2025-11-10 Vac weekly

Vac 2025/11/10 §

highlights §

• QA: RLN contract fuzz and adversarial suites expanded via waku-rlnv2-contract#40 and #42, keeping the property-based pipeline current with protocol changes.
• QA: Status-go functional tests gained new settings wrappers plus reduced noise as status-go#6984 iterates toward green.
• QA: Desktop QA broadened e2e coverage around toplevel windows, Squish 9.1 setup, and Windows send flows while verifying release PRs such as status-desktop#19227.
• QA: Mobile QA advanced BrowserStack/Jenkins wiring (status-desktop#19163) and continued the Appium 1x1 chat test port.
• DST: Gas-price overflow during RLN registrations was isolated on vac:dst:waku:2025q4-waku-scaling:TWN-supports-RLN-tree, explaining the stalled Merkle tree fills.
• DST: Browser bootstrapping work overcame multi-arch docker manifest gaps and now runs in the dedicated zerotesting-pwhite namespace.
• DST: Codex-in-Status integration scenarios were tuned via retention and archival limits ahead of handoff.
• DST: Regression sweeps on nwaku v0.37 exposed packet loss/logging issues, prompting new image proposals and analysis script fixes.
• Nim: Nimble 1.0.0 now supports Nim binary parametrization (nimble#1514) and instrumentation call trees (#1511).
• Nim: Packaging fixes such as copying VCS metadata before install (nimble#1513) and addressing nimResolve assertion defects (#1512) cleared several long-standing issues.
• Nim: Confutils now flattens nested options and improves subcommand help thanks to status-im/nim-confutils#118 and #119.
• P2P: QUIC stabilization merged docker-compose harnesses plus negotiated protocol, wildcard resolver, EOF handling, and timeout fixes across nim-libp2p/nim-quic.
• P2P: C-bindings now support threaded workers and richer request handling via nim-libp2p#1820.
• P2P: Kademlia provider work delivered getProviders, provider-manager limits, and integration test prep spanning nim-libp2p#1852, #1789, #1843, and #1848.
• P2P: Maintenance tightened test layouts, coverage bundles, CI naming, and AsyncSemaphore support in nim-chronos#586.
• ACZ: Zerokit removed the legacy FFI implementation (zerokit#337) while the wasm/public API rework (#352) moves toward review.
• ACZ: RLN shared database PoC now has unit tests and pending performance fixes before landing in the monorepo.
• ACZ: Logos discovery RFC drafting advanced alongside a working POC covering lookup/advertise flows and registrar RPC exchanges.
• ACZ: Multi-steward DE-MLS RFC updates from the Waku offsite are being folded into the final review cycle.
• RFC: Slot builder RFC #209 advanced toward first-draft completion.
• RFC: Marketplace RFC phase 2 is nearly wrapped via #208, while block-exchange research kicked off.
• RFC: RFC index maintenance continued, keeping open reviews moving across specs.
• SC: SimpleKarmaDistributor deploy scripts were extended with initialization logic in status-network-monorepo#62.
• SC: Distributed slashing mitigation research continues ahead of the pre-audit protocol enhancement review.
• SC: The team is investing in Risc0 upskilling to support Logos and Status L2 zero-knowledge needs.
• Security: Web3 security essentials curriculum is nearly publish-ready after reviewing the DeFi, development, and job-search checklists.
• Security: Secure signing efforts onboarded legacy members while testing Falcon agents, USB passthrough, and VM builds with multiple hardware wallets.
• Security: Incident response closed STATUS-352 Jenkins issues, validated Balancer exposure, and removed a phishing clone of Status Wallet.
• Security: Finance automation received final approval for the bank data notifications and continued unified admin audit testing across platforms.
• TKE: Karma incentives modeling began using Cyp’s asset strategy as input.
• TKE: The Funding the Commons voting workshop app is underway for Devconnect.
• TKE: All Hands and Devconnect travel logistics and scheduling were organized to keep the team aligned onsite.
• Web: SN Hub deposit, withdraw, discovery, staking, and karma components all moved toward release with new dialogs, skeleton states, and unstaking flows.
• Web: Logos/PSF sites advanced with new landing pages, spaces calendar dashboards, and admin tooling updates while staging agency onboarding.
• Web: Maintenance shipped the new mobile release (status-web#842), FtW promo updates, vac.dev RLN page, and release CI fixes.
• Web: Cross-team reviews kept status-web, psf.logos.co, admin-acid, and vac.dev branches healthy ahead of upcoming launches.
• BI: IFT weekly news site regained missing Logos posts while pulling new Vac blogs via refreshed Airbyte jobs.
• BI: Finance dashboards advanced with DBT balance work, treasury syncs, and etherscan-backed transaction validation.
• BI: RAG LLM pipeline hardened through chunk-prefix tweaks, Qdrant fixes, and fresh source-count dashboards.
• Infra: LIDO validators swapped hardware and gained Agenix/ZFS tooling plus fixed Cloudflare token usage.
• Infra: CI stack received a Jenkins security upgrade, fresh GitHub runners, and Mac M4 Qt build fixes.
• Infra: Nimbus fleets finished storage migrations while mitigating REST API attacks and Clang build regressions.
• Nescience: Wallet personalization PRs landed alongside deterministic seed-recovery work and new proving benchmarks.
• Nescience: Privacy-preserving tail-calls progressed despite active Risc0 blockers, while Miden consulting docs shipped.

