all: change reflect.Ptr to reflect.Pointer (#35176 )

Since go 1.18 reflect has `reflect.Pointer` which replaces `reflect.Ptr`. Newer versions of `govet` will alert. See also: https://pkg.go.dev/reflect#pkg-constants
eth/catalyst: add testing_commitBlockV1 (#34995 )
2026-06-19 21:31:37 +00:00 · 2026-06-18 18:34:34 +02:00 · 2026-06-17 18:03:11 +02:00 · 2026-06-17 13:44:12 +08:00 · 2026-06-17 13:43:51 +08:00 · 2026-06-17 09:57:08 +08:00
550 changed files with 44757 additions and 26709 deletions
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@ -145,7 +145,7 @@ jobs:

  windows:
    name: Windows Build
-    runs-on: "win-11"
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

@ -155,24 +155,49 @@ jobs:
        go-version: 1.24
        cache: false

-    # Note: gcc.exe only works properly if the corresponding bin/ directory is
-    # contained in PATH.
+    - name: Install cross toolchain
+      run: |
+        apt-get update
+        apt-get -yq --no-install-suggests --no-install-recommends install \
+          gcc-mingw-w64-x86-64 gcc-mingw-w64-i686 nsis

    - name: "Build (amd64)"
-      shell: cmd
      run: |
-        set PATH=%GETH_MINGW%\bin;%PATH%
-        go run build/ci.go install -dlgo -arch amd64 -cc %GETH_MINGW%\bin\gcc.exe
+        go run build/ci.go install -dlgo -os windows -arch amd64 -cc x86_64-w64-mingw32-gcc
+
+    - name: "Create/upload archive (amd64)"
+      run: |
+        go run build/ci.go archive -os windows -arch amd64 -type zip -signer WINDOWS_SIGNING_KEY -upload gethstore/builds
      env:
-        GETH_MINGW: 'C:\msys64\mingw64'
+        WINDOWS_SIGNING_KEY: ${{ secrets.WINDOWS_SIGNING_KEY }}
+        AZURE_BLOBSTORE_TOKEN: ${{ secrets.AZURE_BLOBSTORE_TOKEN }}
+
+    - name: "Create/upload NSIS installer (amd64)"
+      run: |
+        go run build/ci.go nsis -arch amd64 -signer WINDOWS_SIGNING_KEY -upload gethstore/builds
+        rm -f build/bin/*
+      env:
+        WINDOWS_SIGNING_KEY: ${{ secrets.WINDOWS_SIGNING_KEY }}
+        AZURE_BLOBSTORE_TOKEN: ${{ secrets.AZURE_BLOBSTORE_TOKEN }}

    - name: "Build (386)"
-      shell: cmd
      run: |
-        set PATH=%GETH_MINGW%\bin;%PATH%
-        go run build/ci.go install -dlgo -arch 386 -cc %GETH_MINGW%\bin\gcc.exe
+        go run build/ci.go install -dlgo -os windows -arch 386 -cc i686-w64-mingw32-gcc
+
+    - name: "Create/upload archive (386)"
+      run: |
+        go run build/ci.go archive -os windows -arch 386 -type zip -signer WINDOWS_SIGNING_KEY -upload gethstore/builds
      env:
-        GETH_MINGW: 'C:\msys64\mingw32'
+        WINDOWS_SIGNING_KEY: ${{ secrets.WINDOWS_SIGNING_KEY }}
+        AZURE_BLOBSTORE_TOKEN: ${{ secrets.AZURE_BLOBSTORE_TOKEN }}
+
+    - name: "Create/upload NSIS installer (386)"
+      run: |
+        go run build/ci.go nsis -arch 386 -signer WINDOWS_SIGNING_KEY -upload gethstore/builds
+        rm -f build/bin/*
+      env:
+        WINDOWS_SIGNING_KEY: ${{ secrets.WINDOWS_SIGNING_KEY }}
+        AZURE_BLOBSTORE_TOKEN: ${{ secrets.AZURE_BLOBSTORE_TOKEN }}

  docker:
    name: Docker Image
--- a/.github/workflows/freebsd.yml
+++ b/.github/workflows/freebsd.yml
@ -0,0 +1,29 @@
+on:
+  push:
+    branches:
+      - freebsd-github-action
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: FreeBSD-build
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6
+      with:
+        submodules: false
+
+    - name: Test in FreeBSD
+      id: test
+      uses: vmactions/freebsd-vm@v1
+      with:
+        release: "15.0"
+        usesh: true
+        prepare: |
+          pkg install -y go
+        run: |
+          freebsd-version
+          uname -a
+          go version
+          go run ./build/ci.go test -p 8
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -7,6 +7,11 @@ on:
      - master
  workflow_dispatch:

+# Free runner capacity by cancelling superseded PR runs.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
 jobs:
  lint:
    name: Lint
@ -97,3 +102,44 @@ jobs:

      - name: Run tests
        run: go run build/ci.go test -p 8
+
+  windows:
+    name: Windows ${{ matrix.arch }}
+    needs: lint
+    runs-on: [self-hosted, windows, x64]
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: amd64
+            mingw: 'C:\msys64\mingw64'
+            test: true
+          - arch: '386'
+            mingw: 'C:\msys64\mingw32'
+            test: false
+    env:
+      GETH_MINGW: ${{ matrix.mingw }}
+      GETH_CC: ${{ matrix.mingw }}\bin\gcc.exe
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+          cache: false
+
+      - name: Build
+        shell: cmd
+        run: |
+          set PATH=%GETH_MINGW%\bin;%PATH%
+          go run build/ci.go install -arch ${{ matrix.arch }} -cc %GETH_CC%
+
+      - name: Run tests
+        if: matrix.test
+        shell: cmd
+        run: |
+          set PATH=%GETH_MINGW%\bin;%PATH%
+          go run build/ci.go test -arch ${{ matrix.arch }} -cc %GETH_CC% -short -p 8
--- a/README.md
+++ b/README.md
@ -38,7 +38,6 @@ directory.
 |  Command   | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
 | :--------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | **`geth`** | Our main Ethereum CLI client. It is the entry point into the Ethereum network (main-, test- or private net), capable of running as a full node (default), archive node (retaining all historical state) or a light node (retrieving data live). It can be used by other processes as a gateway into the Ethereum network via JSON RPC endpoints exposed on top of HTTP, WebSocket and/or IPC transports. `geth --help` and the [CLI page](https://geth.ethereum.org/docs/fundamentals/command-line-options) for command line options. |
-|   `clef`   | Stand-alone signing tool, which can be used as a backend signer for `geth`.                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
 |  `devp2p`  | Utilities to interact with nodes on the networking layer, without running a full blockchain.                                                                                                                                                                                                                                                                                                                                                                                                                                       |
 |  `abigen`  | Source code generator to convert Ethereum contract definitions into easy-to-use, compile-time type-safe Go packages. It operates on plain [Ethereum contract ABIs](https://docs.soliditylang.org/en/develop/abi-spec.html) with expanded functionality if the contract bytecode is also available. However, it also accepts Solidity source files, making development much more streamlined. Please see our [Native DApps](https://geth.ethereum.org/docs/developers/dapp-developer/native-bindings) page for details.                                  |
 |   `evm`    | Developer utility version of the EVM (Ethereum Virtual Machine) that is capable of running bytecode snippets within a configurable environment and execution mode. Its purpose is to allow isolated, fine-grained debugging of EVM opcodes (e.g. `evm --code 60ff60ff --debug run`).                                                                                                                                                                                                                                               |
--- a/SECURITY.md
+++ b/SECURITY.md
@ -11,7 +11,6 @@ Audit reports are published in the `docs` folder: https://github.com/ethereum/go
 | Scope | Date | Report Link |
 | ------- | ------- | ----------- |
 | `geth` | 20170425 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2017-04-25_Geth-audit_Truesec.pdf) |
-| `clef` | 20180914 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2018-09-14_Clef-audit_NCC.pdf) |
 | `Discv5` | 20191015 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2019-10-15_Discv5_audit_LeastAuthority.pdf) |
 | `Discv5` | 20200124 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2020-01-24_DiscV5_audit_Cure53.pdf) |

--- a/accounts/abi/abigen/source2.go.tpl
+++ b/accounts/abi/abigen/source2.go.tpl
@ -183,8 +183,11 @@ var (
 		// Solidity: {{.Original.String}}
 		func ({{ decapitalise $contract.Type}} *{{$contract.Type}}) Unpack{{.Normalized.Name}}Event(log *types.Log) (*{{$contract.Type}}{{.Normalized.Name}}, error) {
 			event := "{{.Original.Name}}"
-			if len(log.Topics) == 0 || log.Topics[0] != {{ decapitalise $contract.Type}}.abi.Events[event].ID {
-				return nil, errors.New("event signature mismatch")
+			if len(log.Topics) == 0 {
+				return nil, bind.ErrNoEventSignature
+			}
+			if log.Topics[0] != {{ decapitalise $contract.Type}}.abi.Events[event].ID {
+				return nil, bind.ErrEventSignatureMismatch
 			}
 			out := new({{$contract.Type}}{{.Normalized.Name}})
 			if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/crowdsale.go.txt
+++ b/accounts/abi/abigen/testdata/v2/crowdsale.go.txt
@ -360,8 +360,11 @@ func (CrowdsaleFundTransfer) ContractEventName() string {
 // Solidity: event FundTransfer(address backer, uint256 amount, bool isContribution)
 func (crowdsale *Crowdsale) UnpackFundTransferEvent(log *types.Log) (*CrowdsaleFundTransfer, error) {
 	event := "FundTransfer"
-	if len(log.Topics) == 0 || log.Topics[0] != crowdsale.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != crowdsale.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(CrowdsaleFundTransfer)
 	if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/dao.go.txt
+++ b/accounts/abi/abigen/testdata/v2/dao.go.txt
@ -606,8 +606,11 @@ func (DAOChangeOfRules) ContractEventName() string {
 // Solidity: event ChangeOfRules(uint256 minimumQuorum, uint256 debatingPeriodInMinutes, int256 majorityMargin)
 func (dAO *DAO) UnpackChangeOfRulesEvent(log *types.Log) (*DAOChangeOfRules, error) {
 	event := "ChangeOfRules"
-	if len(log.Topics) == 0 || log.Topics[0] != dAO.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != dAO.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(DAOChangeOfRules)
 	if len(log.Data) > 0 {
@ -648,8 +651,11 @@ func (DAOMembershipChanged) ContractEventName() string {
 // Solidity: event MembershipChanged(address member, bool isMember)
 func (dAO *DAO) UnpackMembershipChangedEvent(log *types.Log) (*DAOMembershipChanged, error) {
 	event := "MembershipChanged"
-	if len(log.Topics) == 0 || log.Topics[0] != dAO.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != dAO.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(DAOMembershipChanged)
 	if len(log.Data) > 0 {
@ -692,8 +698,11 @@ func (DAOProposalAdded) ContractEventName() string {
 // Solidity: event ProposalAdded(uint256 proposalID, address recipient, uint256 amount, string description)
 func (dAO *DAO) UnpackProposalAddedEvent(log *types.Log) (*DAOProposalAdded, error) {
 	event := "ProposalAdded"
-	if len(log.Topics) == 0 || log.Topics[0] != dAO.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != dAO.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(DAOProposalAdded)
 	if len(log.Data) > 0 {
@ -736,8 +745,11 @@ func (DAOProposalTallied) ContractEventName() string {
 // Solidity: event ProposalTallied(uint256 proposalID, int256 result, uint256 quorum, bool active)
 func (dAO *DAO) UnpackProposalTalliedEvent(log *types.Log) (*DAOProposalTallied, error) {
 	event := "ProposalTallied"
-	if len(log.Topics) == 0 || log.Topics[0] != dAO.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != dAO.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(DAOProposalTallied)
 	if len(log.Data) > 0 {
@ -780,8 +792,11 @@ func (DAOVoted) ContractEventName() string {
 // Solidity: event Voted(uint256 proposalID, bool position, address voter, string justification)
 func (dAO *DAO) UnpackVotedEvent(log *types.Log) (*DAOVoted, error) {
 	event := "Voted"
-	if len(log.Topics) == 0 || log.Topics[0] != dAO.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != dAO.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(DAOVoted)
 	if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/eventchecker.go.txt
+++ b/accounts/abi/abigen/testdata/v2/eventchecker.go.txt
@ -72,8 +72,11 @@ func (EventCheckerDynamic) ContractEventName() string {
 // Solidity: event dynamic(string indexed idxStr, bytes indexed idxDat, string str, bytes dat)
 func (eventChecker *EventChecker) UnpackDynamicEvent(log *types.Log) (*EventCheckerDynamic, error) {
 	event := "dynamic"
-	if len(log.Topics) == 0 || log.Topics[0] != eventChecker.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != eventChecker.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(EventCheckerDynamic)
 	if len(log.Data) > 0 {
@ -112,8 +115,11 @@ func (EventCheckerEmpty) ContractEventName() string {
 // Solidity: event empty()
 func (eventChecker *EventChecker) UnpackEmptyEvent(log *types.Log) (*EventCheckerEmpty, error) {
 	event := "empty"
-	if len(log.Topics) == 0 || log.Topics[0] != eventChecker.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != eventChecker.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(EventCheckerEmpty)
 	if len(log.Data) > 0 {
@ -154,8 +160,11 @@ func (EventCheckerIndexed) ContractEventName() string {
 // Solidity: event indexed(address indexed addr, int256 indexed num)
 func (eventChecker *EventChecker) UnpackIndexedEvent(log *types.Log) (*EventCheckerIndexed, error) {
 	event := "indexed"
-	if len(log.Topics) == 0 || log.Topics[0] != eventChecker.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != eventChecker.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(EventCheckerIndexed)
 	if len(log.Data) > 0 {
@ -196,8 +205,11 @@ func (EventCheckerMixed) ContractEventName() string {
 // Solidity: event mixed(address indexed addr, int256 num)
 func (eventChecker *EventChecker) UnpackMixedEvent(log *types.Log) (*EventCheckerMixed, error) {
 	event := "mixed"
-	if len(log.Topics) == 0 || log.Topics[0] != eventChecker.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != eventChecker.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(EventCheckerMixed)
 	if len(log.Data) > 0 {
@ -238,8 +250,11 @@ func (EventCheckerUnnamed) ContractEventName() string {
 // Solidity: event unnamed(uint256 indexed arg0, uint256 indexed arg1)
 func (eventChecker *EventChecker) UnpackUnnamedEvent(log *types.Log) (*EventCheckerUnnamed, error) {
 	event := "unnamed"
-	if len(log.Topics) == 0 || log.Topics[0] != eventChecker.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != eventChecker.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(EventCheckerUnnamed)
 	if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/nameconflict.go.txt
+++ b/accounts/abi/abigen/testdata/v2/nameconflict.go.txt
@ -134,8 +134,11 @@ func (NameConflictLog) ContractEventName() string {
 // Solidity: event log(int256 msg, int256 _msg)
 func (nameConflict *NameConflict) UnpackLogEvent(log *types.Log) (*NameConflictLog, error) {
 	event := "log"
-	if len(log.Topics) == 0 || log.Topics[0] != nameConflict.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != nameConflict.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(NameConflictLog)
 	if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/numericmethodname.go.txt
+++ b/accounts/abi/abigen/testdata/v2/numericmethodname.go.txt
@ -136,8 +136,11 @@ func (NumericMethodNameE1TestEvent) ContractEventName() string {
 // Solidity: event _1TestEvent(address _param)
 func (numericMethodName *NumericMethodName) UnpackE1TestEventEvent(log *types.Log) (*NumericMethodNameE1TestEvent, error) {
 	event := "_1TestEvent"
-	if len(log.Topics) == 0 || log.Topics[0] != numericMethodName.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != numericMethodName.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(NumericMethodNameE1TestEvent)
 	if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/overload.go.txt
+++ b/accounts/abi/abigen/testdata/v2/overload.go.txt
@ -114,8 +114,11 @@ func (OverloadBar) ContractEventName() string {
 // Solidity: event bar(uint256 i)
 func (overload *Overload) UnpackBarEvent(log *types.Log) (*OverloadBar, error) {
 	event := "bar"
-	if len(log.Topics) == 0 || log.Topics[0] != overload.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != overload.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(OverloadBar)
 	if len(log.Data) > 0 {
@ -156,8 +159,11 @@ func (OverloadBar0) ContractEventName() string {
 // Solidity: event bar(uint256 i, uint256 j)
 func (overload *Overload) UnpackBar0Event(log *types.Log) (*OverloadBar0, error) {
 	event := "bar0"
-	if len(log.Topics) == 0 || log.Topics[0] != overload.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != overload.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(OverloadBar0)
 	if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/token.go.txt
+++ b/accounts/abi/abigen/testdata/v2/token.go.txt
@ -386,8 +386,11 @@ func (TokenTransfer) ContractEventName() string {
 // Solidity: event Transfer(address indexed from, address indexed to, uint256 value)
 func (token *Token) UnpackTransferEvent(log *types.Log) (*TokenTransfer, error) {
 	event := "Transfer"
-	if len(log.Topics) == 0 || log.Topics[0] != token.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != token.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(TokenTransfer)
 	if len(log.Data) > 0 {
--- a/accounts/abi/abigen/testdata/v2/tuple.go.txt
+++ b/accounts/abi/abigen/testdata/v2/tuple.go.txt
@ -193,8 +193,11 @@ func (TupleTupleEvent) ContractEventName() string {
 // Solidity: event TupleEvent((uint256,uint256[],(uint256,uint256)[]) a, (uint256,uint256)[2][] b, (uint256,uint256)[][2] c, (uint256,uint256[],(uint256,uint256)[])[] d, uint256[] e)
 func (tuple *Tuple) UnpackTupleEventEvent(log *types.Log) (*TupleTupleEvent, error) {
 	event := "TupleEvent"
-	if len(log.Topics) == 0 || log.Topics[0] != tuple.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != tuple.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(TupleTupleEvent)
 	if len(log.Data) > 0 {
@ -234,8 +237,11 @@ func (TupleTupleEvent2) ContractEventName() string {
 // Solidity: event TupleEvent2((uint8,uint8)[] arg0)
 func (tuple *Tuple) UnpackTupleEvent2Event(log *types.Log) (*TupleTupleEvent2, error) {
 	event := "TupleEvent2"
-	if len(log.Topics) == 0 || log.Topics[0] != tuple.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != tuple.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(TupleTupleEvent2)
 	if len(log.Data) > 0 {
--- a/accounts/abi/argument.go
+++ b/accounts/abi/argument.go
@ -112,7 +112,7 @@ func (arguments Arguments) UnpackIntoMap(v map[string]any, data []byte) error {
 // Copy performs the operation go format -> provided struct.
 func (arguments Arguments) Copy(v any, values []any) error {
 	// make sure the passed value is arguments pointer
-	if reflect.Ptr != reflect.ValueOf(v).Kind() {
+	if reflect.Pointer != reflect.ValueOf(v).Kind() {
 		return fmt.Errorf("abi: Unpack(non-pointer %T)", v)
 	}
 	if len(values) == 0 {
@ -165,7 +165,7 @@ func (arguments Arguments) copyTuple(v any, marshalledValues []any) error {
 		}
 	case reflect.Slice, reflect.Array:
 		if value.Len() < len(marshalledValues) {
-			return fmt.Errorf("abi: insufficient number of arguments for unpack, want %d, got %d", len(arguments), value.Len())
+			return fmt.Errorf("abi: insufficient number of arguments for unpack, want %d, got %d", len(marshalledValues), value.Len())
 		}
 		for i := range nonIndexedArgs {
 			if err := set(value.Index(i), reflect.ValueOf(marshalledValues[i])); err != nil {
--- a/accounts/abi/bind/old.go
+++ b/accounts/abi/bind/old.go
@ -176,6 +176,13 @@ var (
 	// ErrNoCodeAfterDeploy is returned by WaitDeployed if contract creation leaves
 	// an empty contract behind.
 	ErrNoCodeAfterDeploy = bind2.ErrNoCodeAfterDeploy
+
+	// ErrNoEventSignature is returned when a log entry has no topics.
+	ErrNoEventSignature = bind2.ErrNoEventSignature
+
+	// ErrEventSignatureMismatch is returned when a log's topic[0] does not match
+	// the expected event signature.
+	ErrEventSignatureMismatch = bind2.ErrEventSignatureMismatch
 )

