Merge branch 'merge-train/barretenberg' into lde/origin-tags-0

Author: ledwards2225

.claude/scripts/check-ci-url.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+import json
+import re
+import sys
+
+data = json.load(sys.stdin)
+url = data.get('tool_input', {}).get('url', '')
+
+if 'ci.aztec-labs.com' in url:
+    # Allow if basic auth is present (user:pass@)
+    if re.search(r'://[^/:]+:[^/@]+@ci\.aztec-labs\.com', url):
+        sys.exit(0)
+    print(f'BLOCKED: Cannot WebFetch ci.aztec-labs.com (requires auth). Use /ci-logs skill instead: /ci-logs {url}', file=sys.stderr)
+    sys.exit(2)
+
+sys.exit(0)

.claude/settings.json

@@ -0,0 +1,15 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "WebFetch",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 .claude/scripts/check-ci-url.py"
+          }
+        ]
+      }
+    ]
+  }
+}

.claude/skills/adding-benchmarks/SKILL.md

@@ -139,6 +139,16 @@ function bench_cmds {
 
 **Options:** `:ISOLATE=1`, `:CPUS=8`, `:MEM=16g`, `:TIMEOUT=7200`
 
+**CPUS Suggestion:** For long running or compute-heavy benchmarks allocate CPUs (`:CPUS=N`). Benchmarks have strict scheduling, so if you request X CPUs, you'll have them available for consistent results.
+
+**ISOLATE Suggestion:** Use `:ISOLATE=1` when your benchmark needs a clean, isolated environment with no network access and pinned resources. This runs the test in a Docker container, ensuring reproducible results without interference from other processes.
+
+**MEM Suggestion:** Use `:MEM=Xg` (e.g., `:MEM=16g`) for memory-intensive benchmarks that may exceed the default allocation (CPUS × 4GB). Pair with `:ISOLATE=1` since memory limits are enforced via Docker.
+
+**TIMEOUT Suggestion:** Use `:TIMEOUT=N` (in seconds) for benchmarks that take longer than the default timeout. For example, `:TIMEOUT=1800` for 30 minutes, `:TIMEOUT=7200` for 2 hours.
+
+**Important naming gotcha:** Benchmark test files must use `.bench.test.ts` (with a dot before `bench`), NOT `_bench.test.ts`. The test discovery pattern `[[ "$test" =~ \.bench\.test\.ts$ ]]` specifically looks for `.bench.test.ts`.
+
 ### Step 3: Verify
 
 ```bash

.claude/skills/ci-log-reader/SKILL.md

@@ -0,0 +1,52 @@
+---
+name: ci-logs
+description: Analyze CI logs from ci.aztec-labs.com. Use this instead of WebFetch for CI URLs.
+user-invocable: true
+arguments: <url-or-hash>
+---
+
+# CI Log Analysis
+
+When you need to analyze logs from ci.aztec-labs.com, use the Task tool to spawn the analyze-logs agent.
+
+## Usage
+
+1. **Extract the hash** from the URL (e.g., `http://ci.aztec-labs.com/e93bcfdc738dc2e0` → `e93bcfdc738dc2e0`)
+
+2. **Spawn the analyze-logs agent** using the Task tool:
+
+```
+Task(
+  subagent_type: "analyze-logs",
+  prompt: "Analyze CI log hash: <hash>. Focus: errors",
+  description: "Analyze CI logs"
+)
+```
+
+## Examples
+
+**User asks:** "What failed in http://ci.aztec-labs.com/343c52b17688d2cd"
+
+**You do:**
+```
+Task(
+  subagent_type: "analyze-logs",
+  prompt: "Analyze CI log hash: 343c52b17688d2cd. Focus: errors. Download with: yarn ci dlog 343c52b17688d2cd > /tmp/343c52b17688d2cd.log",
+  description: "Analyze CI failure"
+)
+```
+
+**For specific test analysis:**
+```
+Task(
+  subagent_type: "analyze-logs",
+  prompt: "Analyze CI log hash: 343c52b17688d2cd. Focus: test 'my test name'",
+  description: "Analyze test failure"
+)
+```
+
+## Do NOT
+
+- Do NOT use WebFetch to access ci.aztec-labs.com (requires auth)
+- Do NOT try to curl the URL directly
+- Always use the analyze-logs agent which knows how to use `yarn ci dlog`

.claude/skills/ci-logs/ci-logs.md

@@ -73,6 +73,8 @@ jobs:
           DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          # For automatic documentation updates via Claude Code
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
           # Nightly test env vars.
           EXTERNAL_ETHEREUM_HOSTS: "https://json-rpc.${{ secrets.GCP_SEPOLIA_URL }}?key=${{ secrets.GCP_SEPOLIA_API_KEY }},${{ secrets.INFURA_SEPOLIA_URL }}"
           EXTERNAL_ETHEREUM_CONSENSUS_HOST: "https://beacon.${{ secrets.GCP_SEPOLIA_URL }}"
@@ -120,6 +122,7 @@ jobs:
   # End-to-end tests that target a network deployment.
   # We run this every release (at minimum, nightly), or when explicitly requested.
   # This task runs against a real testnet deployment. This uses resources on GCP (not AWS, thank free credit incentives).
+  # Runs two test sets in parallel.