vac:qa: §

• vac:qa:waku:2025q4-rln-smart-contract-testing:property-based
  • Landed the fuzz test expansion in PR#40 to exercise more RLN contract edge cases.
• vac:qa:waku:2025q4-rln-smart-contract-testing:security-adversarial
  • Submitted adversarial scenarios via PR#42 and rebased on the new fuzz harness.
• vac:qa:status:2025q4-status-go-functional-testing:maintenance
  • Investigated the flaky test_update_keycard_uid_success case and proposed a temporary fix in status-go@92cd47e.
• vac:qa:status:2025q4-status-go-functional-testing:settings
  • Opened PR#6984 with the first pass of settings wrappers, trimming noisy tests and logging.
• vac:qa:vac:2025q4-nim-libp2p-testing:quic
  • Added coverage helpers (PR#1855), stream tests (PR#1829), and parallel stream work now under review (PR#1838).
• vac:qa:status:2025q4-status-qa-desktop:maintenance
  • Hardened toplevel window handling, updated status-go, expanded Squish coverage, and verified multiple regressions including status-desktop#19228.
• vac:qa:status:2025q4-status-qa-desktop:release-testing
  • Smoke-tested desktop PRs #19180 and #19227 ahead of promotion.
• vac:qa:status:2025q4-status-qa-mobile:port-tests
  • Continued the Appium 1x1 chat port in status-desktop#19239.
• vac:qa:status:2025q4-status-qa-mobile:test-ci
  • Iterated on BrowserStack/Jenkins enablement via status-desktop#19163, #19114, and #19107.

vac:dst: §

• admin/misc
  • OOO: 1 CC day.
  • Coordinated Waku offsite syncs (KAD-DHT, Mix, De-MLS), set up a Grafana dashboard for Richard, added Sergio’s SSH access via infra-misc#437, and reviewed strategy material.
• vac:dst:waku:2025q4-waku-scaling:TWN-supports-RLN-tree
  • Traced RLN registration failures to a gas-price overflow triggered inside nwaku when filling the tree despite excluding zerokit components.
• vac:dst:status:2025q4-status-evaluation:chat-protocol-benchmarks-followup
  • Documented the remaining uncertainty on whether the regression sits in go-waku or Status and briefed Patryc/Igor.
• vac:dst:codex:2025q4-codex-evaluation:codex-in-status
  • Built the community scenario by tightening archival intervals and store retention.
• vac:dst:vac:2025q4-libp2p-evaluation:regression-testing
  • Continued QUIC experiments (tuning flags, FloodPublish, connection caps, and k8s resources) yet still saw instability and high CPU, recommending profiling to P2P.
• vac:dst:waku:2025q4-waku-evaluation:regression-testing
  • Partnered with Ivan on nwaku v0.37 runs, proposing images with alternate nim-libp2p builds and per-protocol bandwidth metrics while Farooq iterated on log-levels and parsing scripts.
• vac:dst:waku:2025q4-waku-scaling:optimise-browser-bootstrapping
  • Battled docker manifest generation, ultimately hand-building and pushing multi-arch images plus staging namespaces for jswaku experiments documented here.
• vac:dst:ift:2025q4-dst-tooling:complete-deployment-refactor
  • Kept 10ksim#169 moving through review with iterative updates.
• vac:dst:ift:2025q4-dst-tooling:general-tooling
  • Merged VictoriaMetrics matcher improvements (PR#164) and cleanup fixes (PR#168).
• vac:dst:vac:2025q4-libp2p-evaluation:rust-libp2p-node
  • Advanced the rust test node integration (shadow tests, Yamux injector runs) with metrics endpoint and sanity checks still pending.
• reviews
  • Reviewed regression toolchain changes including 10ksim#168 and #169.