 // ContractCaller defines the methods needed to allow operating with a contract on a read
--- a/accounts/abi/bind/v2/base.go
+++ b/accounts/abi/bind/v2/base.go
@ -35,8 +35,8 @@ import (
 const basefeeWiggleMultiplier = 2

 var (
-	errNoEventSignature       = errors.New("no event signature")
-	errEventSignatureMismatch = errors.New("event signature mismatch")
+	ErrNoEventSignature       = errors.New("no event signature")
+	ErrEventSignatureMismatch = errors.New("event signature mismatch")
 )

 // SignerFn is a signer function callback when a contract requires a method to
@ -536,10 +536,10 @@ func (c *BoundContract) WatchLogs(opts *WatchOpts, name string, query ...[]any)
 func (c *BoundContract) UnpackLog(out any, event string, log types.Log) error {
 	// Anonymous events are not supported.
 	if len(log.Topics) == 0 {
-		return errNoEventSignature
+		return ErrNoEventSignature
 	}
 	if log.Topics[0] != c.abi.Events[event].ID {
-		return errEventSignatureMismatch
+		return ErrEventSignatureMismatch
 	}
 	if len(log.Data) > 0 {
 		if err := c.abi.UnpackIntoInterface(out, event, log.Data); err != nil {
@ -559,10 +559,10 @@ func (c *BoundContract) UnpackLog(out any, event string, log types.Log) error {
 func (c *BoundContract) UnpackLogIntoMap(out map[string]any, event string, log types.Log) error {
 	// Anonymous events are not supported.
 	if len(log.Topics) == 0 {
-		return errNoEventSignature
+		return ErrNoEventSignature
 	}
 	if log.Topics[0] != c.abi.Events[event].ID {
-		return errEventSignatureMismatch
+		return ErrEventSignatureMismatch
 	}
 	if len(log.Data) > 0 {
 		if err := c.abi.UnpackIntoMap(out, event, log.Data); err != nil {
--- a/accounts/abi/bind/v2/dep_tree_test.go
+++ b/accounts/abi/bind/v2/dep_tree_test.go
@ -329,7 +329,7 @@ func TestContractLinking(t *testing.T) {
 			map[rune]struct{}{},
 		},
 		// two contracts ('a' and 'f') share some dependencies.  contract 'a' is marked as an override.  expect that any of
-		// its depdencies that aren't shared with 'f' are not deployed.
+		// its dependencies that aren't shared with 'f' are not deployed.
 		linkTestCaseInput{map[rune][]rune{
 			'a': {'b', 'c', 'd', 'e'},
 			'f': {'g', 'c', 'd', 'h'}},
--- a/accounts/abi/bind/v2/internal/contracts/db/bindings.go
+++ b/accounts/abi/bind/v2/internal/contracts/db/bindings.go
@ -276,8 +276,11 @@ func (DBInsert) ContractEventName() string {
 // Solidity: event Insert(uint256 key, uint256 value, uint256 length)
 func (dB *DB) UnpackInsertEvent(log *types.Log) (*DBInsert, error) {
 	event := "Insert"
-	if len(log.Topics) == 0 || log.Topics[0] != dB.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != dB.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(DBInsert)
 	if len(log.Data) > 0 {
@ -318,8 +321,11 @@ func (DBKeyedInsert) ContractEventName() string {
 // Solidity: event KeyedInsert(uint256 indexed key, uint256 value)
 func (dB *DB) UnpackKeyedInsertEvent(log *types.Log) (*DBKeyedInsert, error) {
 	event := "KeyedInsert"
-	if len(log.Topics) == 0 || log.Topics[0] != dB.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != dB.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(DBKeyedInsert)
 	if len(log.Data) > 0 {
--- a/accounts/abi/bind/v2/internal/contracts/events/bindings.go
+++ b/accounts/abi/bind/v2/internal/contracts/events/bindings.go
@ -115,8 +115,11 @@ func (CBasic1) ContractEventName() string {
 // Solidity: event basic1(uint256 indexed id, uint256 data)
 func (c *C) UnpackBasic1Event(log *types.Log) (*CBasic1, error) {
 	event := "basic1"
-	if len(log.Topics) == 0 || log.Topics[0] != c.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != c.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(CBasic1)
 	if len(log.Data) > 0 {
@ -157,8 +160,11 @@ func (CBasic2) ContractEventName() string {
 // Solidity: event basic2(bool indexed flag, uint256 data)
 func (c *C) UnpackBasic2Event(log *types.Log) (*CBasic2, error) {
 	event := "basic2"
-	if len(log.Topics) == 0 || log.Topics[0] != c.abi.Events[event].ID {
-		return nil, errors.New("event signature mismatch")
+	if len(log.Topics) == 0 {
+		return nil, bind.ErrNoEventSignature
+	}
+	if log.Topics[0] != c.abi.Events[event].ID {
+		return nil, bind.ErrEventSignatureMismatch
 	}
 	out := new(CBasic2)
 	if len(log.Data) > 0 {
--- a/accounts/abi/bind/v2/lib_test.go
+++ b/accounts/abi/bind/v2/lib_test.go
@ -310,7 +310,7 @@ done:
 		t.Fatalf("expected e1Count of 2 from filter call.  got %d", e1Count)
 	}
 	if e2Count != 1 {
-		t.Fatalf("expected e2Count of 1 from filter call.  got %d", e1Count)
+		t.Fatalf("expected e2Count of 1 from filter call.  got %d", e2Count)
 	}
 }

@ -379,16 +379,16 @@ func TestEventUnpackEmptyTopics(t *testing.T) {
 		if err == nil {
 			t.Fatal("expected error when unpacking event with empty topics, got nil")
 		}
-		if err.Error() != "event signature mismatch" {
-			t.Fatalf("expected 'event signature mismatch' error, got: %v", err)
+		if err != bind.ErrNoEventSignature {
+			t.Fatalf("expected 'no event signature' error, got: %v", err)
 		}

 		_, err = c.UnpackBasic2Event(log)
 		if err == nil {
 			t.Fatal("expected error when unpacking event with empty topics, got nil")
 		}
-		if err.Error() != "event signature mismatch" {
-			t.Fatalf("expected 'event signature mismatch' error, got: %v", err)
+		if err != bind.ErrNoEventSignature {
+			t.Fatalf("expected 'no event signature' error, got: %v", err)
 		}
 	}
 }
--- a/accounts/abi/pack.go
+++ b/accounts/abi/pack.go
@ -39,7 +39,7 @@ func packElement(t Type, reflectValue reflect.Value) ([]byte, error) {
 	switch t.T {
 	case UintTy:
 		// make sure to not pack a negative value into a uint type.
-		if reflectValue.Kind() == reflect.Ptr {
+		if reflectValue.Kind() == reflect.Pointer {
 			val := new(big.Int).Set(reflectValue.Interface().(*big.Int))
 			if val.Sign() == -1 {
 				return nil, errInvalidSign
@ -86,7 +86,7 @@ func packNum(value reflect.Value) []byte {
 		return math.U256Bytes(new(big.Int).SetUint64(value.Uint()))
 	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
 		return math.U256Bytes(big.NewInt(value.Int()))
-	case reflect.Ptr:
+	case reflect.Pointer:
 		return math.U256Bytes(new(big.Int).Set(value.Interface().(*big.Int)))
 	default:
 		panic("abi: fatal error")
--- a/accounts/abi/reflect.go
+++ b/accounts/abi/reflect.go
@ -53,7 +53,7 @@ func ConvertType(in interface{}, proto interface{}) interface{} {
 // indirect recursively dereferences the value until it either gets the value
 // or finds a big.Int
 func indirect(v reflect.Value) reflect.Value {
-	if v.Kind() == reflect.Ptr && v.Elem().Type() != reflect.TypeFor[big.Int]() {
+	if v.Kind() == reflect.Pointer && v.Elem().Type() != reflect.TypeFor[big.Int]() {
 		return indirect(v.Elem())
 	}
 	return v
@ -102,9 +102,9 @@ func mustArrayToByteSlice(value reflect.Value) reflect.Value {
 func set(dst, src reflect.Value) error {
 	dstType, srcType := dst.Type(), src.Type()
 	switch {
-	case dstType.Kind() == reflect.Interface && dst.Elem().IsValid() && (dst.Elem().Type().Kind() == reflect.Ptr || dst.Elem().CanSet()):
+	case dstType.Kind() == reflect.Interface && dst.Elem().IsValid() && (dst.Elem().Type().Kind() == reflect.Pointer || dst.Elem().CanSet()):
 		return set(dst.Elem(), src)
-	case dstType.Kind() == reflect.Ptr && dstType.Elem() != reflect.TypeFor[big.Int]():
+	case dstType.Kind() == reflect.Pointer && dstType.Elem() != reflect.TypeFor[big.Int]():
 		return set(dst.Elem(), src)
 	case srcType.AssignableTo(dstType) && dst.CanSet():
 		dst.Set(src)
@ -138,7 +138,7 @@ func setSlice(dst, src reflect.Value) error {
 }

 func setArray(dst, src reflect.Value) error {
-	if src.Kind() == reflect.Ptr {
+	if src.Kind() == reflect.Pointer {
 		return set(dst, indirect(src))
 	}
 	array := reflect.New(dst.Type()).Elem()
--- a/accounts/abi/selector_parser.go
+++ b/accounts/abi/selector_parser.go
@ -75,8 +75,11 @@ func parseElementaryType(unescapedSelector string) (string, string, error) {
 			parsedType = parsedType + string(rest[0])
 			rest = rest[1:]
 		}
-		if len(rest) == 0 || rest[0] != ']' {
-			return "", "", fmt.Errorf("failed to parse array: expected ']', got %c", unescapedSelector[0])
+		if len(rest) == 0 {
+			return "", "", fmt.Errorf("failed to parse array: expected ']', got end of string")
+		}
+		if rest[0] != ']' {
+			return "", "", fmt.Errorf("failed to parse array: expected ']', got %c", rest[0])
 		}
 		parsedType = parsedType + string(rest[0])
 		rest = rest[1:]
--- a/accounts/abi/unpack.go
+++ b/accounts/abi/unpack.go
@ -154,7 +154,7 @@ func forEachUnpack(t Type, output []byte, start, size int) (interface{}, error)
 		return nil, fmt.Errorf("cannot marshal input to array, size is negative (%d)", size)
 	}
 	if start+32*size > len(output) {
-		return nil, fmt.Errorf("abi: cannot marshal into go array: offset %d would go over slice boundary (len=%d)", len(output), start+32*size)
+		return nil, fmt.Errorf("abi: cannot marshal into go array: offset %d would go over slice boundary (len=%d)", start+32*size, len(output))
 	}

 	// this value will become our slice or our array, depending on the type
--- a/accounts/abi/unpack_test.go
+++ b/accounts/abi/unpack_test.go
@ -910,7 +910,7 @@ func TestUnpackTuple(t *testing.T) {
 			},
 		},
 		FieldT: T{
-			big.NewInt(0), big.NewInt(1),
+			big.NewInt(0).SetBits([]big.Word{}), big.NewInt(1),
 		},
 		A: big.NewInt(1),
 	}
@ -919,7 +919,7 @@ func TestUnpackTuple(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	if reflect.DeepEqual(ret, expected) {
+	if !reflect.DeepEqual(ret, expected) {
 		t.Error("unexpected unpack value")
 	}
 }
--- a/accounts/keystore/account_cache_test.go
+++ b/accounts/keystore/account_cache_test.go
@ -68,18 +68,27 @@ func waitWatcherStart(ks *KeyStore) bool {

 func waitForAccounts(wantAccounts []accounts.Account, ks *KeyStore) error {
 	var list []accounts.Account
+	haveAccounts := false
+	haveChange := false
 	for t0 := time.Now(); time.Since(t0) < 5*time.Second; time.Sleep(100 * time.Millisecond) {
-		list = ks.Accounts()
-		if reflect.DeepEqual(list, wantAccounts) {
-			// ks should have also received change notifications
+		if !haveAccounts {
+			list = ks.Accounts()
+			haveAccounts = reflect.DeepEqual(list, wantAccounts)
+		}
+		if !haveChange {
 			select {
 			case <-ks.changes:
+				haveChange = true
 			default:
-				return errors.New("wasn't notified of new accounts")
 			}
+		}
+		if haveAccounts && haveChange {
 			return nil
 		}
 	}
+	if haveAccounts {
+		return errors.New("wasn't notified of new accounts")
+	}
 	return fmt.Errorf("\ngot  %v\nwant %v", list, wantAccounts)
 }

--- a/accounts/keystore/watch.go
+++ b/accounts/keystore/watch.go
@ -14,8 +14,8 @@
 // You should have received a copy of the GNU Lesser General Public License
 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

-//go:build (darwin && !ios && cgo) || freebsd || (linux && !arm64) || netbsd || solaris
-// +build darwin,!ios,cgo freebsd linux,!arm64 netbsd solaris
+//go:build (darwin && !ios && cgo) || freebsd || linux || netbsd || solaris
+// +build darwin,!ios,cgo freebsd linux netbsd solaris

 package keystore

--- a/accounts/keystore/watch_fallback.go
+++ b/accounts/keystore/watch_fallback.go
@ -14,8 +14,8 @@
 // You should have received a copy of the GNU Lesser General Public License
 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

-//go:build (darwin && !cgo) || ios || (linux && arm64) || windows || (!darwin && !freebsd && !linux && !netbsd && !solaris)
-// +build darwin,!cgo ios linux,arm64 windows !darwin,!freebsd,!linux,!netbsd,!solaris
+//go:build (darwin && !cgo) || ios || windows || (!darwin && !freebsd && !linux && !netbsd && !solaris)
+// +build darwin,!cgo ios windows !darwin,!freebsd,!linux,!netbsd,!solaris

