[codex] default devnet to single sequencer

[panos-xyz]

What changed

• Make make devnet-up and make devnet-up-debugccc always start centralized single-sequencer mode; the PBFT fallback flag was removed.
• Replace the old default 4-validator + 2-sentry devnet with a 2-node topology: node-0 is the sequencer, node-1 is a non-sequencer fullnode.
• Rename the default devnet compose file from docker-compose-4nodes.yml to docker-compose-devnet.yml.
• Register the configured sequencer in L1Sequencer via setFirstSequencer before L2 startup.
• Use the L1 contract deployer/owner key for setFirstSequencer, defaulting to DEPLOYER_PRIVATE_KEY or the Hardhat dev key, instead of the block signer key.
• Inject the sequencer private key only into node-0, and inject the sequencer upgrade time into both nodes.
• Keep make devnet-up-reth support for the new 2-node topology, so both morph-el-0 and morph-el-1 can run morph-reth.
• Regenerate stale local .devnet node config when an old 6-node layout is detected.
• Simplify devnet compose storage: L2 EL data now uses .devnet/el0 and .devnet/el1 bind mounts; named volumes are kept only for L1 EL/CL/VC data.
• Trim stale/default tx-submitter and gas oracle environment variables from the compose file.
• Remove obsolete PBFT-era and pre-Lighthouse devnet leftovers under ops/docker, including old Dockerfiles, old L1 compose/entrypoint files, old monitoring configs, and unused node2-node5 keys.
• Remove the obsolete ops/docker-sequencer-test harness, which still depended on the deleted docker-compose-4nodes.yml / old PBFT+sentry topology.

Why

The devnet target previously carried the PBFT-era topology even when running a centralized sequencer flow. That starts unnecessary L2 nodes and EL clients locally, and makes the block-tag/finalized behavior harder to reason about. The default devnet now matches the main local testing need: one sequencer plus one syncing non-sequencer node.

The tx-submitter service is intentionally still present. It is the local component that seals/commits/finalizes batches, so removing it would make the safe/finalized/block-tag path less representative and could hide the exact class of finalized-tag issues this devnet is meant to test. This PR only removes redundant/default env entries from that service.

L1Sequencer.initialize(owner) uses the Hardhat deployer as the owner. The previous devnet script attempted setFirstSequencer with BLOCK_SIGNER_PRIVATE_KEY, whose address is not the owner, so full make devnet-up-reth failed with Ownable: caller is not the owner. The script now derives and checks the deployer address against owner() before sending the transaction.

Validation

• python3 -m py_compile ops/devnet-morph/devnet/__init__.py ops/devnet-morph/devnet/setup_nodes.py
• git diff --check
• git diff --cached --check
• docker compose --env-file .env -f docker-compose-devnet.yml config --quiet from ops/docker
• docker compose --env-file .env -f docker-compose-devnet.yml -f docker-compose-reth.yml config --quiet from ops/docker
• make -n devnet-up
• make -n devnet-up-reth
• Monkeypatch test for configure_l1_sequencer: verified setFirstSequencer is sent with the deployer key, not BLOCK_SIGNER_PRIVATE_KEY.
• Actual setup_devnet_nodes() generation check: verified only node0 and node1 are generated, only node0 has validator key/state, node1 has no validator key, and genesis contains one validator.
• Reference scan for deleted ops/docker files: confirmed the removed Dockerfiles, old monitoring configs, old L1 compose files, old node2-node5 key files, and ops/docker-sequencer-test are not referenced by the current devnet path.

I did not run a full make devnet-up in this branch because it would stop/replace local devnet containers and regenerate local deployment artifacts.

Summary by CodeRabbit

• New Features

  • Updated local devnet to a 2-node setup with optional cluster mode.
  • Added single-sequencer configuration options (private key, address, upgrade offset) and propagated them through devnet startup variants.
  • Added cluster devnet targets and a dedicated Reth bring-up target.

• Bug Fixes

  • Improved devnet startup/service wiring to use the new devnet compose layout.
  • Refreshed cleanup behavior to more reliably remove devnet volumes and generated state.

