fix(node-update): never run hardhat compile on node hosts

[branarakic]

Why

Node updates routinely fail on small/ARM64 VPS because the auto-updater runs hardhat compile whenever a release touched .sol sources. The compile is the heaviest, most failure-prone step in the slot build (cold solc OOMs, hardhat-deploy quirks, the 1m54s "single biggest chunk of the shared build" already documented in ci.yml), and any failure aborts the entire slot swap.

Nothing on the runtime path actually needs hardhat: packages/chain/src/evm-adapter.ts loads contract ABIs from the committed packages/evm-module/abi/*.json via require(). So this PR treats those committed JSONs as the runtime contract surface and moves the freshness check to CI, where it runs once per PR on a beefy runner instead of once per node per update.

The auto-updater already had most of the right machinery (runtimeBuildCommandFromPackageJson -> pnpm build:runtime:packages excludes evm-module; DKG_SKIP_EVM_BUILD=1 short-circuit in maybe-compile.mjs; dkgBuild.releaseRuntimeBuildScript pointer). This PR completes that story by removing the only remaining path where a node host runs hardhat, and by patching the one place — install.sh — that was still doing the unfiltered pnpm build.

What

• install.sh — both blue-green slots switch from pnpm build to pnpm build:runtime. Mirrors what the auto-updater already picks via dkgBuild.releaseRuntimeBuildScript. Saves ~4 min on first install (~2 min × 2 slots).
• packages/cli/src/daemon/auto-update.ts — remove the conditional pnpm --filter @origintrail-official/dkg-evm-module build block and the now-unused shouldRebuildContracts helper. Replace with a comment documenting the new contract.
• packages/cli/src/config.ts — mark AutoUpdateBuildTimeouts.contracts as @deprecated. Field is preserved on the type so existing user configs don't fail to parse, but the value is no longer read.
• .github/workflows/ci.yml — add an abi-freshness job (TORNADO tier). Runs only when paths-filter reports contracts == true, executes pnpm --filter dkg-evm-module build, then git diff --exit-code -- packages/evm-module/abi/. On drift, fails with a copy-pasteable remediation message.
• packages/cli/test/auto-update.test.ts — drop the four shouldRebuildContracts-era tests (timeout honouring, fails-closed, hardhat-clean ordering, fetch-retry) and replace with one regression guard asserting the auto-updater never invokes any hardhat / evm-module command, even when the diff would have shown changed .sol files.
• RELEASE_PROCESS.md + packages/evm-module/README.md — document the new contract: contributors regenerate ABIs alongside .sol changes, CI enforces it, nodes never recompile.

Operational impact

• Node updates: zero hardhat invocations on the host. The slowest, most failure-prone step is gone. Updates that previously failed on resource-constrained nodes when contracts changed should now succeed.
• Releases: unchanged. release.yml and npm-continuous-publish.yml still run unfiltered pnpm build (they need contract artifacts to ship).
• CI lanes: unchanged for non-contract PRs (zero new cost). Contract-touching PRs get one extra ~1m job (abi-freshness) on top of the existing solidity lane.
• Contributors: if you change .sol, also commit regenerated ABIs in the same change. CI prints the exact remediation command on failure:
  ```
  pnpm --filter @origintrail-official/dkg-evm-module build
  git add packages/evm-module/abi/
  ```

Why CI freshness vs auto-commit

We deliberately picked the safer "fail the PR with a clear message" path over "auto-commit regenerated ABIs back to the PR". Auto-commit needs write permissions on PR branches (cross-fork PRs would silently skip), and a successful auto-commit on a malicious PR could land bytecode the human reviewer never looked at. Failing fast with an explicit remediation keeps the human in the loop.

Out of scope (follow-up PRs)

• Collapsing to a single ABI snapshot (packages/chain/abi/ vs packages/evm-module/abi/) — bigger refactor, deserves its own review.
• Pruning evm-module out of the runtime install graph entirely — depends on the snapshot collapse.
• Renaming build:packages per a comment on PR fix(build): include node ui in root build #412 — out of scope here.

