merge next into merge-train/avm

Author: dbanks12

.claude/skills/merge-train-infra/SKILL.md

@@ -13,7 +13,7 @@ The merge-train system is fully automated via GitHub Actions in `.github/workflo
 
 1. **PR Creation** (`merge-train-create-pr.yml`): Triggered on push to `merge-train/*` branches. Creates a PR targeting `next` with the `ci-no-squash` label (and `ci-full-no-test-cache` for spartan). Skips merge commits and commits already in `next`.
 
-2. **Body Updates** (`merge-train-update-pr-body.yml`): Triggered on push to `merge-train/**`. Updates the PR body with meaningful commits (those containing PR references like `(#1234)`). The body uses `BEGIN_COMMIT_OVERRIDE` / `END_COMMIT_OVERRIDE` markers for release-please.
+2. **Body Updates** (`merge-train-update-pr-body.yml`): Triggered on push to `merge-train/**` and `backport-to-*-staging` branches. Updates the PR body with meaningful commits (those containing PR references like `(#1234)`). The body uses `BEGIN_COMMIT_OVERRIDE` / `END_COMMIT_OVERRIDE` markers for release-please. Backport staging PRs also call `update-pr-body.sh` inline from `scripts/backport_to_staging.sh` to handle the first-push case (where the PR doesn't exist yet when the workflow fires).
 
 3. **Next Integration** (`merge-train-next-to-branches.yml`): Triggered on push to `next`. Merges `next` into each active merge-train branch via `scripts/merge-train/merge-next.sh`. Uses `continue-on-error: true` so a conflict in one branch does not block others. Skips branches whose PR already has auto-merge enabled.
 
@@ -90,7 +90,7 @@ When a CI run fails on an EC2 instance, it calls `merge_train_failure_slack_noti
 | `.github/workflows/merge-train-auto-merge.yml` | Hourly cron to auto-merge inactive trains |
 | `.github/workflows/merge-train-next-to-branches.yml` | Syncs `next` into all train branches; defines active branches |
 | `.github/workflows/merge-train-recreate.yml` | Recreates branch after merge |
-| `.github/workflows/merge-train-update-pr-body.yml` | Updates PR body with commit list |
+| `.github/workflows/merge-train-update-pr-body.yml` | Updates PR body with commit list (merge-train and backport branches) |
 | `.github/workflows/merge-queue-dequeue-notify.yml` | Slack notification on merge-queue dequeue |
 | `.github/workflows/squashed-pr-check.yml` | Squash enforcement (skipped for `ci-no-squash`) |
 
@@ -103,6 +103,7 @@ When a CI run fails on an EC2 instance, it calls `merge_train_failure_slack_noti
 | `scripts/merge-train/update-pr-body.sh` | Updates PR body with meaningful commits |
 | `scripts/merge-train/squash-pr.sh` | Squashes PR commits (used by `ci-squash-and-merge` label) |
 | `scripts/merge-train/wakeup-prs.sh` | Adds `ci-wakeup-pr-after-merge` label to qualifying PRs after branch recreation |
+| `scripts/backport_to_staging.sh` | Cherry-picks a merged PR to a backport staging branch; creates/updates the backport PR |
 
 ### CI Configuration
 

.claude/skills/updating-changelog/SKILL.md

@@ -14,7 +14,7 @@ Read `.release-please-manifest.json` to get the version (e.g., `{"." : "4.0.0"}`
 **Target files:**
 
 - Aztec contract developers: `docs/docs-developers/docs/resources/migration_notes.md`
-- Node operators and Ethereum contract developers: `docs/docs-network/reference/changelog/v{major}.md`
+- Node operators and Ethereum contract developers: `docs/docs-operate/operators/reference/changelog/v{major}.md`
 
 ### 2. Analyze Branch Changes
 
@@ -60,7 +60,7 @@ Explanation of what changed.
 
 ## Node Operator Changelog Format
 
-**File:** `docs/docs-network/reference/changelog/v{major}.md`
+**File:** `docs/docs-operate/operators/reference/changelog/v{major}.md`
 