 // This is the fallback implementation of directory watching.
 // It is used on unsupported platforms.
--- a/accounts/scwallet/hub.go
+++ b/accounts/scwallet/hub.go
@ -113,7 +113,7 @@ func (hub *Hub) readPairings() error {
 }

 func (hub *Hub) writePairings() error {
-	pairingFile, err := os.OpenFile(filepath.Join(hub.datadir, "smartcards.json"), os.O_RDWR|os.O_CREATE, 0755)
+	pairingFile, err := os.OpenFile(filepath.Join(hub.datadir, "smartcards.json"), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
 	if err != nil {
 		return err
 	}
@ -129,11 +129,8 @@ func (hub *Hub) writePairings() error {
 		return err
 	}

-	if _, err := pairingFile.Write(pairingData); err != nil {
-		return err
-	}
-
-	return nil
+	_, err = pairingFile.Write(pairingData)
+	return err
 }

 func (hub *Hub) pairing(wallet *Wallet) *smartcardPairing {
--- a/accounts/usbwallet/hub.go
+++ b/accounts/usbwallet/hub.go
@ -26,7 +26,7 @@ import (
 	"github.com/ethereum/go-ethereum/accounts"
 	"github.com/ethereum/go-ethereum/event"
 	"github.com/ethereum/go-ethereum/log"
-	"github.com/karalabe/hid"
+	"github.com/ethereum/hid"
 )

 // LedgerScheme is the protocol scheme prefixing account and wallet URLs.
--- a/accounts/usbwallet/ledger.go
+++ b/accounts/usbwallet/ledger.go
@ -110,6 +110,16 @@ func (w *ledgerDriver) offline() bool {
 	return w.version == [3]byte{0, 0, 0}
 }

+func ledgerVersionLessThan(version [3]byte, major, minor, patch byte) bool {
+	if version[0] != major {
+		return version[0] < major
+	}
+	if version[1] != minor {
+		return version[1] < minor
+	}
+	return version[2] < patch
+}
+
 // Open implements usbwallet.driver, attempting to initialize the connection to the
 // Ledger hardware wallet. The Ledger does not require a user passphrase, so that
 // parameter is silently discarded.
@ -166,7 +176,19 @@ func (w *ledgerDriver) SignTx(path accounts.DerivationPath, tx *types.Transactio
 		return common.Address{}, nil, accounts.ErrWalletClosed
 	}
 	// Ensure the wallet is capable of signing the given transaction
-	if chainID != nil && (w.version[0] < 1 || (w.version[0] == 1 && w.version[1] == 0 && w.version[2] < 3)) {
+	switch tx.Type() {
+	case types.AccessListTxType, types.DynamicFeeTxType:
+		if ledgerVersionLessThan(w.version, 1, 9, 0) {
+			//lint:ignore ST1005 brand name displayed on the console
+			return common.Address{}, nil, fmt.Errorf("Ledger version >= 1.9.0 required for EIP-2930/EIP-1559 signing (found version v%d.%d.%d)", w.version[0], w.version[1], w.version[2])
+		}
+	case types.SetCodeTxType:
+		if ledgerVersionLessThan(w.version, 1, 17, 0) {
+			//lint:ignore ST1005 brand name displayed on the console
+			return common.Address{}, nil, fmt.Errorf("Ledger version >= 1.17.0 required for EIP-7702 signing (found version v%d.%d.%d)", w.version[0], w.version[1], w.version[2])
+		}
+	}
+	if chainID != nil && ledgerVersionLessThan(w.version, 1, 0, 3) {
 		//lint:ignore ST1005 brand name displayed on the console
 		return common.Address{}, nil, fmt.Errorf("Ledger v%d.%d.%d doesn't support signing this transaction, please update to v1.0.3 at least", w.version[0], w.version[1], w.version[2])
 	}
@ -184,7 +206,7 @@ func (w *ledgerDriver) SignTypedMessage(path accounts.DerivationPath, domainHash
 		return nil, accounts.ErrWalletClosed
 	}
 	// Ensure the wallet is capable of signing the given transaction
-	if w.version[0] < 1 || (w.version[0] == 1 && w.version[1] < 5) {
+	if ledgerVersionLessThan(w.version, 1, 5, 0) {
 		//lint:ignore ST1005 brand name displayed on the console
 		return nil, fmt.Errorf("Ledger version >= 1.5.0 required for EIP-712 signing (found version v%d.%d.%d)", w.version[0], w.version[1], w.version[2])
 	}
@ -334,26 +356,41 @@ func (w *ledgerDriver) ledgerSign(derivationPath []uint32, tx *types.Transaction
 		err   error
 	)
 	if chainID == nil {
-		if txrlp, err = rlp.EncodeToBytes([]interface{}{tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data()}); err != nil {
+		if txrlp, err = rlp.EncodeToBytes([]any{tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data()}); err != nil {
 			return common.Address{}, nil, err
 		}
 	} else {
-		if tx.Type() == types.DynamicFeeTxType {
-			if txrlp, err = rlp.EncodeToBytes([]interface{}{chainID, tx.Nonce(), tx.GasTipCap(), tx.GasFeeCap(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList()}); err != nil {
+		switch tx.Type() {
+		case types.SetCodeTxType:
+			if txrlp, err = rlp.EncodeToBytes([]any{chainID, tx.Nonce(), tx.GasTipCap(), tx.GasFeeCap(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList(), tx.SetCodeAuthorizations()}); err != nil {
 				return common.Address{}, nil, err
 			}
 			// append type to transaction
 			txrlp = append([]byte{tx.Type()}, txrlp...)
-		} else if tx.Type() == types.AccessListTxType {
-			if txrlp, err = rlp.EncodeToBytes([]interface{}{chainID, tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList()}); err != nil {
+		case types.BlobTxType:
+			if txrlp, err = rlp.EncodeToBytes([]any{chainID, tx.Nonce(), tx.GasTipCap(), tx.GasFeeCap(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList(), tx.BlobGasFeeCap(), tx.BlobHashes()}); err != nil {
 				return common.Address{}, nil, err
 			}
 			// append type to transaction
 			txrlp = append([]byte{tx.Type()}, txrlp...)
-		} else if tx.Type() == types.LegacyTxType {
-			if txrlp, err = rlp.EncodeToBytes([]interface{}{tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), chainID, big.NewInt(0), big.NewInt(0)}); err != nil {
+		case types.DynamicFeeTxType:
+			if txrlp, err = rlp.EncodeToBytes([]any{chainID, tx.Nonce(), tx.GasTipCap(), tx.GasFeeCap(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList()}); err != nil {
 				return common.Address{}, nil, err
 			}
+			// append type to transaction
+			txrlp = append([]byte{tx.Type()}, txrlp...)
+		case types.AccessListTxType:
+			if txrlp, err = rlp.EncodeToBytes([]any{chainID, tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), tx.AccessList()}); err != nil {
+				return common.Address{}, nil, err
+			}
+			// append type to transaction
+			txrlp = append([]byte{tx.Type()}, txrlp...)
+		case types.LegacyTxType:
+			if txrlp, err = rlp.EncodeToBytes([]any{tx.Nonce(), tx.GasPrice(), tx.Gas(), tx.To(), tx.Value(), tx.Data(), chainID, big.NewInt(0), big.NewInt(0)}); err != nil {
+				return common.Address{}, nil, err
+			}
+		default:
+			return common.Address{}, nil, fmt.Errorf("unsupported transaction type: %d", tx.Type())
 		}
 	}
 	payload := append(path, txrlp...)
--- a/accounts/usbwallet/wallet.go
+++ b/accounts/usbwallet/wallet.go
@ -31,7 +31,7 @@ import (
 	"github.com/ethereum/go-ethereum/core/types"
 	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/ethereum/go-ethereum/log"
-	"github.com/karalabe/hid"
+	"github.com/ethereum/hid"
 )

 // Maximum time between wallet health checks to detect USB unplugs.
--- a/appveyor.yml
+++ b/appveyor.yml
@ -1,39 +0,0 @@
-clone_depth: 5
-version: "{branch}.{build}"
-
-image:
-  - Visual Studio 2019
-
-environment:
-  matrix:
-    - GETH_ARCH: amd64
-      GETH_MINGW: 'C:\msys64\mingw64'
-    - GETH_ARCH: 386
-      GETH_MINGW: 'C:\msys64\mingw32'
-
-install:
-  - git submodule update --init --depth 1 --recursive
-  - go version
-
-for:
-  # Windows builds for amd64 + 386.
-  - matrix:
-      only:
-        - image: Visual Studio 2019
-    environment:
-      # We use gcc from MSYS2 because it is the most recent compiler version available on
-      # AppVeyor. Note: gcc.exe only works properly if the corresponding bin/ directory is
-      # contained in PATH.
-      GETH_CC: '%GETH_MINGW%\bin\gcc.exe'
-      PATH: '%GETH_MINGW%\bin;C:\Program Files (x86)\NSIS\;%PATH%'
-    build_script:
-      - 'echo %GETH_ARCH%'
-      - 'echo %GETH_CC%'
-      - '%GETH_CC% --version'
-      - go run build/ci.go install -dlgo -arch %GETH_ARCH% -cc %GETH_CC%
-    after_build:
-      # Upload builds. Note that ci.go makes this a no-op PR builds.
-      - go run build/ci.go archive -arch %GETH_ARCH% -type zip -signer WINDOWS_SIGNING_KEY -upload gethstore/builds
-      - go run build/ci.go nsis -arch %GETH_ARCH% -signer WINDOWS_SIGNING_KEY -upload gethstore/builds
-    test_script:
-      - go run build/ci.go test -dlgo -arch %GETH_ARCH% -cc %GETH_CC% -short
--- a/beacon/engine/bapl_encode.go
+++ b/beacon/engine/bapl_encode.go
@ -0,0 +1,75 @@
+// Copyright 2026 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package engine
+
+import (
+	"github.com/fjl/jsonw"
+)
+
+// MarshalJSON implements json.Marshaler.
+func (list BlobAndProofListV1) MarshalJSON() ([]byte, error) {
+	if list == nil {
+		return []byte("null"), nil
+	}
+	var b jsonw.Buffer
+	b.Array(func() {
+		for _, item := range list {
+			marshalBlobAndProofV1(&b, item)
+		}
+	})
+	return b.Output(), nil
+}
+
+func marshalBlobAndProofV1(b *jsonw.Buffer, item *BlobAndProofV1) {
+	if item == nil {
+		b.Null()
+	} else {
+		b.Object(func() {
+			b.Key("blob")
+			b.HexBytes(item.Blob)
+			b.Key("proof")
+			b.HexBytes(item.Proof)
+		})
+	}
+}
+
+// MarshalJSON implements json.Marshaler.
+func (list BlobAndProofListV2) MarshalJSON() ([]byte, error) {
+	if list == nil {
+		return []byte("null"), nil
+	}
+	var b jsonw.Buffer
+	b.Array(func() {
+		for _, item := range list {
+			marshalBlobAndProofV2(&b, item)
+		}
+	})
+	return b.Output(), nil
+}
+
+func marshalBlobAndProofV2(b *jsonw.Buffer, item *BlobAndProofV2) {
+	if item == nil {
+		b.Null()
+	} else {
+		b.Object(func() {
+			b.Key("blob")
+			b.HexBytes(item.Blob)
+			b.Key("proofs")
+			appendHexBytesArray(b, item.CellProofs)
+		})
+	}
+}
--- a/beacon/engine/ed_codec.go
+++ b/beacon/engine/ed_codec.go
@ -10,6 +10,7 @@ import (
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/core/types/bal"
 )

 var _ = (*executableDataMarshaling)(nil)
@ -17,24 +18,25 @@ var _ = (*executableDataMarshaling)(nil)
 // MarshalJSON marshals as JSON.
 func (e ExecutableData) MarshalJSON() ([]byte, error) {
 	type ExecutableData struct {
-		ParentHash    common.Hash         `json:"parentHash"    gencodec:"required"`
-		FeeRecipient  common.Address      `json:"feeRecipient"  gencodec:"required"`
-		StateRoot     common.Hash         `json:"stateRoot"     gencodec:"required"`
-		ReceiptsRoot  common.Hash         `json:"receiptsRoot"  gencodec:"required"`
-		LogsBloom     hexutil.Bytes       `json:"logsBloom"     gencodec:"required"`
-		Random        common.Hash         `json:"prevRandao"    gencodec:"required"`
-		Number        hexutil.Uint64      `json:"blockNumber"   gencodec:"required"`
-		GasLimit      hexutil.Uint64      `json:"gasLimit"      gencodec:"required"`
-		GasUsed       hexutil.Uint64      `json:"gasUsed"       gencodec:"required"`
-		Timestamp     hexutil.Uint64      `json:"timestamp"     gencodec:"required"`
-		ExtraData     hexutil.Bytes       `json:"extraData"     gencodec:"required"`
-		BaseFeePerGas *hexutil.Big        `json:"baseFeePerGas" gencodec:"required"`
-		BlockHash     common.Hash         `json:"blockHash"     gencodec:"required"`
-		Transactions  []hexutil.Bytes     `json:"transactions"  gencodec:"required"`
-		Withdrawals   []*types.Withdrawal `json:"withdrawals"`
-		BlobGasUsed   *hexutil.Uint64     `json:"blobGasUsed"`
-		ExcessBlobGas *hexutil.Uint64     `json:"excessBlobGas"`
-		SlotNumber    *hexutil.Uint64     `json:"slotNumber"`
+		ParentHash      common.Hash          `json:"parentHash"    gencodec:"required"`
+		FeeRecipient    common.Address       `json:"feeRecipient"  gencodec:"required"`
+		StateRoot       common.Hash          `json:"stateRoot"     gencodec:"required"`
+		ReceiptsRoot    common.Hash          `json:"receiptsRoot"  gencodec:"required"`
+		LogsBloom       hexutil.Bytes        `json:"logsBloom"     gencodec:"required"`
+		Random          common.Hash          `json:"prevRandao"    gencodec:"required"`
+		Number          hexutil.Uint64       `json:"blockNumber"   gencodec:"required"`
+		GasLimit        hexutil.Uint64       `json:"gasLimit"      gencodec:"required"`
+		GasUsed         hexutil.Uint64       `json:"gasUsed"       gencodec:"required"`
+		Timestamp       hexutil.Uint64       `json:"timestamp"     gencodec:"required"`
+		ExtraData       hexutil.Bytes        `json:"extraData"     gencodec:"required"`
+		BaseFeePerGas   *hexutil.Big         `json:"baseFeePerGas" gencodec:"required"`
+		BlockHash       common.Hash          `json:"blockHash"     gencodec:"required"`
+		Transactions    []hexutil.Bytes      `json:"transactions"  gencodec:"required"`
+		Withdrawals     []*types.Withdrawal  `json:"withdrawals"`
+		BlobGasUsed     *hexutil.Uint64      `json:"blobGasUsed"`
+		ExcessBlobGas   *hexutil.Uint64      `json:"excessBlobGas"`
+		SlotNumber      *hexutil.Uint64      `json:"slotNumber,omitempty"`
+		BlockAccessList *bal.BlockAccessList `json:"blockAccessList,omitempty"`
 	}
 	var enc ExecutableData
 	enc.ParentHash = e.ParentHash
@ -60,30 +62,32 @@ func (e ExecutableData) MarshalJSON() ([]byte, error) {
 	enc.BlobGasUsed = (*hexutil.Uint64)(e.BlobGasUsed)
 	enc.ExcessBlobGas = (*hexutil.Uint64)(e.ExcessBlobGas)
 	enc.SlotNumber = (*hexutil.Uint64)(e.SlotNumber)
+	enc.BlockAccessList = e.BlockAccessList
 	return json.Marshal(&enc)
 }