vac:nim: §

• vac:nim:ift:2025q4-nimble:nimble-1.0.0
  • Refactored the bootstrap pipeline for Nim bin parametrization, fixed CI/test regressions, restored git metadata copying, and added instrumentation call trees across PRs #1514–#1511.
• vac:nim:ift:2025q4-nim-core-libs:command-line-parsers
  • Delivered Confutils updates for option flattening and improved --help handling via PR#118 and PR#119.

vac:p2p: §

• admin/misc
  • Patched autotls integration test nil-pointer fallout in nim-libp2p#1847.
• vac:p2p:ift:2025q4-nimlibp2p-quic:stabilization
  • Added docker-compose testing (PR#1837), fixed negotiated protocol handling (PR#1846), improved wildcard resolution (PR#1844), and merged QUIC timeout/EOF fixes (nim-quic#175, nim-libp2p#1839).
• vac:p2p:ift:2025q4-nimlibp2p-cbindings:core
  • Enabled libp2p threading plus request handling for the C bindings via PR#1820.
• vac:p2p:ift:2025q4-nimlibp2p-maintenance:maintenance
  • Reorganized tests into utils/stream/crypto dirs with bundle runners (PR#1858, #1857, #1849, #1842), improved pubsub (PR#1845), and cleaned CI naming/license checks (PR#1835, #1832).
• vac:p2p:ift:2025q4-nimlibp2p-ipv6:transport
  • Added IPv6 TCP transport tests via PR#1850 and QUIC helpers (PR#1853).
• vac:p2p:ift:2025q4-nimlibp2p-kad-dht:data-retrieval
  • Introduced getProviders in PR#1852.
• vac:p2p:ift:2025q4-nimlibp2p-kad-dht:data-storage
  • Progressed provider manager work, including limits and touch-ups (PR#1789, #1843, #1848).

vac:acz: §

• admin/misc
  • OOO: 10 CC days.
  • Processed All Hands visa paperwork and reviewed the Logos Launch Strategy material.
• vac:acz:nes:2025q4-nescience-consulting:miden-privacy
  • Produced a privacy analysis document outlining Miden transaction and contract gaps.
• vac:acz:nes:2025q4-nescience-consulting:miden-testnet
  • Captured test findings and privacy concerns for the current testnet in a companion doc.
• ift:2025q4-zerokit:ffi-rework
  • Removed the old implementation and merged PR#337.
• ift:2025q4-zerokit:wasm-ffi-rework
  • Continued the wasm-side rework via PR#352.
• ift:2025q4-zerokit:public-api-rework
  • Updated protocol.rs APIs connected to the RLN wasm module, paving the way for removing unused endpoints.
• ift:2025q4-zerokit:zerokit-maintaining
  • Debugged the @waku/zerokit-rln-wasm 0.3.0 package.
• ift:2025q4-rln-status-l2:shared-db
  • Brought the private repo PoC close to readiness with unit tests and performance measurements.
• ift:2025q4-discovery:draft-rfc
  • Refined the Logos discovery RFC draft, expanded the Vac forum post, and added lookup/advertise support inside the POC (logos-capability-discovery-poc#1).
• ift:2025q4-de-mls-tesnet:multi-steward-rfc
  • Addressed feedback on rfc-index#193 throughout the Waku offsite.

