdb --no-default-features
# Then manually add back other needed features (e.g., --features rocksdb,production)
# The build script (build.rs) will catch this conflict at build time.


# Examples
[[example]]
name = "electrum-integration"
path = "examples/electrum-integration.rs"

[[example]]
name = "wallet-integration"
path = "examples/wallet-integration.rs"

[[example]]
name = "verify_tidesdb"
path = "examples/verify_tidesdb.rs"
required-features = ["tidesdb"]

# Tools
[[bin]]
name = "convert-bitcoin-core-config"
path = "tools/convert-bitcoin-core-config.rs"

[[bin]]
name = "migrate-bitcoin-core"
path = "tools/migrate-bitcoin-core.rs"
required-features = ["rocksdb"]

# secp256k1 now direct path dep above; no patch needed