docker_cluster.sh: support N>4 validators on private chains

[Taranpreet26311]

Summary

Adds patch_for_private_chain() to docker_cluster.sh that:

• Pushes Plato/Luban to block 100M (effectively disables fast-finality on private chains)
• Pushes Berlin/London/Hertz to maintain fork ordering
• Sets bohrTime/pascalTime/lorentzTime/maxwellTime/fermiTime to null
• Sorts validators by consensusAddr ascending in validators.template

Also replaces flaky forge install --no-git with a direct git clone of forge-std.

Why

The default node-deploy setup is tested at 4 validators. For private chains with N > 4 validators across a WAN (e.g. 21 validators across multiple GCP regions), the chain consistently panics at block 8-9.

The cascade

1. With many validators starting near-simultaneously, network RTT (100-300ms cross-region) + Parlia's out-of-turn delay produces DoubleSign at block 2 — multiple validators each produce a competing block 2.
2. Fast finality (Plato, activates at block 7 in the default genesis-template) reads attestations on imports.
3. The reorg path (ReorgNeededWithFastFinality → parlia/snapshot.go:411) panics on voteAddrs[idx] index out-of-range when the snapshot apply path encounters DoubleSigned headers.
4. Validators crash-loop, chain stuck at block 9.

The validator sort fix

Parlia's snapshot.validators() returns the validator set sorted-ascending. The original validators.template's extraDataSerialize emitted them in insertion order. Result: in-turn calculation picks a different validator than the one whose key is in keystore[0] → block 1 fails with unauthorized validator. This was only visible after pushing Luban back, because pre-Luban Parlia uses extraData order more directly.

The forge install fix

forge install --no-git foundry-rs/forge-std@v1.7.3 fails inside a parent directory that's a git repo (the genesis submodule's .git is a redirect file pointing into the parent's .git/modules/). Forge's recursive ds-test init can't resolve the path. Direct git clone works reliably.

Test plan

• Run bash docker_cluster.sh prepare with DISABLE_FAST_FINALITY=true (default) and 21 validators
• Verify generated genesis.json has lubanBlock: 100000000 and platoBlock: 100000000
• Start 21 validators in tight sync (within ~5s); confirm chain advances past block 9
• Run with DISABLE_FAST_FINALITY=false and 4 validators; confirm upstream behavior is preserved (lubanBlock: 6, fast finality active)

Notes

• Default for DISABLE_FAST_FINALITY is true since the canonical >4-validator path is via StakeHub registration on a running chain (mainnet pattern). Setting this to false preserves the upstream 4-validator-with-fast-finality config.
• Mainnet itself didn't bootstrap 21 validators with Plato — Plato activated on a chain that had been running for years. Disabling Plato on private chains with N > 4 validators reflects this; it's not a "downgrade", it's the right config for testnets that aren't bootstrapped from a long-lived chain.
• The contract patches in BSCValidatorSet.sol (turnLength = 16, if (block.number < 2000) return;) remain unchanged.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Added an optional local BSC client build for easier local testing.
  • Streamlined installation of testing libraries used for local chains.
  • Introduced optional genesis patching to disable fast finality and support validator ordering.
  • Prepare workflow now applies genesis patches before generating configs to ensure consistent setup.

[coderabbitai]

Caution

Review failed

Failed to post review comments

📝 Walkthrough

Walkthrough

This change adds two new functions to docker_cluster.sh: prepare_bsc_client() to optionally clone/build/install a local BSC geth binary, and patch_for_private_chain() to conditionally modify genesis-template.json and validators.template when DISABLE_FAST_FINALITY is true. The reset_genesis flow was changed to clone forge-std (v1.7.3) and ds-test directly instead of using forge install. The prepare command sequence now runs patch_for_private_chain between reset_genesis and prepare_config.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Script as docker_cluster.sh
    participant GitHub as "Remote Git Repos"
    participant Builder as "go build"
    participant FS as "Local filesystem (genesis/templates)"

    User->>Script: run "prepare"
    Script->>GitHub: clone lib/forge-std (v1.7.3) & ds-test
    GitHub-->>Script: repo contents
    Script->>FS: create/reset genesis templates
    alt prepare_bsc_client requested
        Script->>GitHub: clone bsc repository / checkout branch
        GitHub-->>Script: bsc source
        Script->>Builder: build geth binary
        Builder-->>Script: built geth
        Script->>FS: install local geth binary
    end
    Script->>Script: patch_for_private_chain (if DISABLE_FAST_FINALITY)
    Script->>FS: modify genesis-template.json (push forks far future / null time forks)
    Script->>FS: modify validators.template (optional sort by consensusAddr)
    Script->>Script: prepare_config (generate final configs)
    Script-->>User: prepare complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 6 | ❌ 4