vac:rfc: §

• vac:rfc:codex:2025q4-rfc-iteration:slot-builder
  • Continued drafting PR#209, now roughly 55% complete.
• vac:rfc:codex:2025q4-rfc-iteration:community-history
  • Started outlining the community-history RFC.
• vac:rfc:ift:2025q4-rfc-index-maintenance:maintenance
  • Responded to open review feedback across the index.
• vac:rfc:codex:2025q4-rfc-iteration:marketplace
  • Brought phase 2 of PR#208 to ~85% completion.
• vac:rfc:codex:2025q4-rfc-iteration:block-exchange
  • Began researching the block-exchange requirements.

vac:sc: §

• vac:sc:logos:2025q4-risc0-upskilling:poc
  • Started Risc0 study plans, standing up small example projects where possible.
• vac:sc:status-l2:2025q4-pre-audit-protocol-enhancements:distributed-slashing
  • Compared mitigation strategies for the slashing race condition.
• vac:sc:status-l2:2025q4-maintaining-status-l2-contracts:maintenance
  • Deployed SimpleKarmaDistributor instances, fixed deployment script bugs, and extended it for automatic initialization.
• admin/misc
  • Read the Logos Launch Strategy, brainstormed team contributions, and supported RLN fuzz test reviews.

vac:sec: §

• ift:2025q4-awareness-program:web3-security-essentials
  • Final-reviewed the new modules, leaving only a few sections pending before release.
• ift:2025q4-secure-signing-process-training:signatory-onboarding-run
  • Continued onboarding legacy signers.
• ift:2025q4-secure-signing-env-deployment:build-a-secure-vm-for signing
  • Tested USB passthrough with Trezor and Ledger.
• ift:2025q4-secure-signing-environment:endpoint-security-evaluation
  • Installed Falcon agents on test devices and began exercising AV/device control features.
• ift:2025q4-defi-strategy-access-control:aave-horizon-pendle-update
  • Added Aave Horizon market support and enabled Pendle term tokens inside scope audits.
• ift:2025q4-cicd-security-review:status-design-reviews
  • Completed detailed Desktop/Wallet code reviews, dependency sweeps, Ethereum hardfork impact analysis, CodeQL tuning, and GitHub token approvals.
• ift:2025q4-vulma-and-ir:incidents
  • Resolved STATUS-352 Jenkins executor issues, assessed the Balancer incident for Status impact, rotated tokens/secrets, and took down a phishing clone site.
• ift:2025q4-vulma-and-ir:remediation-tracking
  • Closed Dependabot/CodeQL findings, synchronized lockfiles/SBOMs, and patched npm/crypto CVEs with partners.
• ift:2025q4-finance-automation-enhancements
  • Monitored daily executions, supported ad-hoc requests, and completed final tests/approval for the new bank-data notification.
• ift:2025q4-iam-operations:admin-audit
  • Tested the unified admin audit flow while documenting blockers around GitHub API access, Discord bots, and Notion endpoints.
• admin/misc
  • Tracked Hackenproof updates and reviewed security engineering candidate profiles.

vac:tke: §

• admin
  • Coordinated All Hands travel plus Devconnect scheduling and logistics.
• vac:tke:status:karma-incentives
  • Discussed asset strategy options and kicked off modeling work.
• vac:tke:ift:tokenomics-research-forum:voting-workshop
  • Built out the voting workshop app for Funding the Commons @ Devconnect.