 // UnmarshalJSON unmarshals from JSON.
 func (e *ExecutableData) UnmarshalJSON(input []byte) error {
 	type ExecutableData struct {
-		ParentHash    *common.Hash        `json:"parentHash"    gencodec:"required"`
-		FeeRecipient  *common.Address     `json:"feeRecipient"  gencodec:"required"`
-		StateRoot     *common.Hash        `json:"stateRoot"     gencodec:"required"`
-		ReceiptsRoot  *common.Hash        `json:"receiptsRoot"  gencodec:"required"`
-		LogsBloom     *hexutil.Bytes      `json:"logsBloom"     gencodec:"required"`
-		Random        *common.Hash        `json:"prevRandao"    gencodec:"required"`
-		Number        *hexutil.Uint64     `json:"blockNumber"   gencodec:"required"`
-		GasLimit      *hexutil.Uint64     `json:"gasLimit"      gencodec:"required"`
-		GasUsed       *hexutil.Uint64     `json:"gasUsed"       gencodec:"required"`
-		Timestamp     *hexutil.Uint64     `json:"timestamp"     gencodec:"required"`
-		ExtraData     *hexutil.Bytes      `json:"extraData"     gencodec:"required"`
-		BaseFeePerGas *hexutil.Big        `json:"baseFeePerGas" gencodec:"required"`
-		BlockHash     *common.Hash        `json:"blockHash"     gencodec:"required"`
-		Transactions  []hexutil.Bytes     `json:"transactions"  gencodec:"required"`
-		Withdrawals   []*types.Withdrawal `json:"withdrawals"`
-		BlobGasUsed   *hexutil.Uint64     `json:"blobGasUsed"`
-		ExcessBlobGas *hexutil.Uint64     `json:"excessBlobGas"`
-		SlotNumber    *hexutil.Uint64     `json:"slotNumber"`
+		ParentHash      *common.Hash         `json:"parentHash"    gencodec:"required"`
+		FeeRecipient    *common.Address      `json:"feeRecipient"  gencodec:"required"`
+		StateRoot       *common.Hash         `json:"stateRoot"     gencodec:"required"`
+		ReceiptsRoot    *common.Hash         `json:"receiptsRoot"  gencodec:"required"`
+		LogsBloom       *hexutil.Bytes       `json:"logsBloom"     gencodec:"required"`
+		Random          *common.Hash         `json:"prevRandao"    gencodec:"required"`
+		Number          *hexutil.Uint64      `json:"blockNumber"   gencodec:"required"`
+		GasLimit        *hexutil.Uint64      `json:"gasLimit"      gencodec:"required"`
+		GasUsed         *hexutil.Uint64      `json:"gasUsed"       gencodec:"required"`
+		Timestamp       *hexutil.Uint64      `json:"timestamp"     gencodec:"required"`
+		ExtraData       *hexutil.Bytes       `json:"extraData"     gencodec:"required"`
+		BaseFeePerGas   *hexutil.Big         `json:"baseFeePerGas" gencodec:"required"`
+		BlockHash       *common.Hash         `json:"blockHash"     gencodec:"required"`
+		Transactions    []hexutil.Bytes      `json:"transactions"  gencodec:"required"`
+		Withdrawals     []*types.Withdrawal  `json:"withdrawals"`
+		BlobGasUsed     *hexutil.Uint64      `json:"blobGasUsed"`
+		ExcessBlobGas   *hexutil.Uint64      `json:"excessBlobGas"`
+		SlotNumber      *hexutil.Uint64      `json:"slotNumber,omitempty"`
+		BlockAccessList *bal.BlockAccessList `json:"blockAccessList,omitempty"`
 	}
 	var dec ExecutableData
 	if err := json.Unmarshal(input, &dec); err != nil {
@ -160,5 +164,8 @@ func (e *ExecutableData) UnmarshalJSON(input []byte) error {
 	if dec.SlotNumber != nil {
 		e.SlotNumber = (*uint64)(dec.SlotNumber)
 	}
+	if dec.BlockAccessList != nil {
+		e.BlockAccessList = dec.BlockAccessList
+	}
 	return nil
 }
--- a/beacon/engine/epe_decode.go
+++ b/beacon/engine/epe_decode.go
@ -12,31 +12,6 @@ import (

 var _ = (*executionPayloadEnvelopeMarshaling)(nil)

-// MarshalJSON marshals as JSON.
-func (e ExecutionPayloadEnvelope) MarshalJSON() ([]byte, error) {
-	type ExecutionPayloadEnvelope struct {
-		ExecutionPayload *ExecutableData `json:"executionPayload"  gencodec:"required"`
-		BlockValue       *hexutil.Big    `json:"blockValue"  gencodec:"required"`
-		BlobsBundle      *BlobsBundle    `json:"blobsBundle"`
-		Requests         []hexutil.Bytes `json:"executionRequests"`
-		Override         bool            `json:"shouldOverrideBuilder"`
-		Witness          *hexutil.Bytes  `json:"witness,omitempty"`
-	}
-	var enc ExecutionPayloadEnvelope
-	enc.ExecutionPayload = e.ExecutionPayload
-	enc.BlockValue = (*hexutil.Big)(e.BlockValue)
-	enc.BlobsBundle = e.BlobsBundle
-	if e.Requests != nil {
-		enc.Requests = make([]hexutil.Bytes, len(e.Requests))
-		for k, v := range e.Requests {
-			enc.Requests[k] = v
-		}
-	}
-	enc.Override = e.Override
-	enc.Witness = e.Witness
-	return json.Marshal(&enc)
-}
-
 // UnmarshalJSON unmarshals from JSON.
 func (e *ExecutionPayloadEnvelope) UnmarshalJSON(input []byte) error {
 	type ExecutionPayloadEnvelope struct {
--- a/beacon/engine/epe_encode.go
+++ b/beacon/engine/epe_encode.go
@ -0,0 +1,102 @@
+// Copyright 2026 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package engine
+
+import (
+	"encoding/json"
+	"errors"
+
+	"github.com/fjl/jsonw"
+)
+
+// marshalBlobsBundle writes BlobsBundle as JSON and appends it to buf.
+func marshalBlobsBundle(b *jsonw.Buffer, bundle *BlobsBundle) {
+	if bundle == nil {
+		b.Null()
+		return
+	}
+	b.Object(func() {
+		b.Key("commitments")
+		appendHexBytesArray(b, bundle.Commitments)
+		b.Key("proofs")
+		appendHexBytesArray(b, bundle.Proofs)
+		b.Key("blobs")
+		appendHexBytesArray(b, bundle.Blobs)
+	})
+}
+
+// MarshalJSON implements json.Marshaler.
+func (e ExecutionPayloadEnvelope) MarshalJSON() ([]byte, error) {
+	if e.ExecutionPayload == nil {
+		return nil, errors.New("missing required field 'executionPayload' for ExecutionPayloadEnvelope")
+	}
+
+	// Pre-marshal the execution payload using its gencodec MarshalJSON.
+	payload, err := e.ExecutionPayload.MarshalJSON()
+	if err != nil {
+		return nil, err
+	}
+	// Pre-marshal the witness.
+	var witness []byte
+	if e.Witness != nil {
+		witness, err = json.Marshal(e.Witness)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Write the execution payload to the buffer
+	var b jsonw.Buffer
+	b.Object(func() {
+		b.Key("executionPayload")
+		b.RawValue(payload)
+
+		b.Key("blockValue")
+		if e.BlockValue != nil {
+			b.HexBigInt(e.BlockValue)
+		} else {
+			b.Null()
+		}
+
+		b.Key("blobsBundle")
+		marshalBlobsBundle(&b, e.BlobsBundle)
+
+		b.Key("executionRequests")
+		if e.Requests == nil {
+			b.Null()
+		} else {
+			appendHexBytesArray(&b, e.Requests)
+		}
+
+		b.Key("shouldOverrideBuilder")
+		b.Bool(e.Override)
+
+		if e.Witness != nil {
+			b.Key("witness")
+			b.RawValue(witness)
+		}
+	})
+	return b.Output(), nil
+}
+
+func appendHexBytesArray[T ~[]byte](b *jsonw.Buffer, slice []T) {
+	b.Array(func() {
+		for _, elem := range slice {
+			b.HexBytes(elem)
+		}
+	})
+}
--- a/beacon/engine/epe_test.go
+++ b/beacon/engine/epe_test.go
@ -0,0 +1,128 @@
+// Copyright 2026 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package engine
+
+import (
+	"bytes"
+	"encoding/json"
+	"math/big"
+	"reflect"
+	"testing"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/common/hexutil"
+)
+
+func makeTestPayload() *ExecutableData {
+	return &ExecutableData{
+		ParentHash:    common.HexToHash("0x01"),
+		FeeRecipient:  common.HexToAddress("0x02"),
+		StateRoot:     common.HexToHash("0x03"),
+		ReceiptsRoot:  common.HexToHash("0x04"),
+		LogsBloom:     make([]byte, 256),
+		Random:        common.HexToHash("0x05"),
+		Number:        100,
+		GasLimit:      1000000,
+		GasUsed:       500000,
+		Timestamp:     1234567890,
+		ExtraData:     []byte("extra"),
+		BaseFeePerGas: big.NewInt(7),
+		BlockHash:     common.HexToHash("0x08"),
+		Transactions:  [][]byte{{0xaa, 0xbb}},
+	}
+}
+
+func TestMarshalJSONRoundtrip(t *testing.T) {
+	witness := hexutil.Bytes{0xde, 0xad}
+	original := ExecutionPayloadEnvelope{
+		ExecutionPayload: makeTestPayload(),
+		BlockValue:       big.NewInt(12345),
+		BlobsBundle: &BlobsBundle{
+			Commitments: []hexutil.Bytes{{0x01, 0x02}},
+			Proofs:      []hexutil.Bytes{{0x03, 0x04}},
+			Blobs:       []hexutil.Bytes{{0x05, 0x06}},
+		},
+		Requests: [][]byte{{0xaa}, {0xbb, 0xcc}},
+		Override: true,
+		Witness:  &witness,
+	}
+
+	data, err := original.MarshalJSON()
+	if err != nil {
+		t.Fatalf("MarshalJSON error: %v", err)
+	}
+
+	var decoded ExecutionPayloadEnvelope
+	if err := json.Unmarshal(data, &decoded); err != nil {
+		t.Fatalf("UnmarshalJSON error: %v", err)
+	}
+
+	if decoded.ExecutionPayload.Number != original.ExecutionPayload.Number {
+		t.Error("ExecutionPayload.Number mismatch")
+	}
+	if decoded.BlockValue.Cmp(original.BlockValue) != 0 {
+		t.Errorf("BlockValue mismatch: got %v, want %v", decoded.BlockValue, original.BlockValue)
+	}
+	if len(decoded.BlobsBundle.Blobs) != len(original.BlobsBundle.Blobs) {
+		t.Error("BlobsBundle.Blobs length mismatch")
+	}
+	if len(decoded.Requests) != len(original.Requests) {
+		t.Error("Requests length mismatch")
+	}
+	if decoded.Override != original.Override {
+		t.Error("Override mismatch")
+	}
+	if !bytes.Equal(*decoded.Witness, *original.Witness) {
+		t.Error("Witness mismatch")
+	}
+}
+
+func TestMarshalJSONNilPayload(t *testing.T) {
+	env := ExecutionPayloadEnvelope{
+		ExecutionPayload: nil,
+		BlockValue:       big.NewInt(1),
+	}
+	_, err := env.MarshalJSON()
+	if err == nil {
+		t.Fatal("expected error for nil ExecutionPayload")
+	}
+}
+
+// TestExecutionPayloadEnvelopeFieldCoverage guards against structural drift.
+// If a field is added to or removed from ExecutionPayloadEnvelope, this test
+// fails, reminding the developer to update MarshalJSON in marshal_epe.go.
+func TestExecutionPayloadEnvelopeFieldCoverage(t *testing.T) {
+	expected := []string{
+		"ExecutionPayload",
+		"BlockValue",
+		"BlobsBundle",
+		"Requests",
+		"Override",
+		"Witness",
+	}
+	typ := reflect.TypeOf(ExecutionPayloadEnvelope{})
+	if typ.NumField() != len(expected) {
+		t.Fatalf("ExecutionPayloadEnvelope has %d fields, expected %d — update MarshalJSON in marshal_epe.go",
+			typ.NumField(), len(expected))
+	}
+	for i, name := range expected {
+		if typ.Field(i).Name != name {
+			t.Errorf("field %d: got %q, want %q — update MarshalJSON in marshal_epe.go",
+				i, typ.Field(i).Name, name)
+		}
+	}
+}
--- a/beacon/engine/errors.go
+++ b/beacon/engine/errors.go
@ -81,6 +81,7 @@ var (
 	TooLargeRequest          = &EngineAPIError{code: -38004, msg: "Too large request"}
 	InvalidParams            = &EngineAPIError{code: -32602, msg: "Invalid parameters"}
 	UnsupportedFork          = &EngineAPIError{code: -38005, msg: "Unsupported fork"}
+	TooDeepReorg             = &EngineAPIError{code: -38006, msg: "Too deep reorg"}

 	STATUS_INVALID         = ForkChoiceResponse{PayloadStatus: PayloadStatusV1{Status: INVALID}, PayloadID: nil}
 	STATUS_SYNCING         = ForkChoiceResponse{PayloadStatus: PayloadStatusV1{Status: SYNCING}, PayloadID: nil}
--- a/beacon/engine/gen_blockparams.go
+++ b/beacon/engine/gen_blockparams.go
--- a/beacon/engine/types.go
+++ b/beacon/engine/types.go
@ -24,6 +24,7 @@ import (
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/core/types/bal"
 	"github.com/ethereum/go-ethereum/params"
 	"github.com/ethereum/go-ethereum/trie"
 )
@ -59,7 +60,7 @@ var (
 	PayloadV4 PayloadVersion = 0x4
 )

-//go:generate go run github.com/fjl/gencodec -type PayloadAttributes -field-override payloadAttributesMarshaling -out gen_blockparams.go
+//go:generate go run github.com/fjl/gencodec -type PayloadAttributes -field-override payloadAttributesMarshaling -out pa_codec.go

 // PayloadAttributes describes the environment context in which a block should
 // be built.
@ -78,28 +79,29 @@ type payloadAttributesMarshaling struct {
 	SlotNumber *hexutil.Uint64
 }

-//go:generate go run github.com/fjl/gencodec -type ExecutableData -field-override executableDataMarshaling -out gen_ed.go
+//go:generate go run github.com/fjl/gencodec -type ExecutableData -field-override executableDataMarshaling -out ed_codec.go

 // ExecutableData is the data necessary to execute an EL payload.
 type ExecutableData struct {
-	ParentHash    common.Hash         `json:"parentHash"    gencodec:"required"`
-	FeeRecipient  common.Address      `json:"feeRecipient"  gencodec:"required"`
-	StateRoot     common.Hash         `json:"stateRoot"     gencodec:"required"`
-	ReceiptsRoot  common.Hash         `json:"receiptsRoot"  gencodec:"required"`
-	LogsBloom     []byte              `json:"logsBloom"     gencodec:"required"`
-	Random        common.Hash         `json:"prevRandao"    gencodec:"required"`
-	Number        uint64              `json:"blockNumber"   gencodec:"required"`
-	GasLimit      uint64              `json:"gasLimit"      gencodec:"required"`
-	GasUsed       uint64              `json:"gasUsed"       gencodec:"required"`
-	Timestamp     uint64              `json:"timestamp"     gencodec:"required"`
-	ExtraData     []byte              `json:"extraData"     gencodec:"required"`
-	BaseFeePerGas *big.Int            `json:"baseFeePerGas" gencodec:"required"`
-	BlockHash     common.Hash         `json:"blockHash"     gencodec:"required"`
-	Transactions  [][]byte            `json:"transactions"  gencodec:"required"`
-	Withdrawals   []*types.Withdrawal `json:"withdrawals"`
-	BlobGasUsed   *uint64             `json:"blobGasUsed"`
-	ExcessBlobGas *uint64             `json:"excessBlobGas"`
-	SlotNumber    *uint64             `json:"slotNumber"`
+	ParentHash      common.Hash          `json:"parentHash"    gencodec:"required"`
+	FeeRecipient    common.Address       `json:"feeRecipient"  gencodec:"required"`
+	StateRoot       common.Hash          `json:"stateRoot"     gencodec:"required"`
+	ReceiptsRoot    common.Hash          `json:"receiptsRoot"  gencodec:"required"`
+	LogsBloom       []byte               `json:"logsBloom"     gencodec:"required"`
+	Random          common.Hash          `json:"prevRandao"    gencodec:"required"`
+	Number          uint64               `json:"blockNumber"   gencodec:"required"`
+	GasLimit        uint64               `json:"gasLimit"      gencodec:"required"`
+	GasUsed         uint64               `json:"gasUsed"       gencodec:"required"`
+	Timestamp       uint64               `json:"timestamp"     gencodec:"required"`
+	ExtraData       []byte               `json:"extraData"     gencodec:"required"`
+	BaseFeePerGas   *big.Int             `json:"baseFeePerGas" gencodec:"required"`
+	BlockHash       common.Hash          `json:"blockHash"     gencodec:"required"`
+	Transactions    [][]byte             `json:"transactions"  gencodec:"required"`
+	Withdrawals     []*types.Withdrawal  `json:"withdrawals"`
+	BlobGasUsed     *uint64              `json:"blobGasUsed"`
+	ExcessBlobGas   *uint64              `json:"excessBlobGas"`
+	SlotNumber      *uint64              `json:"slotNumber,omitempty"`
+	BlockAccessList *bal.BlockAccessList `json:"blockAccessList,omitempty"`
 }

 // JSON type overrides for executableData.
@ -125,7 +127,7 @@ type StatelessPayloadStatusV1 struct {
 	ValidationError *string     `json:"validationError"`
 }

-//go:generate go run github.com/fjl/gencodec -type ExecutionPayloadEnvelope -field-override executionPayloadEnvelopeMarshaling -out gen_epe.go
+//go:generate go run github.com/fjl/gencodec -enc=false -type ExecutionPayloadEnvelope -field-override executionPayloadEnvelopeMarshaling -out epe_decode.go

 type ExecutionPayloadEnvelope struct {
 	ExecutionPayload *ExecutableData `json:"executionPayload"  gencodec:"required"`
@ -136,6 +138,12 @@ type ExecutionPayloadEnvelope struct {
 	Witness          *hexutil.Bytes  `json:"witness,omitempty"`
 }

+// JSON type overrides for ExecutionPayloadEnvelope.
+type executionPayloadEnvelopeMarshaling struct {
+	BlockValue *hexutil.Big
+	Requests   []hexutil.Bytes
+}
+
 // BlobsBundle includes the marshalled sidecar data. Note this structure is
 // shared by BlobsBundleV1 and BlobsBundleV2 for the sake of simplicity.
 //
@ -152,16 +160,18 @@ type BlobAndProofV1 struct {
 	Proof hexutil.Bytes `json:"proof"`
 }