❌ Failed checks (4 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title does not follow the required format: it lacks the type prefix (feat/fix/refactor/docs/test/chore) required by the specification.	Reformat the title to follow the required pattern: (<domain/pkg>): . For example: 'feat(docker_cluster.sh): support N>4 validators on private chains' or 'fix(docker_cluster.sh): enable private chains with N>4 validators'.
Go Build And Test Rationale	⚠️ Warning	PR adds 4 new Go packages with substantial logic (blockchain, crypto, wallets) and zero test coverage. Repository lacks any test infrastructure.	Add unit tests for create-validator and txbot covering: validator creation, transaction signing, wallet initialization, and error handling.
Public Api Changes	⚠️ Warning	PR adds breaking changes to public API without CHANGELOG. New env vars, workflow modifications, and reset_genesis() changes not documented.	Add CHANGELOG with: new env vars BSC_GETH_BRANCH and DISABLE_FAST_FINALITY, patch_for_private_chain() workflow insertion, prepare sequence changes, reset_genesis() dependency replacement.
Security Considerations	⚠️ Warning	Command injection risks: unquoted ${workspace} in lines 37,42. Unquoted $TPL/$VT in sed commands (lines 105-126). Unvalidated BSC_GETH_BRANCH environment variable used in git operations.	Quote all variable expansions ("${workspace}", "$TPL", "$VT"). Validate BSC_GETH_BRANCH input. Use [[ ]] with quotes in line 34 conditional.

✅ Passed checks (6 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Concurrency Safety	✅ Passed	The PR modifies only docker_cluster.sh (bash script). Concurrency safety checks for goroutines/channels/context are inapplicable to bash deployment scripts. No Go code is modified.
Rust Best Practices	✅ Passed	The custom check for Rust best practices is not applicable. The PR modifies only docker_cluster.sh, a Bash shell script. No Rust files or Cargo.toml exist in the repository.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch private-chain-21-validators

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docker_cluster.sh`:
- Around line 117-121: The script currently uses an unquoted $VT and a fragile
sed insertion into validators.template targeting the literal "function
extraDataSerialize(validators) {"; fix by quoting the variable references (use
"$VT") and replace the brittle sed-based injection with a more robust patch
strategy: either apply a separate patch file (e.g., validators.template.patch)
and use patch or git apply, or perform the transformation with a small Node or
jq script that locates the extraDataSerialize function (by name) and inserts the
"// SORT_PATCHED" + sort line into its body; ensure you still check for the "//
SORT_PATCHED" marker before patching so the idempotent check using "$VT" and the
marker remains.
- Around line 98-111: The sed/grep commands use an unquoted variable $TPL
(risking globbing/word-splitting) and only verify the "lubanBlock" replacement,
allowing other sed failures to go unnoticed; update all sed and grep invocations
to double-quote "$TPL" and add at least one more verification grep (e.g., check
for '"platoBlock": 100000000') after the sed sequence so failures in sed lines
for "platoBlock" (and similar keys like "berlinBlock", "londonBlock", etc.) are
detected and cause a non-zero exit; locate the sed calls and the existing grep
check in the docker_cluster.sh patch_for_private_chain section and apply these
changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: getoptimum/coderabbit/.coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b62211b9-f835-4ef5-b882-ff9e095a6b91

📥 Commits

Reviewing files that changed from the base of the PR and between e5ca839 and b4e50ea.

📒 Files selected for processing (1)

• docker_cluster.sh

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Quote variables and verify more patches to catch silent failures.

Two issues:

1. $TPL is unquoted in all sed/grep commands. Per shellcheck SC2086, double-quote to prevent globbing/word splitting.

2. Only lubanBlock is verified (line 111). If any other sed pattern doesn't match (e.g., different whitespace in template), the patch silently fails. At minimum, verify platoBlock since it's the primary fast-finality gate.

