Releases: AvaProtocol/EigenLayer-AVS
Releases · AvaProtocol/EigenLayer-AVS
v2.3.0
2.3.0 (2025-12-20)
Feature
Bug Fixes
- run_node error response not clear for contract_read node problem (#437) (61e54e3)
- add cooldown mechanism for event triggers with 5 min default value (#436) (95234af)
- resolve merge conflict in stats.go - keep Enabled/Disabled terminology (577178d)
- migrate to enabled/disabled; harden engine concurrency; update tests/docs (e1d066e)
- migrate to enabled/disabled of task status (#434) (1e7cc39)
- improve workflow execution summary consistency and formatting (e65316d)
- remove unused requireRegex variable (abda048)
- add bundler availability checks and withdrawal tests (#432) (8e232b9)
v2.2.0
2.2.0 (2025-11-20)
Feature
- load factory address from config instead of hardcoding (8c52926)
Bug Fixes
- clean up wallets created by ListWallets in test to prevent state leakage (85a10e3)
- use correct CREATE2 formula for smart wallet address computation (e37f994)
- return nil explicitly instead of err2 for clarity when operation succeeds (4dea31a)
- always store default wallet even when limit reached to match response behavior (1763fd3)
- load config from VM in TestGetSignatureFormat instead of hardcoding chainID (7b576a8)
- ensure ListWallets stores default wallet in database (9492ed5)
- update Base Sepolia contract addresses and correct Sepolia factory implementation address (33bc70e)
- use smart wallet chain ID in GetSignatureFormat instead of EigenLayer chain ID (10ac1e2)
- add missing operator-base-sepolia target to Makefile (234473d)
Tests
- add comprehensive unit tests for computeSmartWalletAddress CREATE2 formula (be5eebd)
Code Refactoring
- extract duplicate default wallet storage logic into helper function (709eec3)
v2.1.3
2.1.3 (2025-11-19)
Bug Fixes
- refine template validation skip condition for immediate execution (4c48cbd)
- update RunNodeImmediately tests to use direct variable access and improve summary generation (c4ab764)
- load test config before accessing controller private key in GetTestControllerPrivateKey (ea71f88)
- resolve template variable resolution for ManualTrigger headers/pathParams and fix ETH transfer success flag handling (b60bc8d)
- return undefined should be allowed in CustomCode but return as null due to protobuf limitation (82af62a)
- updated summarizer.go to include Executed Transaction in steps (004600d)
- clear return data when Tenderly simulation fails (31ba9ca)
- runNodeWithInputs now respects isSimulated flag from node config (81988e7)
- use execution-time template processing for loop iterations (4725eb0)
- clarify runLoop uses queue-based execution, not LoopProcessor (8935582)
- respect isSimulated config for ContractWrite operations (d1cef57)
- respect isSimulated config for ContractWrite operations (#426) (87939aa)
Code Refactoring
- remove LoopProcessor and extract shared loop helpers (5586012)
- remove redundant stepID parameter from runX functions (6e139af)
- remove redundant nodeValue parameter from runX functions (42b9055)
Chores
- fix some comments (551f81c)
v2.1.2
2.1.2 (2025-11-05)
Bug Fixes
- address Copilot review comments from PR #425 (d327490)
- update tests for PR #425 log format changes and simplify failure messages (fcc3ccd)
- refine ContractWrite/Read logging, email summary, simulation subject/year; improve AA error parsing; remove redundant success line; centralize list formatter; correct skipped-node/status calc (ddcefb2)
- add Expression: prefix to branch condition logs for consistency (b384fe9)
- update test expectations for branch workflows to expect PARTIAL_SUCCESS status (5638c1c)
- improve Branch node execution logs and email summaries with detailed condition evaluation (05ec555)
- handle native token sentinel address 0xeeee...eeee without RPC calls (88d2adb)
v2.1.1
v2.1.0
2.1.0 (2025-10-24)
Feature
Bug Fixes
v2.0.0
2.0.0 (2025-10-17)
Breaking Changes
* feat: Add comprehensive input validation with size limits and JSON validation
- Implement DoS prevention with size limits for all user-controlled inputs
* Manual trigger data: 1 MB limit
* REST API request body: 10 MB limit
* Custom code source: 100 KB limit
* Contract ABI: 1 MB total, 100 KB per item
- Add explicit JSON format validation
* Manual trigger data validation with structured errors
* REST API body validation for application/json content type
* Clear error codes: INVALID_INPUT_SIZE, INVALID_JSON_FORMAT
- Create centralized validation constants in validation_constants.go
* Easy to maintain and adjust limits
* Consistent error messages across codebase
- Add comprehensive test coverage (20 test cases)
* Manual trigger JSON and size validation tests
* REST API JSON validation tests
* Custom code size limit tests
* Edge case and error scenario coverage
- Update documentation
* Complete security audit report in INPUT_VALIDATION_AUDIT.md
* Implementation summary in VALIDATION_ENHANCEMENTS_SUMMARY.md
Security Impact:
- Eliminates multiple DoS attack vectors
- Improves user experience with clear, actionable error messages
- Maintains backward compatibility
- Security grade improved from A- to A+
All tests passing, build verified, codebase stable.