+// BlobAndProofListV1 is a list of BlobAndProofV1 with a hand-rolled JSON marshaler
+// that avoids the overhead of encoding/json for large blob payloads.
+type BlobAndProofListV1 []*BlobAndProofV1
+
 type BlobAndProofV2 struct {
 	Blob       hexutil.Bytes   `json:"blob"`
 	CellProofs []hexutil.Bytes `json:"proofs"` // proofs MUST contain exactly CELLS_PER_EXT_BLOB cell proofs.
 }

-// JSON type overrides for ExecutionPayloadEnvelope.
-type executionPayloadEnvelopeMarshaling struct {
-	BlockValue *hexutil.Big
-	Requests   []hexutil.Bytes
-}
+// BlobAndProofListV2 is a list of BlobAndProofV2 with a hand-rolled JSON marshaler
+// that avoids the overhead of encoding/json for large blob payloads.
+type BlobAndProofListV2 []*BlobAndProofV2

 type PayloadStatusV1 struct {
 	Status          string         `json:"status"`
@ -276,7 +286,7 @@ func ExecutableDataToBlockNoHash(data ExecutableData, versionedHashes []common.H
 	if data.BaseFeePerGas != nil && (data.BaseFeePerGas.Sign() == -1 || data.BaseFeePerGas.BitLen() > 256) {
 		return nil, fmt.Errorf("invalid baseFeePerGas: %v", data.BaseFeePerGas)
 	}
-	var blobHashes = make([]common.Hash, 0, len(txs))
+	var blobHashes = make([]common.Hash, 0, len(versionedHashes))
 	for _, tx := range txs {
 		blobHashes = append(blobHashes, tx.BlobHashes()...)
 	}
@ -285,7 +295,7 @@ func ExecutableDataToBlockNoHash(data ExecutableData, versionedHashes []common.H
 	}
 	for i := 0; i < len(blobHashes); i++ {
 		if blobHashes[i] != versionedHashes[i] {
-			return nil, fmt.Errorf("invalid versionedHash at %v: %v blobHashes: %v", i, versionedHashes, blobHashes)
+			return nil, fmt.Errorf("invalid versionedHash at %v: %v blobHash: %v", i, versionedHashes[i], blobHashes[i])
 		}
 	}
 	// Only set withdrawalsRoot if it is non-nil. This allows CLs to use
@ -303,56 +313,66 @@ func ExecutableDataToBlockNoHash(data ExecutableData, versionedHashes []common.H
 		requestsHash = &h
 	}

-	header := &types.Header{
-		ParentHash:       data.ParentHash,
-		UncleHash:        types.EmptyUncleHash,
-		Coinbase:         data.FeeRecipient,
-		Root:             data.StateRoot,
-		TxHash:           types.DeriveSha(types.Transactions(txs), trie.NewStackTrie(nil)),
-		ReceiptHash:      data.ReceiptsRoot,
-		Bloom:            types.BytesToBloom(data.LogsBloom),
-		Difficulty:       common.Big0,
-		Number:           new(big.Int).SetUint64(data.Number),
-		GasLimit:         data.GasLimit,
-		GasUsed:          data.GasUsed,
-		Time:             data.Timestamp,
-		BaseFee:          data.BaseFeePerGas,
-		Extra:            data.ExtraData,
-		MixDigest:        data.Random,
-		WithdrawalsHash:  withdrawalsRoot,
-		ExcessBlobGas:    data.ExcessBlobGas,
-		BlobGasUsed:      data.BlobGasUsed,
-		ParentBeaconRoot: beaconRoot,
-		RequestsHash:     requestsHash,
-		SlotNumber:       data.SlotNumber,
+	// If Amsterdam is enabled, data.BlockAccessList is always non-nil,
+	// even for empty blocks with no state transitions.
+	//
+	// If Amsterdam is not enabled yet, blockAccessListHash is expected
+	// to be nil.
+	var blockAccessListHash *common.Hash
+	if data.BlockAccessList != nil {
+		hash := data.BlockAccessList.Hash()
+		blockAccessListHash = &hash
 	}
-	return types.NewBlockWithHeader(header).
-			WithBody(types.Body{Transactions: txs, Uncles: nil, Withdrawals: data.Withdrawals}),
-		nil
+	header := &types.Header{
+		ParentHash:          data.ParentHash,
+		UncleHash:           types.EmptyUncleHash,
+		Coinbase:            data.FeeRecipient,
+		Root:                data.StateRoot,
+		TxHash:              types.DeriveSha(types.Transactions(txs), trie.NewStackTrie(nil)),
+		ReceiptHash:         data.ReceiptsRoot,
+		Bloom:               types.BytesToBloom(data.LogsBloom),
+		Difficulty:          common.Big0,
+		Number:              new(big.Int).SetUint64(data.Number),
+		GasLimit:            data.GasLimit,
+		GasUsed:             data.GasUsed,
+		Time:                data.Timestamp,
+		BaseFee:             data.BaseFeePerGas,
+		Extra:               data.ExtraData,
+		MixDigest:           data.Random,
+		WithdrawalsHash:     withdrawalsRoot,
+		ExcessBlobGas:       data.ExcessBlobGas,
+		BlobGasUsed:         data.BlobGasUsed,
+		ParentBeaconRoot:    beaconRoot,
+		RequestsHash:        requestsHash,
+		SlotNumber:          data.SlotNumber,
+		BlockAccessListHash: blockAccessListHash,
+	}
+	return types.NewBlockWithHeader(header).WithBody(types.Body{Transactions: txs, Uncles: nil, Withdrawals: data.Withdrawals}), nil
 }

 // BlockToExecutableData constructs the ExecutableData structure by filling the
 // fields from the given block. It assumes the given block is post-merge block.
 func BlockToExecutableData(block *types.Block, fees *big.Int, sidecars []*types.BlobTxSidecar, requests [][]byte) *ExecutionPayloadEnvelope {
 	data := &ExecutableData{
-		BlockHash:     block.Hash(),
-		ParentHash:    block.ParentHash(),
-		FeeRecipient:  block.Coinbase(),
-		StateRoot:     block.Root(),
-		Number:        block.NumberU64(),
-		GasLimit:      block.GasLimit(),
-		GasUsed:       block.GasUsed(),
-		BaseFeePerGas: block.BaseFee(),
-		Timestamp:     block.Time(),
-		ReceiptsRoot:  block.ReceiptHash(),
-		LogsBloom:     block.Bloom().Bytes(),
-		Transactions:  encodeTransactions(block.Transactions()),
-		Random:        block.MixDigest(),
-		ExtraData:     block.Extra(),
-		Withdrawals:   block.Withdrawals(),
-		BlobGasUsed:   block.BlobGasUsed(),
-		ExcessBlobGas: block.ExcessBlobGas(),
-		SlotNumber:    block.SlotNumber(),
+		BlockHash:       block.Hash(),
+		ParentHash:      block.ParentHash(),
+		FeeRecipient:    block.Coinbase(),
+		StateRoot:       block.Root(),
+		Number:          block.NumberU64(),
+		GasLimit:        block.GasLimit(),
+		GasUsed:         block.GasUsed(),
+		BaseFeePerGas:   block.BaseFee(),
+		Timestamp:       block.Time(),
+		ReceiptsRoot:    block.ReceiptHash(),
+		LogsBloom:       block.Bloom().Bytes(),
+		Transactions:    encodeTransactions(block.Transactions()),
+		Random:          block.MixDigest(),
+		ExtraData:       block.Extra(),
+		Withdrawals:     block.Withdrawals(),
+		BlobGasUsed:     block.BlobGasUsed(),
+		ExcessBlobGas:   block.ExcessBlobGas(),
+		SlotNumber:      block.SlotNumber(),
+		BlockAccessList: block.AccessList(),
 	}

 	// Add blobs.
--- a/beacon/light/committee_chain.go
+++ b/beacon/light/committee_chain.go
@ -182,6 +182,12 @@ func (s *CommitteeChain) Reset() {
 	s.chainmu.Lock()
 	defer s.chainmu.Unlock()

+	s.resetLocked()
+}
+
+// ResetLocked resets the committee chain without locking. The caller should hold
+// the chainmu lock.
+func (s *CommitteeChain) resetLocked() {
 	if err := s.rollback(0); err != nil {
 		log.Error("Error writing batch into chain database", "error", err)
 	}
@ -201,22 +207,22 @@ func (s *CommitteeChain) CheckpointInit(bootstrap types.BootstrapData) error {
 	}
 	period := bootstrap.Header.SyncPeriod()
 	if err := s.deleteFixedCommitteeRootsFrom(period + 2); err != nil {
-		s.Reset()
+		s.resetLocked()
 		return err
 	}
 	if s.addFixedCommitteeRoot(period, bootstrap.CommitteeRoot) != nil {
-		s.Reset()
+		s.resetLocked()
 		if err := s.addFixedCommitteeRoot(period, bootstrap.CommitteeRoot); err != nil {
-			s.Reset()
+			s.resetLocked()
 			return err
 		}
 	}
 	if err := s.addFixedCommitteeRoot(period+1, common.Hash(bootstrap.CommitteeBranch[0])); err != nil {
-		s.Reset()
+		s.resetLocked()
 		return err
 	}
 	if err := s.addCommittee(period, bootstrap.Committee); err != nil {
-		s.Reset()
+		s.resetLocked()
 		return err
 	}
 	s.changeCounter++
--- a/beacon/light/request/server.go
+++ b/beacon/light/request/server.go
@ -438,14 +438,11 @@ func (s *serverWithLimits) fail(desc string) {
 // failLocked calculates the dynamic failure delay and applies it.
 func (s *serverWithLimits) failLocked(desc string) {
 	log.Debug("Server error", "description", desc)
-	s.failureDelay *= 2
 	now := s.clock.Now()
 	if now > s.failureDelayEnd {
 		s.failureDelay *= math.Pow(2, -float64(now-s.failureDelayEnd)/float64(maxFailureDelay))
 	}
-	if s.failureDelay < float64(minFailureDelay) {
-		s.failureDelay = float64(minFailureDelay)
-	}
+	s.failureDelay = max(min(s.failureDelay*2, float64(maxFailureDelay)), float64(minFailureDelay))
 	s.failureDelayEnd = now + mclock.AbsTime(s.failureDelay)
 	s.delay(time.Duration(s.failureDelay))
 }
--- a/beacon/light/sync/update_sync.go
+++ b/beacon/light/sync/update_sync.go
@ -62,7 +62,6 @@ const (
 	ssNeedParent             // cp header slot %32 != 0, need parent to check epoch boundary
 	ssParentRequested        // cp parent header requested
 	ssPrintStatus            // has all necessary info, print log message if init still not successful
-	ssDone                   // log message printed, no more action required
 )

 type serverState struct {
@ -99,7 +98,10 @@ func (s *CheckpointInit) Process(requester request.Requester, events []request.E
 			case ssDefault:
 				if resp != nil {
 					if checkpoint := resp.(*types.BootstrapData); checkpoint.Header.Hash() == common.Hash(req.(ReqCheckpointData)) {
-						s.chain.CheckpointInit(*checkpoint)
+						err := s.chain.CheckpointInit(*checkpoint)
+						if err != nil {
+							return
+						}
 						s.initialized = true
 						return
 					}
@ -180,7 +182,8 @@ func (s *CheckpointInit) Process(requester request.Requester, events []request.E
 		default:
 			log.Error("blsync: checkpoint not available, but reported as finalized; specified checkpoint hash might be too old", "server", server.Name())
 		}
-		s.serverState[server] = serverState{state: ssDone}
+		s.serverState[server] = serverState{state: ssDefault}
+		requester.Fail(server, "checkpoint init failed")
 	}
 }

--- a/build/checksums.txt
+++ b/build/checksums.txt
@ -5,49 +5,49 @@
 # https://github.com/ethereum/execution-spec-tests/releases/download/v5.1.0
 a3192784375acec7eaec492799d5c5d0c47a2909a3cc40178898e4ecd20cc416  fixtures_develop.tar.gz