 **Breaking changes:**
 ````markdown

.github/ci3_labels_to_env.sh

@@ -86,6 +86,19 @@ function main {
     echo "SHOULD_UPLOAD_BENCHMARKS=1" >> $GITHUB_ENV
   fi
 
+  # Determine the branch label for benchmark publishing.
+  # Only merge-queue runs targeting "next" publish under "next" since those represent code about to land.
+  # Everything else (ci-full PRs, merge queues for other branches) publishes under "prs"
+  # to avoid polluting the main benchmark graphs.
+  local bench_branch
+  if [[ ("$ci_mode" == "merge-queue" || "$ci_mode" == "merge-queue-heavy") && "$target_branch" == "next" ]]; then
+    bench_branch="$target_branch"
+  else
+    bench_branch="prs"
+  fi
+  echo "BENCH_BRANCH=$bench_branch" >> $GITHUB_ENV
+  echo "Bench branch: $bench_branch"
+
   # Handle no-cache label
   if has_label "no-cache"; then
     echo "NO_CACHE=1" >> $GITHUB_ENV

.github/release-please-v4.json

@@ -0,0 +1,26 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "release-type": "simple",
+  "bump-minor-pre-major": true,
+  "bump-patch-for-minor-pre-major": true,
+  "group-pull-request-title-pattern": "chore(v4): Release ${version}",
+  "pull-request-header": "Pending Aztec Packages v4 release",
+  "versioning": "always-bump-patch",
+  "include-component-in-tag": false,
+  "release-search-depth": 50,
+  "commit-search-depth": 150,
+  "sequential-calls": true,
+  "changelog-sections": [
+    { "type": "feat", "section": "Features", "hidden": false },
+    { "type": "fix", "section": "Bug Fixes", "hidden": false },
+    { "type": "chore", "section": "Miscellaneous", "hidden": false },
+    { "type": "test", "section": "Miscellaneous", "hidden": false },
+    { "type": "refactor", "section": "Miscellaneous", "hidden": false },
+    { "type": "docs", "section": "Documentation", "hidden": false }
+  ],
+  "packages": {
+    ".": {
+      "release-type": "simple"
+    }
+  }
+}

.github/workflows/backport.yml

@@ -71,10 +71,12 @@ jobs:
         run: |
           TARGET_BRANCH="${{ steps.extract-branch.outputs.target_branch }}"
           STAGING_BRANCH="backport-to-${TARGET_BRANCH}-staging"
-          COMMIT_COUNT=$(gh pr view "${{ github.event.pull_request.number }}" --json commits --jq '.commits | length')
+          STAGING_PR=$(gh pr list --base "$TARGET_BRANCH" --head "$STAGING_BRANCH" --json number,url --jq '.[0]')
+          STAGING_PR_NUMBER=$(echo "$STAGING_PR" | jq -r '.number')
+          STAGING_PR_URL=$(echo "$STAGING_PR" | jq -r '.url')
 
           gh pr comment "${{ github.event.pull_request.number }}" --body \
-            "✅ Successfully cherry-picked $COMMIT_COUNT commit(s) to backport staging branch \`$STAGING_BRANCH\`."
+            "✅ Successfully backported to [$STAGING_BRANCH #$STAGING_PR_NUMBER]($STAGING_PR_URL)."
 
       - name: Comment on original PR (failure)
         if: steps.backport.outcome == 'failure'

.github/workflows/barretenberg-nightly-debug-build.yml

@@ -0,0 +1,48 @@
+name: Nightly Debug Build
+
+on:
+  schedule:
+    - cron: "0 5 * * *"
+  workflow_dispatch:
+
+concurrency:
+  group: nightly-debug-build-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  debug-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: next
+
+      - name: Run debug build
+        timeout-minutes: 120
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+          BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }}
+          RUN_ID: ${{ github.run_id }}
+        run: |
+          ./.github/ci3.sh barretenberg-debug
+
+      - name: Notify Slack on failure
+        if: failure() && github.event_name != 'workflow_dispatch'
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        run: |
+          if [ -n "${SLACK_BOT_TOKEN}" ]; then
+            read -r -d '' data <<EOF || true
+            {
+              "channel": "#honk-team",
+              "text": "Nightly debug build FAILED: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Run>"
+            }
+          EOF
+            curl -X POST https://slack.com/api/chat.postMessage \
+              -H "Authorization: Bearer $SLACK_BOT_TOKEN" \
+              -H "Content-type: application/json" \
+              --data "$data"
+          fi

.github/workflows/ci3.yml

@@ -79,6 +79,7 @@ jobs:
           DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
           DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
           # For automatic documentation updates via Claude Code
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
@@ -94,6 +95,7 @@ jobs:
           PR_COMMITS: ${{ github.event.pull_request.commits }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           GITHUB_REF_NAME: ${{ github.ref_name }}
+          GITHUB_ACTOR: ${{ github.actor }}
         # NOTE: $CI_MODE is set in the Determine CI Mode step.