* feat(protobuf): Add lang field to nodes for centralized validation
Add language field to support explicit language/format declaration:
- Expand Lang enum: Add JSON, GraphQL, Handlebars (in addition to JavaScript)
- Add lang field to ManualTrigger.Config (default: JSON)
- Add lang field to FilterNode.Config (default: JavaScript)
- Add lang field to BranchNode.Condition (default: Handlebars)
This enables centralized, universal validation where all nodes using code
editors can validate their input based on the explicit lang field, rather
than implicit assumptions about node type.
Benefits:
- Consistent naming: Use 'lang' field across all nodes (like CustomCodeNode)
- DRY principle: One ValidateInputByLanguage() function for all nodes
- Extensible: Easy to add new languages (YAML, XML) in the future
- Backward compatible: Optional field with intelligent defaults
- Explicit over implicit: Language declared, not assumed
Implementation approach:
1. Nodes extract lang field from config
2. Call ValidateInputByLanguage(data, lang)
3. Universal validator dispatches to language-specific validators
Phase 1 nodes (immediate):
- ManualTriggerNode (JSON)
- FilterNode (JavaScript)
- BranchNode (Handlebars)
Note: SubgraphNode not included (doesn't exist in backend yet)
Planning documents included for reference:
- LANGUAGE_FIELD_IMPLEMENTATION_PLAN.md - Detailed implementation plan
- CENTRALIZED_VALIDATION_A- CENTRALIZED_VALIDATION_A- CENTRALIZED_VALIDATION_A- CENTRITOR_AUDIT.md - Complete audit of all nodes
Related to previous input validation work. TRelated to previous input validation woage-based validation across all nodes.
* feat: Implement centralized universal validation with lang field
Implement language-based validation architecture where all nodes using
code editors validate their input through a single universal function.
Core Changes:
============
1. Universal Validator (validation_constants.go)
- ValidateInputByLanguage(data, lang) - Central dispatcher for all nodes
- ValidateJSONFormat(data) - Extracted from ValidateManualTriggerData
- ValidateManualTriggerData() - Now deprecated, calls ValidateJSONFormat
2. Three Validation Paths Updated:
a) runManualTriggerImmediately (run_node_immediately.go)
- Extracts lang from triggerConfig (default: JSON)
- Calls ValidateInputByLanguage(data, lang)
b) TriggerTask (engine.go)
- Gets lang from task.Trigger.GetManual().Config.Lang
- Calls ValidateInputByLanguage(data, lang)
c) SimulateTask (engine.go)
- Extracts lang from triggerConfig (default: JSON)
- Calls ValidateInputByLanguage(data, lang)
Architecture Benefits:
=====================
- DRY: One validation function for all nodes (no duplication)
- Centralized: All language validators in validation_constants.go
- Consistent: All nodes validate the same way
- Testable: Test validation logic once, not per-node
- Extensible: Add new languages (YAML, XML) in ONE place
- Explicit: Language declared via lang field, not assumed
Backward Compatibility:
======================
- lang field is optional in protobuf (added in previous commit)
- Defaults to appropriate language when missing:
* ManualTrigger: JSON
* FilterNode: JavaScript (when implemented)
* BranchNode: Handlebars (when implemented)
- Existing workflows without lang field continue to work
Current Language Support:
========================
- JSON: Full validation (format + size)
- JavaScript: No validation yet (TODO: implement JS syntax validation)
- GraphQL: No validation yet (TODO: implement GraphQL syntax validation)
- Handlebars: No validation yet (TODO: implement template validation)
Validation Flow:
===============
1. Node extracts lang field from config (with intelligent default)
2. Node calls ValidateInputByLanguage(data, lang)
3. Universal validator dispatches to language-specific validator
4. Returns success or structured error
Example Usage:
=============
// All nodes use the same pattern:
lang := avsproto.Lang_JSON // or from config
if err := ValidateInputByLanguage(data, lang); err != nil {
return nil, err
}
Testing:
=======
✅ All existing tests pass
✅ Manual trigger validation tests pass
✅ Backward compatibility maintained
✅ Code compiles successfully
Phase 1 Complete:
================
- ManualTrigger using universal validation ✅
- FilterNode protobuf ready (val- FilterNode protobuf rede protobuf ready (validation TODO)
Related commits:
- feat(protob- feat(protob- feat(protob- feat(protob- feat(protob- feat(protob-ement- feat(protob- feat(protob- feat(protob- feat(protob- feat(protob- feross all nodes with code editors.