-# version:golang 1.25.7
+# version:golang 1.25.10
 # https://go.dev/dl/
-178f2832820274b43e177d32f06a3ebb0129e427dd20a5e4c88df2c1763cf10a  go1.25.7.src.tar.gz
-81bf2a1f20633f62d55d826d82dde3b0570cf1408a91e15781b266037299285b  go1.25.7.aix-ppc64.tar.gz
-bf5050a2152f4053837b886e8d9640c829dbacbc3370f913351eb0904cb706f5  go1.25.7.darwin-amd64.tar.gz
-ff18369ffad05c57d5bed888b660b31385f3c913670a83ef557cdfd98ea9ae1b  go1.25.7.darwin-arm64.tar.gz
-c5dccd7f192dd7b305dc209fb316ac1917776d74bd8e4d532ef2772f305bf42a  go1.25.7.dragonfly-amd64.tar.gz
-a2de97c8ac74bf64b0ae73fe9d379e61af530e061bc7f8f825044172ffe61a8b  go1.25.7.freebsd-386.tar.gz
-055f9e138787dcafa81eb0314c8ff70c6dd0f6dba1e8a6957fef5d5efd1ab8fd  go1.25.7.freebsd-amd64.tar.gz
-60e7f7a7c990f0b9539ac8ed668155746997d404643a4eecd47b3dee1b7e710b  go1.25.7.freebsd-arm.tar.gz
-631e03d5fd4c526e2f499154d8c6bf4cb081afb2fff171c428722afc9539d53a  go1.25.7.freebsd-arm64.tar.gz
-8a264fd685823808140672812e3ad9c43f6ad59444c0dc14cdd3a1351839ddd5  go1.25.7.freebsd-riscv64.tar.gz
-57c672447d906a1bcab98f2b11492d54521a791aacbb4994a25169e59cbe289a  go1.25.7.illumos-amd64.tar.gz
-2866517e9ca81e6a2e85a930e9b11bc8a05cfeb2fc6dc6cb2765e7fb3c14b715  go1.25.7.linux-386.tar.gz
-12e6d6a191091ae27dc31f6efc630e3a3b8ba409baf3573d955b196fdf086005  go1.25.7.linux-amd64.tar.gz
-ba611a53534135a81067240eff9508cd7e256c560edd5d8c2fef54f083c07129  go1.25.7.linux-arm64.tar.gz
-1ba07e0eb86b839e72467f4b5c7a5597d07f30bcf5563c951410454f7cda5266  go1.25.7.linux-armv6l.tar.gz
-775753fc5952a334c415f08768df2f0b73a3228a16e8f5f63d545daacb4e3357  go1.25.7.linux-loong64.tar.gz
-1a023bb367c5fbb4c637a2f6dc23ff17c6591ad929ce16ea88c74d857153b307  go1.25.7.linux-mips.tar.gz
-a8e97223d8aa6fdfd45f132a4784d2f536bbac5f3d63a24b63d33b6bfe1549af  go1.25.7.linux-mips64.tar.gz
-eb9edb6223330d5e20275667c65dea076b064c08e595fe4eba5d7d6055cfaccf  go1.25.7.linux-mips64le.tar.gz
-9c1e693552a5f9bb9e0012d1c5e01456ecefbc59bef53a77305222ce10aba368  go1.25.7.linux-mipsle.tar.gz
-28a788798e7329acbbc0ac2caa5e4368b1e5ede646cc24429c991214cfb45c63  go1.25.7.linux-ppc64.tar.gz
-42124c0edc92464e2b37b2d7fcd3658f0c47ebd6a098732415a522be8cb88e3f  go1.25.7.linux-ppc64le.tar.gz
-88d59c6893c8425875d6eef8e3434bc2fa2552e5ad4c058c6cd8cd710a0301c8  go1.25.7.linux-riscv64.tar.gz
-c6b77facf666dc68195ecab05dbf0ebb4e755b2a8b7734c759880557f1c29b0c  go1.25.7.linux-s390x.tar.gz
-f14c184d9ade0ee04c7735d4071257b90896ecbde1b32adae84135f055e6399b  go1.25.7.netbsd-386.tar.gz
-7e7389e404dca1088c31f0fc07f1dd60891d7182bcd621469c14f7e79eceb3ff  go1.25.7.netbsd-amd64.tar.gz
-70388bb3ef2f03dbf1357e9056bd09034a67e018262557354f8cf549766b3f9d  go1.25.7.netbsd-arm.tar.gz
-8c1cda9d25bfc9b18d24d5f95fc23949dd3ff99fa408a6cfa40e2cf12b07e362  go1.25.7.netbsd-arm64.tar.gz
-42f0d1bfbe39b8401cccb84dd66b30795b97bfc9620dfdc17c5cd4fcf6495cb0  go1.25.7.openbsd-386.tar.gz
-e514879c0a28bc32123cd52c4c093de912477fe83f36a6d07517d066ef55391a  go1.25.7.openbsd-amd64.tar.gz
-8cd22530695a0218232bf7efea8f162df1697a3106942ac4129b8c3de39ce4ef  go1.25.7.openbsd-arm.tar.gz
-938720f6ebc0d1c53d7840321d3a31f29fd02496e84a6538f442a9311dc1cc9a  go1.25.7.openbsd-arm64.tar.gz
-a4c378b73b98f89a3596c2ef51aabbb28783d9ca29f7e317d8ca07939660ce6f  go1.25.7.openbsd-ppc64.tar.gz
-937b58734fbeaa8c7941a0e4285e7e84b7885396e8d11c23f9ab1a8ff10ff20e  go1.25.7.openbsd-riscv64.tar.gz
-61a093c8c5244916f25740316386bb9f141545dcf01b06a79d1c78ece488403e  go1.25.7.plan9-386.tar.gz
-7fc8f6689c9de8ccb7689d2278035fa83c2d601409101840df6ddfe09ba58699  go1.25.7.plan9-amd64.tar.gz
-9661dff8eaeeb62f1c3aadbc5ff189a2e6744e1ec885e32dbcb438f58a34def5  go1.25.7.plan9-arm.tar.gz
-28ecba0e1d7950c8b29a4a04962dd49c3bf5221f55a44f17d98f369f82859cf4  go1.25.7.solaris-amd64.tar.gz
-baa6b488291801642fa620026169e38bec2da2ac187cd3ae2145721cf826bbc3  go1.25.7.windows-386.zip
-c75e5f4ff62d085cc0017be3ad19d5536f46825fa05db06ec468941f847e3228  go1.25.7.windows-amd64.zip
-807033f85931bc4a589ca8497535dcbeb1f30d506e47fa200f5f04c4a71c3d9f  go1.25.7.windows-arm64.zip
+20cf04a92e5af99748e341bc8996fa28090c9ac98765fa115ec5ddf41d7af41d  go1.25.10.src.tar.gz
+a194e767c2ab4216a60acc068b9dbe6bf4fae05c14bb52d6bbdcb5b3ea521308  go1.25.10.aix-ppc64.tar.gz
+52321165a3146cd91865ef98371506a846ed4dc4f9f1c9323e5ad90d2a411e06  go1.25.10.darwin-amd64.tar.gz
+795691a425de7e7cdba3544f354dcd2cebcf52e87dc6898193878f34eb6d634f  go1.25.10.darwin-arm64.tar.gz
+e37b4544ba9e9e9a7ab2ed3116b3fc4d39a88da854baa5a566d9d6d3a9de7d4c  go1.25.10.dragonfly-amd64.tar.gz
+2a70d1fdabab637aa442ca94599a56e381238efa20cb995d5433b8579bfe482c  go1.25.10.freebsd-386.tar.gz
+9cdf522d87d47d82fec4a313cc4f8c3c94a7770426e8d443e4150a1f330cba71  go1.25.10.freebsd-amd64.tar.gz
+6da6183633e9e59ffd9edefab68b5059c89b605596d94aaba650b1681fccd35f  go1.25.10.freebsd-arm.tar.gz
+7adcefeebdd05331f4d45f1ad2dddb5c53537cff6552e82f6595b3b833b95371  go1.25.10.freebsd-arm64.tar.gz
+285f80a1ace21a7d94035cd753196eeada8cacd48e6396fd116ad5eb67aea957  go1.25.10.freebsd-riscv64.tar.gz
+de7461bf0e5068a4f6e7f8713026d70516be6dbd5de5d21f9ced1c182f2f326e  go1.25.10.illumos-amd64.tar.gz
+2f574f2e2e19ead5b280fec0e7af5c81b76632685f03b6ac42dfa34c4b773c52  go1.25.10.linux-386.tar.gz
+42d4f7a32316aa66591eca7e89867256057a4264451aca10570a715b3637ba70  go1.25.10.linux-amd64.tar.gz
+654da1f9b50a5d1c2a85ccf8ed405aa89c06e94d18384628bf186f7712677b08  go1.25.10.linux-arm64.tar.gz
+39f168f158e693887d3ad006168af1b1a3007b19c5993cae4d9d57f82f52aaf8  go1.25.10.linux-armv6l.tar.gz
+05401fe5ea50ad2bafb9c797ef9bf21574b0661f19ef4d0dd66af8a0fb7323f3  go1.25.10.linux-loong64.tar.gz
+d5bc2d6155d394a3aae41f21eb7c60da5595a6147aa0f30ed6b27da25e06c3f7  go1.25.10.linux-mips.tar.gz
+8c64e7493e5953c3ba3153487d2fddd7f8ed142392c77f138e6792a6c1930db4  go1.25.10.linux-mips64.tar.gz
+bd53aa2d558b7c1eadfc6bf01132e1859203a92f458ed7ba75b7f3230f14b095  go1.25.10.linux-mips64le.tar.gz
+120b254e2e2980bb06687175db5c4064a85696c53001dc9f59934ad18f74a6bc  go1.25.10.linux-mipsle.tar.gz
+8a6acb21295b0ec974a44608361920ea8dbff5666631a6f556bd7d5f1d56535f  go1.25.10.linux-ppc64.tar.gz
+778925fdcdf9a272f823d147fad51545c3334b7ccd8652b2ccaaf2b01800280a  go1.25.10.linux-ppc64le.tar.gz
+b4f04ad0db48bcfea946db5323919cd21034e0bd2821a557dacd29c1b1013a4b  go1.25.10.linux-riscv64.tar.gz
+936b953e43921a64c12da871f76871ebbeb6d2092a7b8bdc307f5246f3c662cc  go1.25.10.linux-s390x.tar.gz
+061470e0bc7132146a5925a3cc28d5bc498eb1b1ff09dedcfaae10f781ff2274  go1.25.10.netbsd-386.tar.gz
+63b2d50d7f8f269a9c82d42a4060e90cffb7f9102299818bb071b067aac8da8f  go1.25.10.netbsd-amd64.tar.gz
+c35129f68796526aa4dc4b6f481e2d995ef312aedadc88b659b945cc00e1f8f0  go1.25.10.netbsd-arm.tar.gz
+2f541da4e2b298154d992d1f11bbb38c89d0821d91cc50a46776d42bb5e63bca  go1.25.10.netbsd-arm64.tar.gz
+2d42e569b07f1b99fdbfd008e7c22f967d165e2ce02464f46818fbed2aec43f5  go1.25.10.openbsd-386.tar.gz
+0ad05960e8c9f867328151308c87f938433bec8f22f6a9437a896e22169fc840  go1.25.10.openbsd-amd64.tar.gz
+099cc11473f99461c77161912740945308f08f6834980afb262c72bdc915f2d7  go1.25.10.openbsd-arm.tar.gz
+bdf3335d5008c1ddc81fa94892283e4f1fee22566f5351d4e726d9f55a67c838  go1.25.10.openbsd-arm64.tar.gz
+0933d418da0a61e0f29de717a77498f16b9b5b50dbe2205e20b2ed7fd4067f75  go1.25.10.openbsd-ppc64.tar.gz
+191e6f3e75712f8c13d189d53b668e2cac6449f26474c1d86fbd04f6e9846f9c  go1.25.10.openbsd-riscv64.tar.gz
+68c053c8acd76c50fc430e92f4a86110ec3d97dd03d27b9339b4eaf793caff5f  go1.25.10.plan9-386.tar.gz
+42e2c46638ae22d93402e79efb40faee5c42cf7c56a01bb3ab47c6bb2512b745  go1.25.10.plan9-amd64.tar.gz
+3ef1d5838b1648da16724a07b72e839ccbd7cb8899c3e0426afd6b79d494b91c  go1.25.10.plan9-arm.tar.gz
+631e3716017fbec06500a628d97e1155daec3593f0a7812c2ebfe8fc8c96b2ab  go1.25.10.solaris-amd64.tar.gz
+ddc693d2d9d7cc671ebb72d1d50aa05670f95b059b7d90440611af57976871d5  go1.25.10.windows-386.zip
+ca37af2dadd8544464f1a9ca7c3886499d1cdfcb263855d0a1d71f194b2bd222  go1.25.10.windows-amd64.zip
+38be57e0398bd93673d65bcae6dc7ee3cf151d7038d0dba5c60a5153022872da  go1.25.10.windows-arm64.zip

 # version:golangci 2.10.1
 # https://github.com/golangci/golangci-lint/releases/
--- a/build/ci.go
+++ b/build/ci.go
@ -73,21 +73,9 @@ var (
 		"./cmd/keeper",
 	}

-	// Files that end up in the geth*.zip archive.
-	gethArchiveFiles = []string{
-		"COPYING",
-		executablePath("geth"),
-	}
-
-	// Files that end up in the geth-alltools*.zip archive.
-	allToolsArchiveFiles = []string{
-		"COPYING",
-		executablePath("abigen"),
-		executablePath("evm"),
-		executablePath("geth"),
-		executablePath("rlpdump"),
-		executablePath("clef"),
-	}
+	// Files that end up in the geth-alltools*.zip archive (and the NSIS installer
+	// dev-tools section). Order matches the historical layout produced by ci.go.
+	allToolsBinaries = []string{"abigen", "evm", "geth", "rlpdump"}

 	// Keeper build targets with their configurations
 	keeperTargets = []struct {
@ -147,10 +135,6 @@ var (
 			BinaryName:  "rlpdump",
 			Description: "Developer utility tool that prints RLP structures.",
 		},
-		{
-			BinaryName:  "clef",
-			Description: "Ethereum account management tool.",
-		},
 	}

 	// A debian package is created for all executables listed here.
@ -180,13 +164,35 @@ var (

 var GOBIN, _ = filepath.Abs(filepath.Join("build", "bin"))

-func executablePath(name string) string {
-	if runtime.GOOS == "windows" {
+// executablePath returns the path to a built binary in GOBIN, applying the
+// platform-specific extension for the given target OS.
+func executablePath(name, targetOS string) string {
+	if targetOS == "windows" {
 		name += ".exe"
 	}
 	return filepath.Join(GOBIN, name)
 }

+// gethArchiveFiles returns the file list for the geth-{platform}-{ver}.zip
+// archive, with binary paths resolved for the target OS.
+func gethArchiveFiles(targetOS string) []string {
+	return []string{
+		"COPYING",
+		executablePath("geth", targetOS),
+	}
+}
+
+// allToolsArchiveFiles returns the file list for the
+// geth-alltools-{platform}-{ver}.zip archive, with binary paths resolved for
+// the target OS.
+func allToolsArchiveFiles(targetOS string) []string {
+	files := []string{"COPYING"}
+	for _, name := range allToolsBinaries {
+		files = append(files, executablePath(name, targetOS))
+	}
+	return files
+}
+
 func main() {
 	log.SetFlags(log.Lshortfile)

@ -233,6 +239,7 @@ func main() {
 func doInstall(cmdline []string) {
 	var (
 		dlgo       = flag.Bool("dlgo", false, "Download Go and build with it")
+		targetOS   = flag.String("os", runtime.GOOS, "Target OS to cross build for")
 		arch       = flag.String("arch", "", "Architecture to cross build for")
 		cc         = flag.String("cc", "", "C compiler to cross build with")
 		staticlink = flag.Bool("static", false, "Create statically-linked executable")
@ -241,7 +248,7 @@ func doInstall(cmdline []string) {
 	env := build.Env()

 	// Configure the toolchain.
-	tc := build.GoToolchain{GOARCH: *arch, CC: *cc}
+	tc := build.GoToolchain{GOOS: *targetOS, GOARCH: *arch, CC: *cc}
 	if *dlgo {
 		csdb := download.MustLoadChecksums("build/checksums.txt")
 		tc.Root = build.DownloadGo(csdb)
@ -255,7 +262,7 @@ func doInstall(cmdline []string) {
 	}

 	// Configure the build.
-	gobuild := tc.Go("build", buildFlags(env, *staticlink, buildTags)...)
+	gobuild := tc.Go("build", buildFlags(env, *staticlink, buildTags, *targetOS)...)

 	// Show packages during build.
 	gobuild.Args = append(gobuild.Args, "-v")
@ -270,7 +277,7 @@ func doInstall(cmdline []string) {
 	// Do the build!
 	for _, pkg := range packages {
 		args := slices.Clone(gobuild.Args)
-		args = append(args, "-o", executablePath(path.Base(pkg)))
+		args = append(args, "-o", executablePath(path.Base(pkg), *targetOS))
 		args = append(args, pkg)
 		build.MustRun(&exec.Cmd{Path: gobuild.Path, Args: args, Env: gobuild.Env})
 	}
@ -297,7 +304,13 @@ func doInstallKeeper(cmdline []string) {
 		tc.GOARCH = target.GOARCH
 		tc.GOOS = target.GOOS
 		tc.CC = target.CC
-		gobuild := tc.Go("build", buildFlags(env, true, []string{target.Tags})...)
+		// An empty GOOS means "build for the host OS"; thread that through to
+		// buildFlags so platform-specific linker flags are picked correctly.
+		targetOS := target.GOOS
+		if targetOS == "" {
+			targetOS = runtime.GOOS
+		}
+		gobuild := tc.Go("build", buildFlags(env, true, []string{target.Tags}, targetOS)...)
 		gobuild.Dir = "./cmd/keeper"
 		gobuild.Args = append(gobuild.Args, "-v")

@ -307,14 +320,15 @@ func doInstallKeeper(cmdline []string) {
 		outputName := fmt.Sprintf("keeper-%s", target.Name)

 		args := slices.Clone(gobuild.Args)
-		args = append(args, "-o", executablePath(outputName))
+		args = append(args, "-o", executablePath(outputName, targetOS))
 		args = append(args, ".")
 		build.MustRun(&exec.Cmd{Path: gobuild.Path, Args: args, Env: gobuild.Env, Dir: gobuild.Dir})
 	}
 }

-// buildFlags returns the go tool flags for building.
-func buildFlags(env build.Environment, staticLinking bool, buildTags []string) (flags []string) {
+// buildFlags returns the go tool flags for building. targetOS is the OS we
+// are producing binaries for.
+func buildFlags(env build.Environment, staticLinking bool, buildTags []string, targetOS string) (flags []string) {
 	var ld []string
 	// See https://github.com/golang/go/issues/33772#issuecomment-528176001
 	// We need to set --buildid to the linker here, and also pass --build-id to the
@ -326,10 +340,10 @@ func buildFlags(env build.Environment, staticLinking bool, buildTags []string) (
 	}
 	// Strip DWARF on darwin. This used to be required for certain things,
 	// and there is no downside to this, so we just keep doing it.
-	if runtime.GOOS == "darwin" {
+	if targetOS == "darwin" {
 		ld = append(ld, "-s")
 	}
-	if runtime.GOOS == "linux" {
+	if targetOS == "linux" {
 		// Enforce the stacksize to 8M, which is the case on most platforms apart from
 		// alpine Linux.
 		// See https://sourceware.org/binutils/docs-2.23.1/ld/Options.html#Options
@ -682,12 +696,13 @@ func downloadProtoc(cachedir string) string {
 // Release Packaging
 func doArchive(cmdline []string) {
 	var (
-		arch    = flag.String("arch", runtime.GOARCH, "Architecture cross packaging")
-		atype   = flag.String("type", "zip", "Type of archive to write (zip|tar)")
-		signer  = flag.String("signer", "", `Environment variable holding the signing key (e.g. LINUX_SIGNING_KEY)`)
-		signify = flag.String("signify", "", `Environment variable holding the signify key (e.g. LINUX_SIGNIFY_KEY)`)
-		upload  = flag.String("upload", "", `Destination to upload the archives (usually "gethstore/builds")`)
-		ext     string
+		targetOS = flag.String("os", runtime.GOOS, "Target OS the binaries were built for")
+		arch     = flag.String("arch", runtime.GOARCH, "Architecture cross packaging")
+		atype    = flag.String("type", "zip", "Type of archive to write (zip|tar)")
+		signer   = flag.String("signer", "", `Environment variable holding the signing key (e.g. LINUX_SIGNING_KEY)`)
+		signify  = flag.String("signify", "", `Environment variable holding the signify key (e.g. LINUX_SIGNIFY_KEY)`)
+		upload   = flag.String("upload", "", `Destination to upload the archives (usually "gethstore/builds")`)
+		ext      string
 	)
 	flag.CommandLine.Parse(cmdline)
 	switch *atype {
@ -701,15 +716,15 @@ func doArchive(cmdline []string) {

 	var (
 		env      = build.Env()
-		basegeth = archiveBasename(*arch, version.Archive(env.Commit))
+		basegeth = archiveBasename(*targetOS, *arch, version.Archive(env.Commit))
 		geth     = "geth-" + basegeth + ext
 		alltools = "geth-alltools-" + basegeth + ext
 	)
 	maybeSkipArchive(env)
-	if err := build.WriteArchive(geth, gethArchiveFiles); err != nil {
+	if err := build.WriteArchive(geth, gethArchiveFiles(*targetOS)); err != nil {
 		log.Fatal(err)
 	}
-	if err := build.WriteArchive(alltools, allToolsArchiveFiles); err != nil {
+	if err := build.WriteArchive(alltools, allToolsArchiveFiles(*targetOS)); err != nil {
 		log.Fatal(err)
 	}
 	for _, archive := range []string{geth, alltools} {
@ -735,7 +750,11 @@ func doKeeperArchive(cmdline []string) {
 	maybeSkipArchive(env)
 	files := []string{"COPYING"}
 	for _, target := range keeperTargets {
-		files = append(files, executablePath(fmt.Sprintf("keeper-%s", target.Name)))
+		targetOS := target.GOOS
+		if targetOS == "" {
+			targetOS = runtime.GOOS
+		}
+		files = append(files, executablePath(fmt.Sprintf("keeper-%s", target.Name), targetOS))
 	}
 	if err := build.WriteArchive(keeper, files); err != nil {
 		log.Fatal(err)
@ -745,8 +764,8 @@ func doKeeperArchive(cmdline []string) {
 	}
 }