         run: ./.github/ci3.sh $CI_MODE
 
@@ -115,7 +117,7 @@ jobs:
         uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29
         with: &ci_benchmark_args
           name: Aztec Benchmarks
-          benchmark-data-dir-path: "bench/${{ env.TARGET_BRANCH }}"
+          benchmark-data-dir-path: "bench/${{ env.BENCH_BRANCH }}"
           tool: "customSmallerIsBetter"
           output-file-path: ./bench-out/bench.json
           gh-repository: github.com/AztecProtocol/benchmark-page-data
@@ -137,9 +139,10 @@ jobs:
       fail-fast: false
       matrix:
         test_set: ["1", "2"]
-    # We run after a spartan release (from merge-train/spartan), or when the ci-network-scenario label is present in a PR.
+    # We either run after a release (tag starting with v), or when the ci-network-scenario label is present in a PR.
+    # We exclude ci-release-pr test tags (v0.0.1-commit.*) which are only for testing the release process.
     needs: ci
-    if: github.event.pull_request.head.repo.fork != true && github.event.pull_request.draft == false && ((startsWith(github.ref, 'refs/tags/v') && contains(github.ref_name, '-spartan.')) || contains(github.event.pull_request.labels.*.name, 'ci-network-scenario'))
+    if: github.event.pull_request.head.repo.fork != true && github.event.pull_request.draft == false && ((startsWith(github.ref, 'refs/tags/v') && !contains(github.ref_name, '-commit.')) || contains(github.event.pull_request.labels.*.name, 'ci-network-scenario'))
     steps:
       - name: Remove label (one-time use)
         if: github.event.pull_request && contains(github.event.pull_request.labels.*.name, 'ci-network-scenario')
@@ -186,8 +189,8 @@ jobs:
           ./.github/ci3.sh network-scenarios next-scenario "$namespace" "$docker_image" "${{ matrix.test_set }}"
 
       - name: Cleanup network resources
-        # Clean up if this is a CI label or spartan.
-        if: always() && (!startsWith(github.ref, 'refs/tags/v') || contains(github.ref_name, '-spartan.'))
+        # Clean up if this is a CI label or nightly.
+        if: always() && (!startsWith(github.ref, 'refs/tags/v') || contains(github.ref_name, '-nightly.'))
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -235,6 +238,103 @@ jobs:
               --data "$data"
           fi
 
+  # Spartan network benchmarks triggered on-demand from a PR label.
+  # Runs TPS and proving benchmarks in parallel, uploads results to a PR-specific
+  # path on the benchmark dashboard so nightly (bench/next) is never affected.
+  # One-time use: label is removed after the job runs.
+  ci-network-bench:
+    name: ${{ matrix.bench_type }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - bench_type: benchmark
+            ci3_cmd: network-bench
+            scenario: tps-scenario
+            namespace_suffix: bench
+            download_cmd: gh-spartan-bench
+            timeout: 300
+          - bench_type: proving-benchmark
+            ci3_cmd: network-proving-bench
+            scenario: prove-n-tps-fake
+            namespace_suffix: proving-bench
+            download_cmd: gh-spartan-proving-bench
+            timeout: 240
+    needs: ci
+    if: github.event.pull_request.head.repo.fork != true && github.event.pull_request.draft == false && contains(github.event.pull_request.labels.*.name, 'ci-network-bench') && (needs.ci.result == 'success' || needs.ci.result == 'skipped')
+    steps:
+      - name: Remove label (one-time use)
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: gh pr edit ${{ github.event.pull_request.number }} --remove-label ci-network-bench --repo ${{ github.repository }} || true
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+
+      - name: Run Network Benchmarks
+        timeout-minutes: ${{ matrix.timeout }}
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+          BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }}
+          GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
+          GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+          # For pushing docker images built from the PR
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          RUN_ID: ${{ github.run_id }}
+          AWS_SHUTDOWN_TIME: ${{ matrix.timeout }}
+          NO_SPOT: 1
+        run: |
+          namespace=pr-${{ github.event.pull_request.number }}-${{ matrix.namespace_suffix }}
+          echo "NAMESPACE=$namespace" >> $GITHUB_ENV
+          set -x
+          ./.github/ci3.sh ${{ matrix.ci3_cmd }} ${{ matrix.scenario }} "$namespace"
+
+      - name: Cleanup network resources
+        if: always()
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+          BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }}
+          GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