• Chores

  • Removed obsolete 4-node devnet and related docker/test assets; aligned Layer1 and tx-submitter scripts with the new compose configuration.

• Tests

  • Added automated checks for devnet compose selections and cleanup behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d016aed6-5cf8-4de6-9d84-4e1e75b56b38

📥 Commits

Reviewing files that changed from the base of the PR and between 95120a0 and b59e163.

📒 Files selected for processing (5)

• Makefile
• ops/devnet-morph/tests/test_devnet_config.py
• ops/docker/docker-compose-devnet.yml
• ops/docker/docker-compose-reth.yml
• ops/docker/static-nodes.json

💤 Files with no reviewable changes (1)

• ops/docker/docker-compose-reth.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• ops/devnet-morph/tests/test_devnet_config.py

---

📝 Walkthrough

Walkthrough

Switches the devnet to a 2-node base topology with a rewritten HA cluster overlay, adds sequencer CLI-driven L1 registration and finalization waits, updates node generation and Makefile wiring, and adds config validation tests.

Changes

Devnet 2-node refactor and single-sequencer wiring

Layer / File(s)	Summary
Base devnet stack ops/docker/docker-compose-devnet.yml, ops/docker/static-nodes.json, ops/docker/tendermint-devnet-genesis.json	Defines the devnet compose stack with Layer1 services, two L2 execution clients, two morph nodes, tx-submitter, gas-price oracle, and reduced static genesis data.
HA cluster overlay ops/docker/docker-compose-cluster.yml, ops/docker/docker-compose-reth.yml	Reworks the cluster compose overlay to use bind mounts, new geth and node images, environment-driven sequencer keys, and removes the unused reth services.
Single-sequencer CLI and L1 setup ops/devnet-morph/devnet/__init__.py	Adds sequencer CLI arguments, updates compose selection, computes upgrade timing, writes sequencer environment values, registers the first sequencer on L1, waits for finalized blocks, and adds the block-number RPC helper.
Devnet node setup ops/devnet-morph/devnet/setup_nodes.py	Regenerates stale devnet node data for the 2-node plus HA topology, rewrites Tendermint setup parameters, narrows pex disabling, and updates key-copy behavior.
Makefile targets and Layer1 scripts Makefile, ops/docker/Makefile.layer1, ops/docker/layer1/scripts/..., ops/docker/Dockerfile.l1, ops/docker/node2/node_key.json, ops/docker/nodekey2	Switches devnet targets to docker-compose-devnet.yml, adds cluster and reth variants, changes cleanup behavior, updates tx-submitter compose usage, and retargets Layer1 scripts and related cleanup files.
Docker build cache and config tests ops/docker/Dockerfile.l2-geth, ops/docker/Dockerfile.l2-node, ops/devnet-morph/tests/test_devnet_config.py	Splits Dockerfile builds to cache Go module downloads earlier, and adds tests that read the devnet Makefile, Dockerfiles, and compose files to assert the new layout and cluster selection behavior.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• morph-l2/morph#802: Modifies the Makefile's devnet-clean-build workflow, including Layer1 cleanup behavior, which overlaps with this PR's cleanup changes.
• morph-l2/morph#947: Changes devnet compose/reth target wiring, closely matching this PR's new cluster and reth variants.
• morph-l2/morph#966: Refactors L1 sequencer contract handling, directly related to this PR's setFirstSequencer setup flow.

Suggested reviewers

• curryxbo
• FletcherMan

Poem

🐰 Two nodes hop in, the cluster wakes,
The sequencer hums, the old path breaks.
Finalized blocks glitter bright and clear,
Fresh devnet winds are bunny-cheer.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 64.71% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly matches the main change: devnet now defaults to a single-sequencer topology.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/devnet-single-sequencer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ops/devnet-morph/devnet/__init__.py`:
- Around line 373-383: The wait_for_l1_finalized helper only logs a warning on
timeout, which allows configure_l1_sequencer() to keep going and start L2 with
stale state. Update wait_for_l1_finalized to fail fast when the finalized block
never reaches min_block by raising an error instead of returning after the
timeout, and make sure the caller in configure_l1_sequencer() does not proceed
past this check unless finality is confirmed.