-func archiveBasename(arch string, archiveVersion string) string {
-	platform := runtime.GOOS + "-" + arch
+func archiveBasename(targetOS, arch, archiveVersion string) string {
+	platform := targetOS + "-" + arch
 	if arch == "arm" {
 		platform += os.Getenv("GOARM")
 	}
@ -1209,13 +1228,13 @@ func doWindowsInstaller(cmdline []string) {
 	env := build.Env()
 	maybeSkipArchive(env)

-	// Aggregate binaries that are included in the installer
+	// Aggregate binaries that are included in the installer.
 	var (
 		devTools []string
 		allTools []string
 		gethTool string
 	)
-	for _, file := range allToolsArchiveFiles {
+	for _, file := range allToolsArchiveFiles("windows") {
 		if file == "COPYING" { // license, copied later
 			continue
 		}
@ -1252,16 +1271,24 @@ func doWindowsInstaller(cmdline []string) {
 	if env.Commit != "" {
 		ver[2] += "-" + env.Commit[:8]
 	}
-	installer, err := filepath.Abs("geth-" + archiveBasename(*arch, version.Archive(env.Commit)) + ".exe")
+	installer, err := filepath.Abs("geth-" + archiveBasename("windows", *arch, version.Archive(env.Commit)) + ".exe")
 	if err != nil {
 		log.Fatalf("Failed to convert installer file path: %v", err)
 	}
-	build.MustRunCommand("makensis.exe",
-		"/DOUTPUTFILE="+installer,
-		"/DMAJORVERSION="+ver[0],
-		"/DMINORVERSION="+ver[1],
-		"/DBUILDVERSION="+ver[2],
-		"/DARCH="+*arch,
+	// makensis on Windows is "makensis.exe" with /D-style defines; on Linux
+	// (and other Unixes) the binary is "makensis" and accepts -D.
+	makensisCmd := "makensis"
+	defineFlag := "-D"
+	if runtime.GOOS == "windows" {
+		makensisCmd = "makensis.exe"
+		defineFlag = "/D"
+	}
+	build.MustRunCommand(makensisCmd,
+		defineFlag+"OUTPUTFILE="+installer,
+		defineFlag+"MAJORVERSION="+ver[0],
+		defineFlag+"MINORVERSION="+ver[1],
+		defineFlag+"BUILDVERSION="+ver[2],
+		defineFlag+"ARCH="+*arch,
 		filepath.Join(*workdir, "geth.nsi"),
 	)
 	// Sign and publish installer.
--- a/cmd/abigen/main.go
+++ b/cmd/abigen/main.go
@ -215,7 +215,7 @@ func generate(c *cli.Context) error {
 		code string
 		err  error
 	)
-	if c.IsSet(v2Flag.Name) {
+	if c.Bool(v2Flag.Name) {
 		code, err = abigen.BindV2(types, abis, bins, c.String(pkgFlag.Name), libs, aliases)
 	} else {
 		code, err = abigen.Bind(types, abis, bins, sigs, c.String(pkgFlag.Name), libs, aliases)
--- a/cmd/clef/README.md
+++ b/cmd/clef/README.md
@ -1,922 +0,0 @@
-# Clef
-
-Clef can be used to sign transactions and data and is meant as a(n eventual) replacement for Geth's account management. This allows DApps to not depend on Geth's account management. When a DApp wants to sign data (or a transaction), it can send the content to Clef, which will then provide the user with context and ask for permission to sign the content. If the user grants the signing request, Clef will send the signature back to the DApp.
-
-This setup allows a DApp to connect to a remote Ethereum node and send transactions that are locally signed. This can help in situations when a DApp is connected to an untrusted remote Ethereum node, because a local one is not available, not synchronized with the chain, or is a node that has no built-in (or limited) account management.
-
-Clef can run as a daemon on the same machine, off a usb-stick like [USB armory](https://inversepath.com/usbarmory), or even a separate VM in a [QubesOS](https://www.qubes-os.org/) type setup.
-
-Check out the
-
-* [CLI tutorial](tutorial.md) for some concrete examples on how Clef works.
-* [Setup docs](docs/setup.md) for information on how to configure Clef on QubesOS or USB Armory.
-* [Data types](datatypes.md) for details on the communication messages between Clef and an external UI.
-
-## Command line flags
-
-Clef accepts the following command line options:
-
-```
-COMMANDS:
-   init    Initialize the signer, generate secret storage
-   attest  Attest that a js-file is to be used
-   setpw   Store a credential for a keystore file
-   delpw   Remove a credential for a keystore file
-   gendoc  Generate documentation about json-rpc format
-   help    Shows a list of commands or help for one command
-
-GLOBAL OPTIONS:
-   --loglevel value        log level to emit to the screen (default: 4)
-   --keystore value        Directory for the keystore (default: "$HOME/.ethereum/keystore")
-   --configdir value       Directory for Clef configuration (default: "$HOME/.clef")
-   --chainid value         Chain id to use for signing (1=mainnet, 17000=Holesky) (default: 1)
-   --lightkdf              Reduce key-derivation RAM & CPU usage at some expense of KDF strength
-   --nousb                 Disables monitoring for and managing USB hardware wallets
-   --pcscdpath value       Path to the smartcard daemon (pcscd) socket file (default: "/run/pcscd/pcscd.comm")
-   --http.addr value       HTTP-RPC server listening interface (default: "localhost")
-   --http.vhosts value     Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard. (default: "localhost")
-   --ipcdisable            Disable the IPC-RPC server
-   --ipcpath               Filename for IPC socket/pipe within the datadir (explicit paths escape it)
-   --http                  Enable the HTTP-RPC server
-   --http.port value       HTTP-RPC server listening port (default: 8550)
-   --signersecret value    A file containing the (encrypted) master seed to encrypt Clef data, e.g. keystore credentials and ruleset hash
-   --4bytedb-custom value  File used for writing new 4byte-identifiers submitted via API (default: "./4byte-custom.json")
-   --auditlog value        File used to emit audit logs. Set to "" to disable (default: "audit.log")
-   --rules value           Path to the rule file to auto-authorize requests with
-   --stdio-ui              Use STDIN/STDOUT as a channel for an external UI. This means that an STDIN/STDOUT is used for RPC-communication with a e.g. a graphical user interface, and can be used when Clef is started by an external process.
-   --stdio-ui-test         Mechanism to test interface between Clef and UI. Requires 'stdio-ui'.
-   --advanced              If enabled, issues warnings instead of rejections for suspicious requests. Default off
-   --suppress-bootwarn     If set, does not show the warning during boot
-   --help, -h              show help
-   --version, -v           print the version
-```
-
-Example:
-
-```
-$ clef -keystore /my/keystore -chainid 4
-```
-
-## Security model
-
-The security model of Clef is as follows:
-
-* One critical component (the Clef binary / daemon) is responsible for handling cryptographic operations: signing, private keys, encryption/decryption of keystore files.
-* Clef has a well-defined 'external' API.
-* The 'external' API is considered UNTRUSTED.
-* Clef also communicates with whatever process that invoked the binary, via stdin/stdout.
-  * This channel is considered 'trusted'. Over this channel, approvals and passwords are communicated.
-
-The general flow for signing a transaction using e.g. Geth is as follows:
-![image](sign_flow.png)
-
-In this case, `geth` would be started with `--signer http://localhost:8550` and would relay requests to `eth.sendTransaction`.
-
-## TODOs
-
-Some snags and todos
-
-* [ ] Clef should take a startup param "--no-change", for UIs that do not contain the capability to perform changes to things, only approve/deny. Such a UI should be able to start the signer in a more secure mode by telling it that it only wants approve/deny capabilities.
-* [x] It would be nice if Clef could collect new 4byte-id:s/method selectors, and have a secondary database for those (`4byte_custom.json`). Users could then (optionally) submit their collections for inclusion upstream.
-* [ ] It should be possible to configure Clef to check if an account is indeed known to it, before passing on to the UI. The reason it currently does not, is that it would make it possible to enumerate accounts if it immediately returned "unknown account" (side channel attack).
-* [x] It should be possible to configure Clef to auto-allow listing (certain) accounts, instead of asking every time.
-* [x] Done Upon startup, Clef should spit out some info to the caller (particularly important when executed in `stdio-ui`-mode), invoking methods with the following info:
-  * [x] Version info about the signer
-  * [x] Address of API (HTTP/IPC)
-  * [ ] List of known accounts
-* [ ] Have a default timeout on signing operations, so that if the user has not answered within e.g. 60 seconds, the request is rejected.
-* [ ] `account_signRawTransaction`
-* [ ] `account_bulkSignTransactions([] transactions)` should
-   * only exist if enabled via config/flag
-   * only allow non-data-sending transactions
-   * all txs must use the same `from`-account
-   * let the user confirm, showing
-      * the total amount
-      * the number of unique recipients
-
-* Geth todos
-    - The signer should pass the `Origin` header as call-info to the UI. As of right now, the way that info about the request is put together is a bit of a hack into the HTTP server. This could probably be greatly improved.
-    - Relay: Geth should be started in `geth --signer localhost:8550`.
-    - Currently, the Geth APIs use `common.Address` in the arguments to transaction submission (e.g `to` field). This type is 20 `bytes`, and is incapable of carrying checksum information. The signer uses `common.MixedcaseAddress`, which retains the original input.
-    - The Geth API should switch to use the same type, and relay `to`-account verbatim to the external API.
-* [x] Storage
-    * [x] An encrypted key-value storage should be implemented.
-    * See [rules.md](rules.md) for more info about this.
-* Another potential thing to introduce is pairing.
-  * To prevent spurious requests which users just accept, implement a way to "pair" the caller with the signer (external API).
-  * Thus Geth/cpp would cryptographically handshake and afterwards the caller would be allowed to make signing requests.
-  * This feature would make the addition of rules less dangerous.
-
-* Wallets / accounts. Add API methods for wallets.
-
-## Communication
-
-### External API
-
-Clef listens to HTTP requests on `http.addr`:`http.port` (or to IPC on `ipcpath`), with the same JSON-RPC standard as Geth. The messages are expected to be [JSON-RPC 2.0 standard](https://www.jsonrpc.org/specification).
-
-Some of these calls can require user interaction. Clients must be aware that responses may be delayed significantly or may never be received if a user decides to ignore the confirmation request.
-
-The External API is **untrusted**: it does not accept credentials, nor does it expect that requests have any authority.
-
-### Internal UI API
-
-Clef has one native console-based UI, for operation without any standalone tools. However, there is also an API to communicate with an external UI. To enable that UI, the signer needs to be executed with the `--stdio-ui` option, which allocates `stdin` / `stdout` for the UI API.
-
-An example (insecure) proof-of-concept has been implemented in `pythonsigner.py`.
-
-The model is as follows:
-
-* The user starts the UI app (`pythonsigner.py`).
-* The UI app starts `clef` with `--stdio-ui`, and listens to the
-process output for confirmation-requests.
-* `clef` opens the external HTTP API.
-* When the `signer` receives requests, it sends a JSON-RPC request via `stdout`.
-* The UI app prompts the user accordingly, and responds to `clef`.
-* `clef` signs (or not), and responds to the original request.
-
-## External API
-
-See the [external API changelog](extapi_changelog.md) for information about changes to this API.
-
-### Encoding
- number: positive integers that are hex encoded
- data: hex encoded data
- string: ASCII string
-
-All hex encoded values must be prefixed with `0x`.
-
-### account_new
-
-#### Create new password protected account
-
-The signer will generate a new private key, encrypt it according to [web3 keystore spec](https://ethereum.org/en/developers/docs/data-structures-and-encoding/web3-secret-storage/) and store it in the keystore directory.  
-The client is responsible for creating a backup of the keystore. If the keystore is lost there is no method of retrieving lost accounts.
-
-#### Arguments
-
-None
-
-#### Result
-  - address [string]: account address that is derived from the generated key
-
-#### Sample call
-```json
-{
-  "id": 0,
-  "jsonrpc": "2.0",
-  "method": "account_new",
-  "params": []
-}
-```
-Response
-```json
-{
-  "id": 0,
-  "jsonrpc": "2.0",
-  "result": "0xbea9183f8f4f03d427f6bcea17388bdff1cab133"
-}
-```
-
-### account_list
-
-#### List available accounts
-   List all accounts that this signer currently manages
-
-#### Arguments
-
-None
-
-#### Result
-  - array with account records:
-     - account.address [string]: account address that is derived from the generated key
-
-#### Sample call
-```json
-{
-  "id": 1,
-  "jsonrpc": "2.0",
-  "method": "account_list"
-}
-```
-Response
-```json
-{
-  "id": 1,
-  "jsonrpc": "2.0",
-  "result": [
-    "0xafb2f771f58513609765698f65d3f2f0224a956f",
-    "0xbea9183f8f4f03d427f6bcea17388bdff1cab133"
-  ]
-}
-```
-
-### account_signTransaction
-
-#### Sign transactions
-   Signs a transaction and responds with the signed transaction in RLP-encoded and JSON forms.
-
-#### Arguments
-  1. transaction object:
-     - `from` [address]: account to send the transaction from
-     - `to` [address]: receiver account. If omitted or `0x`, will cause contract creation.
-     - `gas` [number]: maximum amount of gas to burn
-     - `gasPrice` [number]: gas price
-     - `value` [number:optional]: amount of Wei to send with the transaction
-     - `data` [data:optional]:  input data
-     - `nonce` [number]: account nonce
-  2. method signature [string:optional]
-       - The method signature, if present, is to aid decoding the calldata. Should consist of `methodname(paramtype,...)`, e.g. `transfer(uint256,address)`. The signer may use this data to parse the supplied calldata, and show the user. The data, however, is considered totally untrusted, and reliability is not expected.
-
-
-#### Result
-  - raw [data]: signed transaction in RLP encoded form
-  - tx [json]: signed transaction in JSON form
-
-#### Sample call
-```json
-{
-  "id": 2,
-  "jsonrpc": "2.0",
-  "method": "account_signTransaction",
-  "params": [
-    {
-      "from": "0x1923f626bb8dc025849e00f99c25fe2b2f7fb0db",
-      "gas": "0x55555",
-      "gasPrice": "0x1234",
-      "input": "0xabcd",
-      "nonce": "0x0",
-      "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-      "value": "0x1234"
-    }
-  ]
-}
-```
-Response
-
-```json
-{
-  "jsonrpc": "2.0",
-  "id": 2,
-  "result": {
-    "raw": "0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
-    "tx": {
-      "nonce": "0x0",
-      "gasPrice": "0x1234",
-      "gas": "0x55555",
-      "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-      "value": "0x1234",
-      "input": "0xabcd",
-      "v": "0x26",
-      "r": "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e",
-      "s": "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
-      "hash": "0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"
-    }
-  }
-}
-```
-#### Sample call with ABI-data
-
-
-```json
-{
-  "id": 67,
-  "jsonrpc": "2.0",
-  "method": "account_signTransaction",
-  "params": [
-    {
-      "from": "0x694267f14675d7e1b9494fd8d72fefe1755710fa",
-      "gas": "0x333",
-      "gasPrice": "0x1",
-      "nonce": "0x0",
-      "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-      "value": "0x0",
-      "data": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"
-    },
-    "safeSend(address)"
-  ]
-}
-```
-Response
-
-```json
-{
-  "jsonrpc": "2.0",
-  "id": 67,
-  "result": {
-    "raw": "0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
-    "tx": {
-      "nonce": "0x0",
-      "gasPrice": "0x1",
-      "gas": "0x333",
-      "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-      "value": "0x0",
-      "input": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012",
-      "v": "0x26",
-      "r": "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e",
-      "s": "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
-      "hash": "0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"
-    }
-  }
-}
-```
-
-Bash example:
-```bash
-> curl -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_signTransaction","params":[{"from":"0x694267f14675d7e1b9494fd8d72fefe1755710fa","gas":"0x333","gasPrice":"0x1","nonce":"0x0","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0", "value":"0x0", "data":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"},"safeSend(address)"],"id":67}' http://localhost:8550/
-
-{"jsonrpc":"2.0","id":67,"result":{"raw":"0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663","tx":{"nonce":"0x0","gasPrice":"0x1","gas":"0x333","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0","value":"0x0","input":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012","v":"0x26","r":"0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e","s":"0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663","hash":"0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"}}}
-```
-
-### account_signData
-
-#### Sign data
