Skip to content

Move binary_url back into the hash; deprecate the outside-envelope field#387

Open
nadahalli wants to merge 4 commits into
capabilities-developmentfrom
tejaswi/deprecate-per-node-binary-url
Open

Move binary_url back into the hash; deprecate the outside-envelope field#387
nadahalli wants to merge 4 commits into
capabilities-developmentfrom
tejaswi/deprecate-per-node-binary-url

Conversation

@nadahalli
Copy link
Copy Markdown
Contributor

@nadahalli nadahalli commented Jun 1, 2026

Pivots the confidential-workflows binary fetch away from per-node pre-signed URLs.

binary_url returns to WorkflowExecution (inside PublicData, covered by
ComputeRequest.Hash()) as a stable, node-agnostic canonical locator. The
enclave will authenticate to the storage service out of band via a fetch
sidecar, so per-node URLs are no longer needed and the value can live inside
the hash envelope again.

Proto-only, additive (no field removed or renumbered), so no Go API break.
Downstream: chainlink-common regen + bump, then chainlink/core and
confidential-compute. PRs #22590 and CC #343 are being reworked on top of this.

nadahalli added 2 commits June 1, 2026 20:20
@nadahalli
Deprecate outside-envelope binary_url and vault_don_secrets; restore …
4df2e7c 
…in-hash binary_url

Pivot away from the per-node pre-signed URL design. binary_url returns to
WorkflowExecution (PublicData, covered by ComputeRequest.Hash()) as a stable
canonical locator; the enclave authenticates to the storage service out of
band via a fetch sidecar, so per-node URLs are no longer needed.

- WorkflowExecution.binary_url: restored as the canonical field.
- ConfidentialWorkflowRequest.binary_url: deprecated (kept for back-compat).
- vault_don_secrets: deprecated (enclave fetches secrets dynamically at runtime).
@nadahalli
Drop vault_don_secrets deprecation; keep only the binary_url pivot
5c88e45 
capabilities-development does not deprecate vault_don_secrets, so neither
should this PR. Revert that field and its message comment to match the
branch; the only net change is the binary_url move back into the hash.
@nadahalli nadahalli requested review from a team as code owners June 1, 2026 21:34
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Jun 1, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 624862e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 1, 2026
edited
Loading

The latest Buf updates on your PR. Results from workflow Regenerate Protobuf Files / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed⏩ skippedJun 2, 2026, 3:54 PM

@app-token-issuer-engops app-token-issuer-engops Bot requested review from a team as code owners June 1, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChrisAmora ChrisAmora Awaiting requested review from ChrisAmora

@DylanTinianov DylanTinianov Awaiting requested review from DylanTinianov

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nadahalli