+          GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+          NO_SPOT: 1
+        run: ./.github/ci3.sh network-teardown ${{ matrix.scenario }} "${NAMESPACE}" || true
+
+      - name: Download benchmarks
+        if: always()
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        run: |
+          if ./ci.sh ${{ matrix.download_cmd }}; then
+            echo "ENABLE_DEPLOY_BENCH=1" >> $GITHUB_ENV
+          fi
+
+      - name: Upload benchmarks
+        if: always() && env.ENABLE_DEPLOY_BENCH == '1'
+        uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29
+        with:
+          name: Spartan
+          benchmark-data-dir-path: "bench/pr-${{ github.event.pull_request.number }}"
+          tool: "customSmallerIsBetter"
+          output-file-path: ./bench-out/bench.json
+          gh-repository: github.com/AztecProtocol/benchmark-page-data
+          github-token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+          auto-push: true
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+          alert-threshold: "120%"
+          comment-on-alert: false
+          fail-on-alert: false
+          max-items-in-chart: 100
+
   # KIND-based e2e tests that run on a local Kubernetes cluster.
   # One-time use: label is removed after the job runs.
   ci-network-kind:

.github/workflows/deploy-network.yml

@@ -149,7 +149,6 @@ jobs:
           NAMESPACE: ${{ inputs.namespace }}
           AZTEC_DOCKER_IMAGE: "aztecprotocol/aztec:${{ inputs.docker_image_tag || inputs.semver }}"
           CREATE_ROLLUP_CONTRACTS: ${{ inputs.deploy_contracts == true && 'true' || '' }}
-          USE_NETWORK_CONFIG: ${{ inputs.deploy_contracts == true && 'false' || '' }}
           PROVER_AGENT_DOCKER_IMAGE: "aztecprotocol/aztec-prover-agent:${{ inputs.docker_image_tag || inputs.semver }}"
         run: |
           echo "Deploying network: ${{ inputs.network }}"

.github/workflows/deploy-next-net.yml

@@ -1,6 +1,6 @@
-# Deploy next-net environment from merge-train/spartan
+# Deploy next-net environment
 # This workflow deploys the next-net environment with a specified version
-# Runs nightly with the latest spartan nightly tag, or can be manually triggered with any image
+# Runs nightly with the latest nightly tag, or can be manually triggered with any image
 name: Deploy Next Net
 
 on:
@@ -10,7 +10,7 @@ on:
   workflow_dispatch:
     inputs:
       image_tag:
-        description: 'Docker image tag (e.g., 2.3.4, 3.0.0-spartan.20251004-amd64, or leave empty for latest spartan nightly)'
+        description: 'Docker image tag (e.g., 2.3.4, 3.0.0-nightly.20251004-amd64, or leave empty for latest nightly)'
         required: false
         type: string
 
@@ -27,8 +27,6 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-        with:
-          ref: merge-train/spartan
 
       - name: Determine image tag
         id: determine_tag
@@ -38,22 +36,22 @@ jobs:
             TAG="${{ inputs.image_tag }}"
             echo "Using manually specified tag: $TAG"
 
-            # Extract semver (remove -amd64 suffix if present, remove -spartan.YYYYMMDD if present)
-            SEMVER=$(echo "$TAG" | sed 's/-amd64$//' | sed 's/-spartan\.[0-9]\{8\}//')
+            # Extract semver (remove -amd64 suffix if present, remove -nightly.YYYYMMDD if present)
+            SEMVER=$(echo "$TAG" | sed 's/-amd64$//' | sed 's/-nightly\.[0-9]\{8\}//')
           else
-            # Scheduled nightly run - get latest spartan nightly tag
+            # Scheduled nightly run - get latest nightly tag
             current_version=$(jq -r '."."' .release-please-manifest.json)
             echo "Current version: $current_version"
 
-            # Format the tag as: <current_version>-spartan.<YYYYMMDD>-amd64
-            nightly_tag="${current_version}-spartan.$(date -u +%Y%m%d)-amd64"
+            # Format the tag as: <current_version>-nightly.<YYYYMMDD>-amd64
+            nightly_tag="${current_version}-nightly.$(date -u +%Y%m%d)-amd64"
 
             # Check if the tag exists on docker hub
             TAGS=$(curl -s https://registry.hub.docker.com/v2/repositories/aztecprotocol/aztec/tags/$nightly_tag)
             if [[ "$TAGS" != *"not found"* ]]; then
               TAG="$nightly_tag"
               SEMVER="$current_version"
-              echo "Using spartan nightly tag: $TAG"
+              echo "Using nightly tag: $TAG"
             else
               echo "Error: Tag $nightly_tag not published to docker hub"
               exit 1
@@ -70,5 +68,5 @@ jobs:
       network: next-net
       semver: ${{ needs.get-image-tag.outputs.semver }}
       docker_image_tag: ${{ needs.get-image-tag.outputs.tag }}
-      ref: merge-train/spartan
+      ref: ${{ github.ref }}
     secrets: inherit