In `@ops/docker/docker-compose-devnet.yml`:
- Around line 11-14: The devnet service port mappings are exposing internal RPC
and node interfaces on all host interfaces, and the single-port entry for the
auth RPC is also publishing a random host port. Update the affected port lists
in the docker-compose devnet services to bind only intended user-facing ports to
127.0.0.1, and move container-only ports such as auth RPC, debug/admin, metrics,
and node ports to expose instead of ports; use the service definitions in
docker-compose-devnet.yml as the place to tighten this across the listed blocks.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8ace3f43-dea4-447d-9622-b33d103c1233

📥 Commits

Reviewing files that changed from the base of the PR and between 4654bd3 and 56f0468.

📒 Files selected for processing (56)

• Makefile
• ops/devnet-morph/devnet/__init__.py
• ops/devnet-morph/devnet/setup_nodes.py
• ops/docker-sequencer-test/Dockerfile.l2-geth-test
• ops/docker-sequencer-test/Dockerfile.l2-node-test
• ops/docker-sequencer-test/Dockerfile.tx-submitter-test
• ops/docker-sequencer-test/README.md
• ops/docker-sequencer-test/check-whitelist-test.sh
• ops/docker-sequencer-test/docker-compose.ha-override.yml
• ops/docker-sequencer-test/docker-compose.override.yml
• ops/docker-sequencer-test/docker-compose.reorg-test.override.yml
• ops/docker-sequencer-test/entrypoint-l2.sh
• ops/docker-sequencer-test/run-ha-test.sh
• ops/docker-sequencer-test/run-perf-test.sh
• ops/docker-sequencer-test/run-test.sh
• ops/docker-sequencer-test/scripts/tx-generator.sh
• ops/docker/Dockerfile.indexer
• ops/docker/Dockerfile.l1
• ops/docker/Dockerfile.l1-beacon
• ops/docker/Dockerfile.l2-node-1
• ops/docker/Dockerfile.l2-node-4
• ops/docker/Dockerfile.token-price-oracle
• ops/docker/Makefile.layer1
• ops/docker/consensus/config.yml
• ops/docker/docker-compose-4nodes.yml
• ops/docker/docker-compose-devnet.yml
• ops/docker/docker-compose-reth.yml
• ops/docker/entrypoint-l1.sh
• ops/docker/execution/genesis.json
• ops/docker/execution/jwtsecret
• ops/docker/execution/keystore/UTC--2024-02-05T07-24-26.460740423Z--ca062b0fd91172d89bcd4bb084ac4e21972cc467
• ops/docker/execution/password
• ops/docker/go-rust-builder.Dockerfile
• ops/docker/grafana/dashboards/dashboards.yml
• ops/docker/grafana/dashboards/json/morph-node.json
• ops/docker/grafana/datasources/prometheus.yml
• ops/docker/layer1/docker-compose.yml
• ops/docker/layer1/scripts/clean.sh
• ops/docker/layer1/scripts/start.sh
• ops/docker/node0/eth_acc_key.json
• ops/docker/node1/eth_acc_key.json
• ops/docker/node1/priv_validator_key.json
• ops/docker/node2/eth_acc_key.json
• ops/docker/node2/node_key.json
• ops/docker/node2/priv_validator_key.json
• ops/docker/node3/eth_acc_key.json
• ops/docker/node3/node_key.json
• ops/docker/node3/priv_validator_key.json
• ops/docker/node4/node_key.json
• ops/docker/node5/node_key.json
• ops/docker/nodekey2
• ops/docker/nodekey3
• ops/docker/prometheus/prometheus.yml
• ops/docker/static-nodes.json
• ops/docker/tendermint-devnet-genesis.json
• ops/docker/tendermint-setup.sh

💤 Files with no reviewable changes (47)