* Update the lanugage field plan
* Removed All Deprecated Code & Backward Compatibility
* fix: Address Copilot PR #408 review comments with STRICT lang requirement
Resolved unresolved Copilot comments with NO backward compatibility:
1. Enhanced Type Support for Lang Field (STRICT - NO DEFAULTS)
- Created ParseLanguageFromConfig() supporting int32, float64, string, Lang enum
- Returns error if lang field is missing (strict requirement)
- Handles JSON unmarshaling edge cases (float64 for numbers)
- Validates string enum names with helpful error messages
2. Eliminated Code Duplication
- Created shared ParseLanguageFromConfig() helper function
- Created shared ValidateManualTriggerPayload() helper function
- Refactored 3 locations to use shared helpers (DRY principle)
3. Strict Lang Requirement (BREAKING CHANGE)
- Lang field MUST be explicitly provided - NO defaults
- Application rejects missing lang field with clear error
- TriggerTask path validates lang is not zero value and rejects it
- All existing workflows must be updated to include lang field
4. Proto Comments Updated
- Updated proto comments to state lang is REQUIRED (no default)
- Clarified proto zero value vs application enforcement
5. Do5. Do5. Do5. Do5. Do5. Do5. Do5. Do5. Do5. Do5. Do5. Do5. Do5MARY.md with correct error codes
- Fixed: INVALID_TRIGGER_CONFIG and INVALID_NODE_CONFIG (not INVALID_INPUT_SIZE)
- Added clarification for trigg - Added clarification for trigg - Added clarification for short-circuit logic to ABI size validation
- Stop processing immediately when total size exceeds limit
- Improves DoS defense for very large inputs
777777777777777777777777777777777777777777777777for non-existent tes77777777777777mplified test setup in run_node_manual_trigger_validation_test.go
BREAKING CHANGE: Lang field is now strictly required for all ManualTrigger configs.
No backward compatibility - missing lang field will cause validation error.
Files Modified:
- protobuf/avs.proto - Updated comments (st- protoquirement)
- core/taskengine/validation_constants.go - Added strict helpers
- core/taskengine/run_node_immediately.go - Strict lang requirement
- core/taskengine/engine.go - Strict lang requirement (both paths)
- core/taskengine/run_node_manual_trigger_validation_test.go - Removed dead code
- VALIDATION_ENHANCE- VALIDATION_ENHANCE- VALIDATION_ENHANCE- VALIDATION_ENHANCE- VALIDATION_ENHANution - VALIDATION_ENHANCE- VALIDATION_ENHANCE- VALIDATION_ENHANCE- VALIDATION_ENHANCE- VALIDATION_ENHANution - VALIDATION_ENHANCE- VALIDE - lang field now required
* fix: Follow protobuf best practice - Lang enum with UNSPECIFIED=0
Fixed Lang enum to follow protobuf best practices where zero value represents "not set":
BREAKING CHANGE: Lang enum values renamed and reordered
- Old: JavaScript=0, JSON=1, GraphQL=2, Handlebars=3
- New: LANG_UNSPECIFIED=0, LANG_JAVASCRIPT=1, LANG_JSON=2, LANG_GRAPHQL=3, LANG_HANDLEBARS=4
Changes:
1. Renamed enum values with LANG_ prefix (protobuf convention)
2. Added LANG_UNSPECIFIED=0 (proper protobuf practice for "not set")
3. Updated proto comments to clarify LANG_UNSPECIFIED must be rejected
4. Updated engine.go to check for LANG_UNSPECIFIED instead of LANG_JAVASCRIPT
5. Updated all Go code references to use new enum names
6. Regenerated protobuf files
Rationale:
Across avs.proto, 0 value consistently means "not set" (e.g., TRIGGER_TYPE_UNSPECIFIED, NODE_TYPE_UNSPECIFIED). This change aligns Lang enum with existing protobuf conventions.