   ci-network-scenario:
     runs-on: ubuntu-latest
     # We either run after a release (tag starting with v), or when the ci-network-scenario label is present in a PR.
@@ -132,7 +135,8 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
 
-      - name: Run Network Deploy
+      - name: Run Network Scenarios
+        timeout-minutes: 350
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -145,7 +149,7 @@ jobs:
           DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
           RUN_ID: ${{ github.run_id }}
-          AWS_SHUTDOWN_TIME: 540 # temporarily increased to 9 hours, todo(revert to 360)
+          AWS_SHUTDOWN_TIME: 360
           NO_SPOT: 1
         run: |
           # For release tags, use the release image; for PRs, omit to build and push to aztecdev
@@ -162,7 +166,7 @@ jobs:
             docker_image=""
           fi
           set -x # print next line
-          ./.github/ci3.sh network-deploy next-scenario "$namespace" "$docker_image"
+          ./.github/ci3.sh network-scenarios next-scenario "$namespace" "$docker_image"
 
       - name: Cleanup network resources
         # Clean up if this is a CI label or nightly.
@@ -175,7 +179,9 @@ jobs:
           GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
           GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
           NO_SPOT: 1
-        run: ./.github/ci3.sh network-teardown next-scenario "$NAMESPACE"
+        run: |
+          ./.github/ci3.sh network-teardown next-scenario "${NAMESPACE}-1" || true
+          ./.github/ci3.sh network-teardown next-scenario "${NAMESPACE}-2" || true
 
       #############
       # Benchmarks

.github/workflows/ci3.yml

@@ -127,6 +127,64 @@ jobs:
           ./scripts/aztec_nr_docs_generation/generate_aztec_nr_docs.sh ${{ env.NIGHTLY_TAG }}
           echo "Generated Aztec.nr API docs for: ${{ env.NIGHTLY_TAG }}"
 
+      - name: Download bb from GitHub release
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: |
+          mkdir -p /tmp/bb-bin
+          gh release download ${{ env.NIGHTLY_TAG }} \
+            --pattern "barretenberg-amd64-linux.tar.gz" \
+            --dir /tmp/bb-bin
+          tar -xzf /tmp/bb-bin/barretenberg-amd64-linux.tar.gz -C /tmp/bb-bin
+          chmod +x /tmp/bb-bin/bb
+          echo "BB_PATH=/tmp/bb-bin" >> $GITHUB_ENV
+
+      - name: Build noir packages
+        run: |
+          # Initialize noir submodule (required for yarn-project portal dependencies)
+          git submodule update --init --recursive noir/noir-repo
+          # Build noir JS packages (creates noir/packages/ directory needed by yarn-project)
+          cd noir
+          ./bootstrap.sh install_deps
+          ./bootstrap.sh build_packages
+
+      - name: Build aztec CLI
+        working-directory: ./yarn-project
+        run: |
+          ./bootstrap.sh
+          echo "AZTEC_CLI_PATH=$(pwd)/aztec/dest/bin" >> $GITHUB_ENV
+
+      - name: Generate CLI documentation
+        working-directory: ./docs
+        continue-on-error: true
+        run: |
+          # Add bb from release to PATH
+          export PATH="${BB_PATH}:${PATH}"
+
+          # Create wrapper for aztec CLI that runs the local build
+          mkdir -p /tmp/cli-bin
+          cat > /tmp/cli-bin/aztec << 'EOF'
+          #!/bin/bash
+          node "$AZTEC_CLI_PATH/index.js" "$@"
+          EOF
+          chmod +x /tmp/cli-bin/aztec
+          export PATH="/tmp/cli-bin:${PATH}"
+
+          # Generate Aztec CLI docs using binaries (continue-on-error handles failures)
+          ./scripts/cli_reference_generation/generate_all_cli_docs.sh --force current
+          echo "Aztec CLI documentation generation attempted for: ${{ env.NIGHTLY_TAG }}"
+
+      - name: Generate BB CLI documentation
+        working-directory: ./barretenberg/docs
+        continue-on-error: true
+        run: |
+          # Add bb from release to PATH
+          export PATH="${BB_PATH}:${PATH}"
+
+          # Generate BB CLI docs
+          ./scripts/generate_bb_cli_docs.sh --force current
+          echo "BB CLI documentation generation attempted for: ${{ env.NIGHTLY_TAG }}"
+
       - name: Create Aztec nightly docs version (Developer docs only)