vac:web: §

• admin/misc
  • OOO: 2 CC days.
  • Ran 1:1s, submitted reviews across hub/PSF/admin repos, and handled coordination chores.
• vac:web:status:2025q4-sn-hub
  • Prepared the hub release branch for internal testing, wired external links (status-web#818), and triaged release feedback.
• vac:web:status:2025q4-sn-hub:deposit
  • Added the pre-deposit dialog and token selection in PR#816.
• vac:web:status:2025q4-sn-hub:withdraw
  • Brought PR#813 to 95% complete while addressing review items.
• vac:web:status:2025q4-sn-hub:discovery
  • Merged the discovery section via PR#808.
• vac:web:status:2025q4-sn-hub:staking
  • Added the staking skeleton (PR#840) and completed unstaking (PR#820).
• vac:web:status:2025q4-sn-hub:karma
  • Implemented the karma feature in PR#837.
• vac:web:ift:2025q4-maintenance
  • Requested minified blog assets, specified proxy integration in status-website#1622, prepped and released the mobile build (status-website#1620, status-web#842, status-web#845), embedded the FtW promo video (logos.co#94), unblocked release CI (status-web#838, #844), deployed status.app/status.network from monorepo (status-web#825, #826), and fixed Vercel builds (status-web#836).
• vac:web:ift:2025q4-logos-website
  • Met with the agency to clarify scope and next steps.
• vac:web:ift:2025q4-logos-website:spaces-calendar
  • Delivered CSV import, graph visualizations, and staging deployment via admin-acid#21.
• vac:web:ift:2025q4-psf-website:website
  • Implemented the new visual language, hero video, Admin-acid API swap, and deployed ps.logos.co through ps.logos.co#10.
• vac:web:status:2025q4-sn-hub:release
  • Conducted broad reviews covering withdraw (status-web#813), staking skeleton (#840), and related fixes (#832, #833, #834).

vac:bi: §

• IFT Weekly News Website
  • Improved custom CSS, added Vac blogs via Airbyte, and restored missing Logos Press Engine posts.
• Finance Dashboard
  • Advanced Finance DBT balance processes (test data pending), aligned with Deivids/Nacho on the treasury dashboard, and sanity-checked transactions against etherscan.io.
• RAG LLM
  • Updated chunk prefixes, fixed intermittent Qdrant HTTPS bugs, reloaded the newest data, refreshed the source-count dashboard, debugged YouTube metadata/transcripts, and raised a data-freshness alert as Qdrant grows.
• Logos Launch Strategy Review
  • Highlighted BI contributions such as adding new blog sources and improving GitHub KPIs.
• MISC
  • Started Telegram extraction, built Discord notifications for the monthly report, enhanced the Discord Airbyte connector to fetch membership data, and resolved YubiKey SSH issues on Windows.

vac:infra: §

• LIDO
  • Swapped node-01 with spare-02, improved Agenix tooling, added ZFS usage helpers for key hosts, and fixed Cloudflare API token handling in the dev shell.
• CI
  • Upgraded Jenkins for security fixes, resolved Qt build issues on the Mac M4 host, deployed additional GitHub self-hosted runners, and improved the runner metrics exporter.
• STATUS
  • Fixed Brew bottle fetching for Windows/macOS builds, advanced the new Windows E2E setup, continued MatterBridge fork upgrades, bridged additional Status communities, and upgraded Squish on CI hosts.
• NIMBUS
  • Completed storage migrations for the mainnet fleet, mitigated attacks on public REST API endpoints, researched Commit-Boost/MEV-Boost on Hoodi, and fixed Clang mismatch build failures.
• SITES
  • Migrated psf.logos.co to ps.logos.co, progressed the Status Network Hub deployment, and fixed Vac RFC website build issues.
• MISC
  • Deployed the new Finance SNT vesting tool, investigated missing Rootly SMS alerts, ordered the new Vac DST cluster (finance-approved), cleaned legacy Codex infra on Hetzner, and shipped Nix fixes for Zerokit/Nim-Waku packages.

vac:nes: §

• state-separation-architecture-poc:ux-wallet
  • Finalized PR#148 covering wallet personalization.
• state-separation-architecture-poc:seed-recovery
  • Started PR#149 to implement deterministic hierarchical keys.
• ACZ docs Review
  • Reviewed AN1, AN3, and AN5.
• vac:nes:2025q4:state-separation-architecture-poc:privacy-tail-calls
  • Continued the privacy-preserving tail-call effort; progress is currently blocked by Risc0 limitations.
• vac:nes:2025q4:state-separation-architecture-poc:client-side-bench
  • Benchmarked client-side proving with and without Groth16-wrapped proofs and refreshed documentation (PR#150).
• vac:acz:nes:2025q4-nescience-consulting:miden-privacy
  • Authored a Miden privacy analysis.
• vac:acz:nes:2025q4-nescience-consulting:miden-testnet
  • Produced a Miden testnet assessment covering tests and privacy concerns.