Files Modified:
- protobuf/avs.proto - Fixed enum definition
- protobuf/*.pb.go - Regenerated
- core/taskengine/*.go - Updated enum references
- core/testutil/*.go - Updated enum references
- COPILOT_REVIEW_RESOLUTIONS.md - Updated documentation
Test Results:
✅ All tests passing
✅ Build successful
* refactor: Centralize LANG_UNSPECIFIED valid...
v1.17.1
v1.17.1 (2025-10-03)
Bug Fixes
-
fix: address Copilot PR #407 review comments (9484f44)
- Fix comment in testutil/utils.go to reflect actual panic behavior
- Improve aa_sender validation error message to include invalid value for debugging
- Simplify template resolution error message by moving explanation to log field
- Enhance hyphen validation log message with specific guidance about valid variable paths
- Update LoadSecretsForImmediateExecution comment to clarify user-level secrets limitation
-
fix: modernize contractWrite processing and remove workflowContext backward compatibility (#405) (256d95d)
- Enhanced security: EOA addresses now sourced from authenticated JWT tokens
- Unified RunNodeImmediately signature: (nodeType, nodeConfig, inputVariables, user)
- Clear separation between configuration (settings) and authentication (user)
- Comprehensive validation for missing settings, runner, or user authentication
- Updated vm_runner_contract_write.go to validate settings.runner and settings.chain_id
- Modified run_node_immediately.go to require user authentication for contractWrite nodes
- Updated chainId resolution in contract write simulation to prioritize settings
Other Changes
- Remove unused method in core/taskengine/run_node_immediately.go (9e69ba4)
- Migrate from workflowContext to settings for simulations (#406) (70a79f6)
- Remove fallback values for public RPC endpoints and make program fail early when config is missing (811163e)
- Update core/taskengine/run_node_immediately.go (6665383)
- Update core/testutil/utils.go (8fc7181)
Configuration Changes
For contractWrite operations, use the new settings format:
{
"chain": "Sepolia",
"chain_id": 11155111,
"runner": "0x...",
"other_params": {...}
}Note: While this release modernizes some APIs, it maintains essential functionality with improved security and validation.
v1.17.0
1.17.0 (2025-09-29)
Feature
- add comprehensive fee estimation API with Moralis integration (#401) (0beb531)
- implement comprehensive gas cost tracking for contract writes and ETH transfers (#399) (f5f0023)
Bug Fixes
- invalid http code should count as restApi error; fix block trigger operator notification issue (#403) (1fbfc61)
- use RestApi and moralis to get wallet balance; streamline error code return during exeuction (#402) (318668c)
- add input variables support for workflow definitions (b18f613)
- enhance release script with Docker publishing confirmation prompts (ca716a3)
v1.16.0 - Structured Error System and Operator Reconnection
🚀 Major Improvements
🔧 Structured Error System
- NEW: Comprehensive ErrorCode enum with categorized error codes (1000s-8000s)
- NEW: Updated protobuf responses to include
errorCodefield for programmatic error handling - IMPROVED: Error messages now reference exact client-side field names (e.g.,
methodCalls[].methodName is required) - FIXED: Removed duplicate error information from metadata responses
- FIXED: Cryptic errors like 'invalid selector length: 0' now show clear messages
🔗 Operator Reconnection Improvements
- NEW: Implemented gRPC client recreation logic for connection closing errors
- FIXED: Operator stuck state after aggregator restarts - operators now automatically reconnect
- ENHANCED: Connection resilience with automatic client recreation
- IMPROVED: Better error categorization and logging for connection issues
🎯 Client-Side Benefits
- NEW: Programmatic error handling with specific error codes
- IMPROVED: Clear, actionable error messages
- MAINTAINED: Backward compatible error responses
- ENHANCED: Better debugging capabilities with structured errors
🧪 Test Reliability
- FIXED: Test timing issues with proper polling mechanisms
- RESOLVED: Race conditions in workflow execution tests
- ENHANCED: Test resilience for CI/CD environments
Error Codes Available:
3006- MISSING_REQUIRED_FIELD (for validation errors)8001- SMART_WALLET_NOT_FOUND (for wallet issues)3002- INVALID_NODE_CONFIG (for configuration errors)3004- INVALID_ADDRESS (for address validation)- And many more categorized by function (auth, resources, validation, etc.)
Breaking Changes: None
This release is fully backward compatible. Existing error handling will continue to work, with enhanced error codes available for new implementations.