• ops/docker/execution/jwtsecret
• ops/docker/execution/password
• ops/docker-sequencer-test/Dockerfile.tx-submitter-test
• ops/docker-sequencer-test/docker-compose.reorg-test.override.yml
• ops/docker/nodekey2
• ops/docker/node3/node_key.json
• ops/docker/node3/priv_validator_key.json
• ops/docker/node4/node_key.json
• ops/docker/node2/node_key.json
• ops/docker/node5/node_key.json
• ops/docker/node2/priv_validator_key.json
• ops/docker/tendermint-setup.sh
• ops/docker/node3/eth_acc_key.json
• ops/docker/prometheus/prometheus.yml
• ops/docker/node1/eth_acc_key.json
• ops/docker-sequencer-test/entrypoint-l2.sh
• ops/docker-sequencer-test/README.md
• ops/docker/node0/eth_acc_key.json
• ops/docker/Dockerfile.l1
• ops/docker/consensus/config.yml
• ops/docker/node2/eth_acc_key.json
• ops/docker/grafana/datasources/prometheus.yml
• ops/docker/nodekey3
• ops/docker/grafana/dashboards/json/morph-node.json
• ops/docker-sequencer-test/docker-compose.override.yml
• ops/docker/layer1/docker-compose.yml
• ops/docker-sequencer-test/Dockerfile.l2-geth-test
• ops/docker/grafana/dashboards/dashboards.yml
• ops/docker/Dockerfile.token-price-oracle
• ops/docker/Dockerfile.l2-node-4
• ops/docker/execution/keystore/UTC--2024-02-05T07-24-26.460740423Z--ca062b0fd91172d89bcd4bb084ac4e21972cc467
• ops/docker-sequencer-test/docker-compose.ha-override.yml
• ops/docker-sequencer-test/Dockerfile.l2-node-test
• ops/docker-sequencer-test/check-whitelist-test.sh
• ops/docker/Dockerfile.indexer
• ops/docker/execution/genesis.json
• ops/docker/node1/priv_validator_key.json
• ops/docker/go-rust-builder.Dockerfile
• ops/docker/Dockerfile.l1-beacon
• ops/docker-sequencer-test/run-test.sh
• ops/docker/Dockerfile.l2-node-1
• ops/docker-sequencer-test/run-ha-test.sh
• ops/docker/docker-compose-reth.yml
• ops/docker-sequencer-test/scripts/tx-generator.sh
• ops/docker/docker-compose-4nodes.yml
• ops/docker/entrypoint-l1.sh
• ops/docker-sequencer-test/run-perf-test.sh

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ops/devnet-morph/devnet/setup_nodes.py`:
- Around line 83-86: The node setup in setup_nodes.py should fail fast when the
primary Tendermint key material is missing instead of continuing with mismatched
peer IDs. Update the logic around persistent_peers_value and the key-copy
fallback in the setup routine so that if the primary source directory or
validator key material for node0/node1/node2 is unavailable, the script raises
an error and stops rather than generating random keys or keeping hard-coded peer
IDs. Make the guard explicit in the code path that handles the source directory
fallback and the node0 validator key copy so the resulting configs always match
the persistent peer identities.

In `@ops/docker/docker-compose-cluster.yml`:
- Around line 9-14: The compose service definitions are publishing internal
RPC/auth/metrics/p2p ports on all host interfaces via the current ports
mappings. Update the affected service blocks in docker-compose-cluster.yml so
only intentional host access is bound to 127.0.0.1, and move internal-only
endpoints such as the auth/metrics/p2p ports from ports to expose. Apply the
same tightening to every repeated service section noted in the diff, using the
service port mappings in those blocks to keep the same internal connectivity
while preventing public exposure.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f7dffecd-ff71-4f29-bfd4-bdb7f90fdff0

📥 Commits

Reviewing files that changed from the base of the PR and between 56f0468 and 95120a0.

📒 Files selected for processing (12)

• Makefile
• ops/devnet-morph/devnet/__init__.py
• ops/devnet-morph/devnet/setup_nodes.py
• ops/devnet-morph/tests/test_devnet_config.py
• ops/docker/Dockerfile.l2-geth
• ops/docker/Dockerfile.l2-node
• ops/docker/docker-compose-cluster.yml
• ops/docker/docker-compose-devnet.yml
• ops/docker/docker-compose-reth.yml
• ops/docker/node2/node_key.json
• ops/docker/nodekey2
• ops/docker/static-nodes.json

✅ Files skipped from review due to trivial changes (3)

• ops/docker/nodekey2
• ops/docker/node2/node_key.json
• ops/docker/static-nodes.json

🚧 Files skipped from review as they are similar to previous changes (2)

• Makefile
• ops/devnet-morph/devnet/init.py

[coderabbitai]

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Fail fast when primary Tendermint key material is missing.

persistent_peers_value hard-codes node-0/node-1/node-2 IDs, but Line 131 silently keeps generated random keys if a primary source directory is absent. That leaves every config pointing at peer IDs that do not exist; node0 can also lose its validator key via the Line 134 fallback path.