🛠️ Proposed fix

-    sed -i 's/"lubanBlock": 6,/"lubanBlock": 100000000,/'                $TPL
-    sed -i 's/"platoBlock": 7,/"platoBlock": 100000000,/'               $TPL
-    sed -i 's/"berlinBlock": 8,/"berlinBlock": 100000001,/'             $TPL
-    sed -i 's/"londonBlock": 8,/"londonBlock": 100000001,/'             $TPL
-    sed -i 's/"hertzBlock": 8,/"hertzBlock": 100000002,/'               $TPL
-    sed -i 's/"hertzfixBlock": 8,/"hertzfixBlock": 100000002,/'         $TPL
-    sed -i 's/"bohrTime": 0,/"bohrTime": null,/'                       $TPL
-    sed -i 's/"pascalTime": 0,/"pascalTime": null,/'                   $TPL
-    sed -i 's/"pragueTime": 0,/"pragueTime": null,/'                   $TPL
-    sed -i 's/"lorentzTime": 0,/"lorentzTime": null,/'                 $TPL
-    sed -i 's/"maxwellTime": 0,/"maxwellTime": null,/'                 $TPL
-    sed -i 's/"fermiTime": 0,/"fermiTime": null,/'                     $TPL
-    sed -i 's/"haberFixTime": 0,/"haberFixTime": null,/'               $TPL
-    grep -q '"lubanBlock": 100000000' $TPL || { echo "patch_for_private_chain: luban patch failed" >&2; exit 1; }
+    sed -i 's/"lubanBlock": 6,/"lubanBlock": 100000000,/'                "$TPL"
+    sed -i 's/"platoBlock": 7,/"platoBlock": 100000000,/'               "$TPL"
+    sed -i 's/"berlinBlock": 8,/"berlinBlock": 100000001,/'             "$TPL"
+    sed -i 's/"londonBlock": 8,/"londonBlock": 100000001,/'             "$TPL"
+    sed -i 's/"hertzBlock": 8,/"hertzBlock": 100000002,/'               "$TPL"
+    sed -i 's/"hertzfixBlock": 8,/"hertzfixBlock": 100000002,/'         "$TPL"
+    sed -i 's/"bohrTime": 0,/"bohrTime": null,/'                       "$TPL"
+    sed -i 's/"pascalTime": 0,/"pascalTime": null,/'                   "$TPL"
+    sed -i 's/"pragueTime": 0,/"pragueTime": null,/'                   "$TPL"
+    sed -i 's/"lorentzTime": 0,/"lorentzTime": null,/'                 "$TPL"
+    sed -i 's/"maxwellTime": 0,/"maxwellTime": null,/'                 "$TPL"
+    sed -i 's/"fermiTime": 0,/"fermiTime": null,/'                     "$TPL"
+    sed -i 's/"haberFixTime": 0,/"haberFixTime": null,/'               "$TPL"
+    grep -q '"lubanBlock": 100000000' "$TPL" || { echo "patch_for_private_chain: luban patch failed" >&2; exit 1; }
+    grep -q '"platoBlock": 100000000' "$TPL" || { echo "patch_for_private_chain: plato patch failed" >&2; exit 1; }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	sed -i 's/"lubanBlock": 6,/"lubanBlock": 100000000,/' $TPL
	sed -i 's/"platoBlock": 7,/"platoBlock": 100000000,/' $TPL
	sed -i 's/"berlinBlock": 8,/"berlinBlock": 100000001,/' $TPL
	sed -i 's/"londonBlock": 8,/"londonBlock": 100000001,/' $TPL
	sed -i 's/"hertzBlock": 8,/"hertzBlock": 100000002,/' $TPL
	sed -i 's/"hertzfixBlock": 8,/"hertzfixBlock": 100000002,/' $TPL
	sed -i 's/"bohrTime": 0,/"bohrTime": null,/' $TPL
	sed -i 's/"pascalTime": 0,/"pascalTime": null,/' $TPL
	sed -i 's/"pragueTime": 0,/"pragueTime": null,/' $TPL
	sed -i 's/"lorentzTime": 0,/"lorentzTime": null,/' $TPL
	sed -i 's/"maxwellTime": 0,/"maxwellTime": null,/' $TPL
	sed -i 's/"fermiTime": 0,/"fermiTime": null,/' $TPL
	sed -i 's/"haberFixTime": 0,/"haberFixTime": null,/' $TPL
	grep -q '"lubanBlock": 100000000' $TPL || { echo "patch_for_private_chain: luban patch failed" >&2; exit 1; }
	sed -i 's/"lubanBlock": 6,/"lubanBlock": 100000000,/' "$TPL"
	sed -i 's/"platoBlock": 7,/"platoBlock": 100000000,/' "$TPL"
	sed -i 's/"berlinBlock": 8,/"berlinBlock": 100000001,/' "$TPL"
	sed -i 's/"londonBlock": 8,/"londonBlock": 100000001,/' "$TPL"
	sed -i 's/"hertzBlock": 8,/"hertzBlock": 100000002,/' "$TPL"
	sed -i 's/"hertzfixBlock": 8,/"hertzfixBlock": 100000002,/' "$TPL"
	sed -i 's/"bohrTime": 0,/"bohrTime": null,/' "$TPL"
	sed -i 's/"pascalTime": 0,/"pascalTime": null,/' "$TPL"
	sed -i 's/"pragueTime": 0,/"pragueTime": null,/' "$TPL"
	sed -i 's/"lorentzTime": 0,/"lorentzTime": null,/' "$TPL"
	sed -i 's/"maxwellTime": 0,/"maxwellTime": null,/' "$TPL"
	sed -i 's/"fermiTime": 0,/"fermiTime": null,/' "$TPL"
	sed -i 's/"haberFixTime": 0,/"haberFixTime": null,/' "$TPL"
	grep -q '"lubanBlock": 100000000' "$TPL" || { echo "patch_for_private_chain: luban patch failed" >&2; exit 1; }
	grep -q '"platoBlock": 100000000' "$TPL" || { echo "patch_for_private_chain: plato patch failed" >&2; exit 1; }