         working-directory: ./docs
         run: |
@@ -180,6 +238,9 @@ jobs:
 
       - name: Commit new Aztec and Barretenberg Docs version
         run: |
+          # Reset non-versioned CLI docs (only versioned copies should be committed)
+          git checkout -- docs/docs-developers/docs/cli/*_cli_reference.md || true
+
           # Stash the docs changes
           git add .
           git stash push --staged -m "nightly docs for ${{ env.NIGHTLY_TAG }}"

.github/workflows/nightly-docs-release.yml

@@ -0,0 +1,112 @@
+name: Alpha Team Canary
+
+on:
+  push:
+    branches:
+      - next
+    paths:
+      # Match any file named bootstrap.sh
+      - '**/bootstrap.sh'
+      # Anything in ci3 folder
+      - 'ci3/**'
+
+env:
+  CANARY_BRANCH: ad/chore/ci-release-pr-canary
+  PR_TITLE: "no-merge: alpha canary PR"
+  PR_LABEL: ci-release-pr
+
+jobs:
+  update-canary-pr:
+    name: Update alpha team canary PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+
+      - name: Configure Git
+        run: |
+          git config --global user.name AztecBot
+          git config --global user.email [email protected]
+
+      - name: Ensure canary branch and PR exist
+        id: ensure-pr
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: |
+          # Check if branch exists
+          if ! git ls-remote --exit-code --heads origin "$CANARY_BRANCH" >/dev/null 2>&1; then
+            echo "Creating canary branch from next"
+            git checkout -b "$CANARY_BRANCH" origin/next
+            git push -u origin "$CANARY_BRANCH"
+          fi
+
+          # Check if PR exists
+          pr_number=$(gh pr list --state open --head "$CANARY_BRANCH" --json number --jq '.[0].number')
+
+          if [[ -z "$pr_number" ]]; then
+            echo "Creating canary PR"
+            pr_url=$(gh pr create \
+              --head "$CANARY_BRANCH" \
+              --base next \
+              --title "$PR_TITLE" \
+              --label "$PR_LABEL" \
+              --body "This PR tests certain CI labels periodically. Any failures in this branch log to alpha-team channel with slack.
+
+          This PR is automatically updated when \`**/bootstrap.sh\` or \`ci3/**\` files are pushed to \`next\`.
+
+          **Important:** This PR should never be merged. It exists solely to test the \`ci-release-pr\` label.")
+
+            pr_number=$(gh pr list --state open --head "$CANARY_BRANCH" --json number --jq '.[0].number')
+            echo "Created canary PR #$pr_number"
+          fi
+
+          echo "pr_number=$pr_number" >> $GITHUB_OUTPUT
+
+      - name: Check if CI is already running
+        id: check-ci
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: |
+          pr_number="${{ steps.ensure-pr.outputs.pr_number }}"
+
+          # Check if CI is currently running on this PR
+          running_ci=$(gh run list --branch "$CANARY_BRANCH" --workflow ci3.yml --status in_progress --json databaseId --jq 'length')
+
+          if [[ "$running_ci" -gt 0 ]]; then
+            echo "CI is already running on canary PR #$pr_number, skipping update"
+            echo "skip=true" >> $GITHUB_OUTPUT
+          else
+            echo "No CI running, proceeding with update"
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Merge next into canary branch
+        if: steps.check-ci.outputs.skip != 'true'
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: |
+          pr_number="${{ steps.ensure-pr.outputs.pr_number }}"
+
+          # Fetch both branches
+          git fetch origin "$CANARY_BRANCH" next
+
+          # Checkout the canary branch
+          git checkout "$CANARY_BRANCH"
+
+          # Merge next into canary branch
+          if git merge origin/next --no-edit -m "Merge branch 'next' into $CANARY_BRANCH"; then
+            echo "Successfully merged next into $CANARY_BRANCH"
+            git push origin "$CANARY_BRANCH"
+            echo "Pushed update to $CANARY_BRANCH"
+
+            # Re-add the ci-release-pr label (it gets removed after each CI run)
+            gh pr edit "$pr_number" --add-label "$PR_LABEL"
+            echo "Re-added $PR_LABEL label to PR #$pr_number"
+          else
+            echo "Merge conflict detected, aborting"
+            git merge --abort
+            exit 1
+          fi