🛠️ Proposed guard

     for node in node_dirs:
         source_dir = os.path.join(docker_dir, node)
         dest_dir = os.path.join(devnet_dir, node, "config")
+        primary_node = node in ("node0", "node1", "node2")
 
         if not os.path.isdir(dest_dir):
             print(f"Error: Missing destination directory for {node}. Exiting.")
             sys.exit(1)
 
-        if os.path.isdir(source_dir):
-            shutil.copyfile(os.path.join(source_dir, "node_key.json"), os.path.join(dest_dir, "node_key.json"))
+        node_key = os.path.join(source_dir, "node_key.json")
+        if primary_node and not os.path.isfile(node_key):
+            print(f"Error: Missing static node key for {node} at {node_key}. Exiting.")
+            sys.exit(1)
+        if os.path.isfile(node_key):
+            shutil.copyfile(node_key, os.path.join(dest_dir, "node_key.json"))
 
-        if node == "node0" and os.path.isdir(source_dir):
-            shutil.copyfile(os.path.join(source_dir, "priv_validator_key.json"), os.path.join(dest_dir, "priv_validator_key.json"))
+        validator_key = os.path.join(source_dir, "priv_validator_key.json")
+        if node == "node0":
+            if not os.path.isfile(validator_key):
+                print(f"Error: Missing validator key for node0 at {validator_key}. Exiting.")
+                sys.exit(1)
+            shutil.copyfile(validator_key, os.path.join(dest_dir, "priv_validator_key.json"))

Also applies to: 131-135

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ops/devnet-morph/devnet/setup_nodes.py` around lines 83 - 86, The node setup
in setup_nodes.py should fail fast when the primary Tendermint key material is
missing instead of continuing with mismatched peer IDs. Update the logic around
persistent_peers_value and the key-copy fallback in the setup routine so that if
the primary source directory or validator key material for node0/node1/node2 is
unavailable, the script raises an error and stops rather than generating random
keys or keeping hard-coded peer IDs. Make the guard explicit in the code path
that handles the source directory fallback and the node0 validator key copy so
the resulting configs always match the persistent peer identities.

[coderabbitai]

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Keep HA RPC, metrics, and consensus ports off public host interfaces.

These ports entries expose internal RPC/auth/metrics/p2p endpoints on all host interfaces; single-port entries also publish random host ports. Bind intentional host access to 127.0.0.1 and move internal-only ports to expose.

🛡️ Example tightening pattern

     ports:
-      - "9145:8545"
-      - "9146:8546"
-      - "8551"
-      - "6060"
-      - "30303"
+      - "127.0.0.1:9145:8545"
+      - "127.0.0.1:9146:8546"
+    expose:
+      - "8551"
+      - "6060"
+      - "30303"

     ports:
-      - "26656"
-      - "27657:26657"
-      - "26658"
-      - "26660"
-      - "9501:9401"
+      - "127.0.0.1:27657:26657"
+      - "127.0.0.1:9501:9401"
+    expose:
+      - "26656"
+      - "26658"
+      - "26660"

Also applies to: 34-39, 59-64, 86-91, 126-131, 166-171

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ops/docker/docker-compose-cluster.yml` around lines 9 - 14, The compose
service definitions are publishing internal RPC/auth/metrics/p2p ports on all
host interfaces via the current ports mappings. Update the affected service
blocks in docker-compose-cluster.yml so only intentional host access is bound to
127.0.0.1, and move internal-only endpoints such as the auth/metrics/p2p ports
from ports to expose. Apply the same tightening to every repeated service
section noted in the diff, using the service port mappings in those blocks to
keep the same internal connectivity while preventing public exposure.