🧰 Tools

🪛 Shellcheck (0.11.0)

[info] 98-98: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 99-99: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 100-100: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 101-101: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 102-102: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 103-103: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 104-104: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 105-105: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 106-106: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 107-107: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 108-108: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 109-109: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 110-110: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 111-111: Double quote to prevent globbing and word splitting.

(SC2086)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker_cluster.sh` around lines 98 - 111, The sed/grep commands use an
unquoted variable $TPL (risking globbing/word-splitting) and only verify the
"lubanBlock" replacement, allowing other sed failures to go unnoticed; update
all sed and grep invocations to double-quote "$TPL" and add at least one more
verification grep (e.g., check for '"platoBlock": 100000000') after the sed
sequence so failures in sed lines for "platoBlock" (and similar keys like
"berlinBlock", "londonBlock", etc.) are detected and cause a non-zero exit;
locate the sed calls and the existing grep check in the docker_cluster.sh
patch_for_private_chain section and apply these changes.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | 💤 Low value

Quote $VT and consider more robust patching approach.

Same SC2086 issue: $VT unquoted on lines 118-119.

The sed-based JavaScript injection on line 119 is fragile—it depends on exact function signature formatting. If the template changes (e.g., different whitespace, renamed function), the patch silently fails and validators remain unsorted, causing "unauthorized validator" at block 1.

Consider using a dedicated patch file or jq/node-based approach for more robust patching.

♻️ Minimal fix: quote variables

-    if ! grep -q "// SORT_PATCHED" $VT; then
-        sed -i 's|function extraDataSerialize(validators) {|function extraDataSerialize(validators) {\n  // SORT_PATCHED\n  validators = validators.slice().sort((a,b) => a.consensusAddr.toLowerCase().localeCompare(b.consensusAddr.toLowerCase()));|' $VT
+    if ! grep -q "// SORT_PATCHED" "$VT"; then
+        sed -i 's|function extraDataSerialize(validators) {|function extraDataSerialize(validators) {\n  // SORT_PATCHED\n  validators = validators.slice().sort((a,b) => a.consensusAddr.toLowerCase().localeCompare(b.consensusAddr.toLowerCase()));|' "$VT"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	local VT=${workspace}/genesis/scripts/validators.template
	if ! grep -q "// SORT_PATCHED" $VT; then
	sed -i 's|function extraDataSerialize(validators) {|function extraDataSerialize(validators) {\n // SORT_PATCHED\n validators = validators.slice().sort((a,b) => a.consensusAddr.toLowerCase().localeCompare(b.consensusAddr.toLowerCase()));|' $VT
	echo "patch_for_private_chain: validators.template now sorts by consensusAddr"
	fi
	local VT=${workspace}/genesis/scripts/validators.template
	if ! grep -q "// SORT_PATCHED" "$VT"; then
	sed -i 's|function extraDataSerialize(validators) {|function extraDataSerialize(validators) {\n // SORT_PATCHED\n validators = validators.slice().sort((a,b) => a.consensusAddr.toLowerCase().localeCompare(b.consensusAddr.toLowerCase()));|' "$VT"
	echo "patch_for_private_chain: validators.template now sorts by consensusAddr"
	fi

🧰 Tools

🪛 Shellcheck (0.11.0)

[info] 118-118: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 119-119: Double quote to prevent globbing and word splitting.

(SC2086)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker_cluster.sh` around lines 117 - 121, The script currently uses an
unquoted $VT and a fragile sed insertion into validators.template targeting the
literal "function extraDataSerialize(validators) {"; fix by quoting the variable
references (use "$VT") and replace the brittle sed-based injection with a more
robust patch strategy: either apply a separate patch file (e.g.,
validators.template.patch) and use patch or git apply, or perform the
transformation with a small Node or jq script that locates the
extraDataSerialize function (by name) and inserts the "// SORT_PATCHED" + sort
line into its body; ensure you still check for the "// SORT_PATCHED" marker
before patching so the idempotent check using "$VT" and the marker remains.