Test plan

• `pnpm vitest run test/auto-update.test.ts` (cli): 73/73 passing.
• `pnpm vitest run test/migration.test.ts test/node-ui-static.test.ts` (cli): 38/38 passing.
• `DKG_SKIP_EVM_BUILD=1 pnpm build` at repo root: 20/20 turbo tasks OK.
• `bash -n install.sh`: clean.
• `.github/workflows/ci.yml` parses as YAML; new `abi-freshness` job is registered.
• CI on this PR — full matrix.
• Manual smoke: deliberately tweak a `.sol` file without regenerating ABIs and confirm `abi-freshness` fails with the expected remediation message.
• Manual smoke: end-to-end `dkg update` on a low-RAM test VM with a release that touches contracts; confirm no hardhat invocation in the slot logs.

Related

• Removes the failure surface that's been the recurring "update broke my node" report.
• Complementary to fix(build): include node ui in root build #412 (different surface — that PR fixes what `pnpm build` means at the root; this PR is about what nodes invoke). No conflict.

Made with Cursor

[github-actions]

🔴 Bug: This gate will not reliably catch ABI drift as written. @origintrail-official/dkg-evm-module's build script runs hardhat compile --config hardhat.node.config.ts, but the ABI exporter is only configured in hardhat.config.ts. That means this step can succeed without rewriting packages/evm-module/abi/*.json, so stale committed ABIs would still pass. Run Hardhat with the config that enables abiExporter, or add an explicit ABI-export step before diffing abi/.

[branarakic]

Good catch — confirmed the gate was a no-op. pnpm --filter dkg-evm-module build runs hardhat compile --config hardhat.node.config.ts, but hardhat-abi-exporter is only imported and configured in the default hardhat.config.ts (with runOnCompile: true). The node config never touches abi/, so the diff check was guaranteed to pass even with stale ABIs.

Fixed in 9234261 by switching the step to npx hardhat compile (no --config, picks up the abi-exporting default), expanding the cache key to include hardhat.config.ts, and updating the README + auto-update.ts comment + remediation message to point at the same command.

Verified locally:

• positive smoke: regenerate on clean main → no diff under abi/
• negative smoke: corrupt one ABI file → git diff --exit-code -- abi/ returns 1

[github-actions]

🔴 Bug: install.sh now assumes every target ref exposes build:runtime, but this script still supports arbitrary DKG_BRANCH/DKG_REPO values and already carries compatibility logic for older checkouts. Installing an older tag/branch that only has build will now fail on first install instead of falling back like the auto-updater does. Reuse the same runtime-build detection/fallback here (build:runtime -> build:runtime:packages -> build).

[branarakic]

Agreed — install.sh would regress for older DKG_BRANCH/DKG_REPO targets that predate build:runtime.

Fixed in 9234261 by adding runtime_build_script(), a small node helper (node is already required earlier in install.sh) that mirrors runtimeBuildCommandFromPackageJson from node-ui-static.ts exactly: honours dkgBuild.releaseRuntimeBuildScript first, then falls through build:runtime → build:runtime:packages → build. Validates the dkgBuild override against [A-Za-z0-9:_-]+ so a malicious package.json can't inject shell into pnpm run.

Smoke-tested all 6 fallback paths:

• current main → build:runtime:packages (via releaseRuntimeBuildScript)
• only build:runtime → picks it
• only build:runtime:packages → picks it
• legacy build only → falls all the way down
• malformed package.json → safe fallback to build
• unsafe dkgBuild override → ignored, falls through

[github-actions]

🔴 Bug: This new gate only runs when changes.outputs.contracts is true, but that filter does not include packages/evm-module/abi/**. Because the updater now trusts the committed ABI JSONs at runtime, a PR can modify abi/*.json directly and completely bypass this freshness check. Include abi/** in the contracts paths filter (or make this job self-detect ABI changes) so runtime ABI drift cannot merge unchecked.

[github-actions]

🟡 Issue: The command in this note will not regenerate packages/evm-module/abi/*.json. @origintrail-official/dkg-evm-module's build script compiles with hardhat.node.config.ts, which does not load hardhat-abi-exporter, so contributors following this release doc will do the wrong thing. Point the remediation here at cd packages/evm-module && npx hardhat compile instead.