-   Signs a chunk of data and returns the calculated signature.
-
-#### Arguments
-  - content type [string]: type of signed data
-     - `text/validator`: hex data with a custom validator defined in a contract
-     - `application/clique`: [clique](https://github.com/ethereum/EIPs/issues/225) headers
-     - `text/plain`: simple hex data validated by `account_ecRecover`
-  - account [address]: account to sign with
-  - data [object]: data to sign
-
-#### Result
-  - calculated signature [data]
-
-#### Sample call
-```json
-{
-  "id": 3,
-  "jsonrpc": "2.0",
-  "method": "account_signData",
-  "params": [
-    "data/plain",
-    "0x1923f626bb8dc025849e00f99c25fe2b2f7fb0db",
-    "0xaabbccdd"
-  ]
-}
-```
-Response
-
-```json
-{
-  "id": 3,
-  "jsonrpc": "2.0",
-  "result": "0x5b6693f153b48ec1c706ba4169960386dbaa6903e249cc79a8e6ddc434451d417e1e57327872c7f538beeb323c300afa9999a3d4a5de6caf3be0d5ef832b67ef1c"
-}
-```
-
-### account_signTypedData
-
-#### Sign data
-   Signs a chunk of structured data conformant to [EIP-712](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md) and returns the calculated signature.
-
-#### Arguments
-  - account [address]: account to sign with
-  - data [object]: data to sign
-
-#### Result
-  - calculated signature [data]
-
-#### Sample call
-```json
-{
-  "id": 68,
-  "jsonrpc": "2.0",
-  "method": "account_signTypedData",
-  "params": [
-    "0xcd2a3d9f938e13cd947ec05abc7fe734df8dd826",
-    {
-      "types": {
-        "EIP712Domain": [
-          {
-            "name": "name",
-            "type": "string"
-          },
-          {
-            "name": "version",
-            "type": "string"
-          },
-          {
-            "name": "chainId",
-            "type": "uint256"
-          },
-          {
-            "name": "verifyingContract",
-            "type": "address"
-          }
-        ],
-        "Person": [
-          {
-            "name": "name",
-            "type": "string"
-          },
-          {
-            "name": "wallet",
-            "type": "address"
-          }
-        ],
-        "Mail": [
-          {
-            "name": "from",
-            "type": "Person"
-          },
-          {
-            "name": "to",
-            "type": "Person"
-          },
-          {
-            "name": "contents",
-            "type": "string"
-          }
-        ]
-      },
-      "primaryType": "Mail",
-      "domain": {
-        "name": "Ether Mail",
-        "version": "1",
-        "chainId": 1,
-        "verifyingContract": "0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC"
-      },
-      "message": {
-        "from": {
-          "name": "Cow",
-          "wallet": "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826"
-        },
-        "to": {
-          "name": "Bob",
-          "wallet": "0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB"
-        },
-        "contents": "Hello, Bob!"
-      }
-    }
-  ]
-}
-```
-Response
-
-```json
-{
-    "id": 1,
-    "jsonrpc": "2.0",
-    "result": "0x4355c47d63924e8a72e509b65029052eb6c299d53a04e167c5775fd466751c9d07299936d304c153f6443dfa05f40ff007d72911b6f72307f996231605b915621c"
-}
-```
-
-### account_ecRecover
-
-#### Recover the signing address
-
-Derive the address from the account that was used to sign data with content type `text/plain` and the signature.
-
-#### Arguments
-  - data [data]: data that was signed
-  - signature [data]: the signature to verify
-
-#### Result
-  - derived account [address]
-
-#### Sample call
-```json
-{
-  "id": 4,
-  "jsonrpc": "2.0",
-  "method": "account_ecRecover",
-  "params": [
-    "0xaabbccdd",
-    "0x5b6693f153b48ec1c706ba4169960386dbaa6903e249cc79a8e6ddc434451d417e1e57327872c7f538beeb323c300afa9999a3d4a5de6caf3be0d5ef832b67ef1c"
-  ]
-}
-```
-Response
-
-```json
-{
-  "id": 4,
-  "jsonrpc": "2.0",
-  "result": "0x1923f626bb8dc025849e00f99c25fe2b2f7fb0db"
-}
-```
-
-### account_version
-
-#### Get external API version
-
-Get the version of the external API used by Clef.
-
-#### Arguments
-
-None
-
-#### Result
-
-* external API version [string]
-
-#### Sample call
-```json
-{
-  "id": 0,
-  "jsonrpc": "2.0",
-  "method": "account_version",
-  "params": []
-}
-```
-
-Response
-```json
-{
-    "id": 0,
-    "jsonrpc": "2.0",
-    "result": "6.0.0"
-}
-```
-
-## UI API
-
-These methods needs to be implemented by a UI listener.
-
-By starting the signer with the switch `--stdio-ui-test`, the signer will invoke all known methods, and expect the UI to respond with
-denials. This can be used during development to ensure that the API is (at least somewhat) correctly implemented.
-See `pythonsigner`, which can be invoked via `python3 pythonsigner.py test` to perform the 'denial-handshake-test'.
-
-All methods in this API use object-based parameters, so that there can be no mixup of parameters: each piece of data is accessed by key.
-
-See the [ui API changelog](intapi_changelog.md) for information about changes to this API.
-
-OBS! A slight deviation from `json` standard is in place: every request and response should be confined to a single line.
-Whereas the `json` specification allows for linebreaks, linebreaks __should not__ be used in this communication channel, to make
-things simpler for both parties.
-
-### ApproveTx / `ui_approveTx`
-
-Invoked when there's a transaction for approval.
-
-
-#### Sample call
-
-Here's a method invocation:
-```bash
-
-curl -i -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_signTransaction","params":[{"from":"0x694267f14675d7e1b9494fd8d72fefe1755710fa","gas":"0x333","gasPrice":"0x1","nonce":"0x0","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0", "value":"0x0", "data":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"},"safeSend(address)"],"id":67}' http://localhost:8550/
-```
-Results in the following invocation on the UI:
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 1,
-  "method": "ui_approveTx",
-  "params": [
-    {
-      "transaction": {
-        "from": "0x0x694267f14675d7e1b9494fd8d72fefe1755710fa",
-        "to": "0x0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-        "gas": "0x333",
-        "gasPrice": "0x1",
-        "value": "0x0",
-        "nonce": "0x0",
-        "data": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012",
-        "input": null
-      },
-      "call_info": [
-          {
-            "type": "WARNING",
-            "message": "Invalid checksum on to-address"
-          },
-          {
-            "type": "Info",
-            "message": "safeSend(address: 0x0000000000000000000000000000000000000012)"
-          }
-        ],
-      "meta": {
-        "remote": "127.0.0.1:48486",
-        "local": "localhost:8550",
-        "scheme": "HTTP/1.1"
-      }
-    }
-  ]
-}
-
-```
-
-The same method invocation, but with invalid data:
-```bash
-
-curl -i -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_signTransaction","params":[{"from":"0x694267f14675d7e1b9494fd8d72fefe1755710fa","gas":"0x333","gasPrice":"0x1","nonce":"0x0","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0", "value":"0x0", "data":"0x4401a6e40000000000000002000000000000000000000000000000000000000000000012"},"safeSend(address)"],"id":67}' http://localhost:8550/
-```
-
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 1,
-  "method": "ui_approveTx",
-  "params": [
-    {
-      "transaction": {
-        "from": "0x0x694267f14675d7e1b9494fd8d72fefe1755710fa",
-        "to": "0x0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-        "gas": "0x333",
-        "gasPrice": "0x1",
-        "value": "0x0",
-        "nonce": "0x0",
-        "data": "0x4401a6e40000000000000002000000000000000000000000000000000000000000000012",
-        "input": null
-      },
-      "call_info": [
-          {
-            "type": "WARNING",
-            "message": "Invalid checksum on to-address"
-          },
-          {
-            "type": "WARNING",
-            "message": "Transaction data did not match ABI-interface: WARNING: Supplied data is stuffed with extra data. \nWant 0000000000000002000000000000000000000000000000000000000000000012\nHave 0000000000000000000000000000000000000000000000000000000000000012\nfor method safeSend(address)"
-          }
-        ],
-      "meta": {
-        "remote": "127.0.0.1:48492",
-        "local": "localhost:8550",
-        "scheme": "HTTP/1.1"
-      }
-    }
-  ]
-}
-
-
-```
-
-One which has missing `to`, but with no `data`:
-
-
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 3,
-  "method": "ui_approveTx",
-  "params": [
-    {
-      "transaction": {
-        "from": "",
-        "to": null,
-        "gas": "0x0",
-        "gasPrice": "0x0",
-        "value": "0x0",
-        "nonce": "0x0",
-        "data": null,
-        "input": null
-      },
-      "call_info": [
-          {
-            "type": "CRITICAL",
-            "message": "Tx will create contract with empty code!"
-          }
-        ],
-      "meta": {
-        "remote": "signer binary",
-        "local": "main",
-        "scheme": "in-proc"
-      }
-    }
-  ]
-}
-```
-
-### ApproveListing / `ui_approveListing`
-
-Invoked when a request for account listing has been made.
-
-#### Sample call
-
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 5,
-  "method": "ui_approveListing",
-  "params": [
-    {
-      "accounts": [
-        {
-          "url": "keystore:///home/bazonk/.ethereum/keystore/UTC--2017-11-20T14-44-54.089682944Z--123409812340981234098123409812deadbeef42",
-          "address": "0x123409812340981234098123409812deadbeef42"
-        },
-        {
-          "url": "keystore:///home/bazonk/.ethereum/keystore/UTC--2017-11-23T21-59-03.199240693Z--cafebabedeadbeef34098123409812deadbeef42",
-          "address": "0xcafebabedeadbeef34098123409812deadbeef42"
-        }
-      ],
-      "meta": {
-        "remote": "signer binary",
-        "local": "main",
-        "scheme": "in-proc"
-      }
-    }
-  ]
-}
-
-```
-
-
-### ApproveSignData / `ui_approveSignData`
-
-#### Sample call
-
-```json
-{
-  "jsonrpc": "2.0",
-  "id": 4,
-  "method": "ui_approveSignData",
-  "params": [
-    {
-      "address": "0x123409812340981234098123409812deadbeef42",
-      "raw_data": "0x01020304",
-      "messages": [
-        {
-          "name": "message",
-          "value": "\u0019Ethereum Signed Message:\n4\u0001\u0002\u0003\u0004",
-          "type": "text/plain"
-        }
-      ],
-      "hash": "0x7e3a4e7a9d1744bc5c675c25e1234ca8ed9162bd17f78b9085e48047c15ac310",
-      "meta": {
-        "remote": "signer binary",
-        "local": "main",
-        "scheme": "in-proc"
-      }
-    }
-  ]
-}
-```
-
-### ApproveNewAccount / `ui_approveNewAccount`
-
-Invoked when a request for creating a new account has been made.
-
-#### Sample call
-
-```json
-{
-  "jsonrpc": "2.0",
-  "id": 4,
-  "method": "ui_approveNewAccount",
-  "params": [
-    {
-      "meta": {
-        "remote": "signer binary",
-        "local": "main",
-        "scheme": "in-proc"
-      }
-    }
-  ]
-}
-```
-
-### ShowInfo / `ui_showInfo`
-
-The UI should show the info (a single message) to the user. Does not expect response.
-
-#### Sample call
-
-```json
-{
-  "jsonrpc": "2.0",
-  "id": 9,
-  "method": "ui_showInfo",
-  "params": [
-    "Tests completed"
-  ]
-}
-
-```
-
-### ShowError / `ui_showError`
-
-The UI should show the error (a single message) to the user. Does not expect response.
-
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 2,
-  "method": "ui_showError",
-  "params": [
-    "Something bad happened!"
-  ]
-}
-
-```
-
-### OnApprovedTx / `ui_onApprovedTx`
-
-`OnApprovedTx` is called when a transaction has been approved and signed. The call contains the return value that will be sent to the external caller.  The return value from this method is ignored - the reason for having this callback is to allow the ruleset to keep track of approved transactions.
-
-When implementing rate-limited rules, this callback should be used.
-
-TLDR; Use this method to keep track of signed transactions, instead of using the data in `ApproveTx`.
-
-Example call:
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 1,
-  "method": "ui_onApprovedTx",
-  "params": [
-    {
-      "raw": "0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
-      "tx": {
-        "nonce": "0x0",
-        "gasPrice": "0x1",
-        "gas": "0x333",
-        "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-        "value": "0x0",
-        "input": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012",
-        "v": "0x26",
-        "r": "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e",
-        "s": "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
-        "hash": "0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"
-      }
-    }
-  ]
-}
-```
-
-### OnSignerStartup / `ui_onSignerStartup`
-
-This method provides the UI with information about what API version the signer uses (both internal and external) as well as build-info and external API,
-in k/v-form.
-
-Example call:
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 1,
-  "method": "ui_onSignerStartup",
-  "params": [
-    {
-      "info": {
-        "extapi_http": "http://localhost:8550",
-        "extapi_ipc": null,
-        "extapi_version": "2.0.0",
-        "intapi_version": "1.2.0"
-      }
-    }
-  ]
-}
-
-```
-
-### OnInputRequired / `ui_onInputRequired`
-
-Invoked when Clef requires user input (e.g. a password).
-
-Example call:
-```json
-
-{
-  "jsonrpc": "2.0",
-  "id": 1,
-  "method": "ui_onInputRequired",
-  "params": [
-    {
-      "title": "Account password",
-      "prompt": "Please enter the password for account 0x694267f14675d7e1b9494fd8d72fefe1755710fa",
-      "isPassword": true
-    }
-  ]
-}
-```
-
-
-### Rules for UI apis
-
-A UI should conform to the following rules.
-
-* A UI MUST NOT load any external resources that were not embedded/part of the UI package.
-  * For example, not load icons, stylesheets from the internet
-  * Not load files from the filesystem, unless they reside in the same local directory (e.g. config files)
-* A Graphical UI MUST show the blocky-identicon for ethereum addresses.
-* A UI MUST warn display appropriate warning if the destination-account is formatted with invalid checksum.
-* A UI MUST NOT open any ports or services
-  * The signer opens the public port
-* A UI SHOULD verify the permissions on the signer binary, and refuse to execute or warn if permissions allow non-user write.
-* A UI SHOULD inform the user about the `SHA256` or `MD5` hash of the binary being executed
-* A UI SHOULD NOT maintain a secondary storage of data, e.g. list of accounts
-  * The signer provides accounts
-* A UI SHOULD, to the best extent possible, use static linking / bundling, so that required libraries are bundled
-along with the UI.
-
-
-### UI Implementations
-
-There are a couple of implementation for a UI. We'll try to keep this list up to date.
-
-| Name | Repo | UI type| No external resources| Blocky support| Verifies permissions | Hash information | No secondary storage | Statically linked| Can modify parameters|
-| ---- | ---- | -------| ---- | ---- | ---- |---- | ---- | ---- | ---- |
-| QtSigner| https://github.com/holiman/qtsigner/ | Python3/QT-based| :+1:| :+1:| :+1:| :+1:| :+1:| :x: |  :+1: (partially)|
-| GtkSigner| https://github.com/holiman/gtksigner | Python3/GTK-based| :+1:| :x:| :x:| :+1:| :+1:| :x: |  :x: |
-| Frame | https://github.com/floating/frame/commits/go-signer | Electron-based| :x:| :x:| :x:| :x:| ?| :x: |  :x: |
-| Clef UI| https://github.com/ethereum/clef-ui | Golang/QT-based| :+1:| :+1:| :x:| :+1:| :+1:| :x: |  :+1: (approve tx only)|
--- a/cmd/clef/consolecmd_test.go
+++ b/cmd/clef/consolecmd_test.go
@ -1,121 +0,0 @@
-// Copyright 2022 The go-ethereum Authors
-// This file is part of go-ethereum.
-//
-// go-ethereum is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// go-ethereum is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-)
-
-// TestImportRaw tests clef --importraw
-func TestImportRaw(t *testing.T) {
-	t.Parallel()
-	keyPath := filepath.Join(t.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
-	os.WriteFile(keyPath, []byte("0102030405060708090a0102030405060708090a0102030405060708090a0102"), 0777)
-
-	t.Run("happy-path", func(t *testing.T) {
-		t.Parallel()
-		// Run clef importraw
-		clef := runClef(t, "--suppress-bootwarn", "--lightkdf", "importraw", keyPath)
-		clef.input("myverylongpassword").input("myverylongpassword")
-		if out := string(clef.Output()); !strings.Contains(out,
-			"Key imported:\n  Address 0x9160DC9105f7De5dC5E7f3d97ef11DA47269BdA6") {
-			t.Logf("Output\n%v", out)
-			t.Error("Failure")
-		}
-	})
-	// tests clef --importraw with mismatched passwords.
-	t.Run("pw-mismatch", func(t *testing.T) {
-		t.Parallel()
-		// Run clef importraw
-		clef := runClef(t, "--suppress-bootwarn", "--lightkdf", "importraw", keyPath)
-		clef.input("myverylongpassword1").input("myverylongpassword2").WaitExit()
-		if have, want := clef.StderrText(), "Passwords do not match\n"; have != want {
-			t.Errorf("have %q, want %q", have, want)
-		}
-	})
-	// tests clef --importraw with a too short password.
-	t.Run("short-pw", func(t *testing.T) {
-		t.Parallel()
-		// Run clef importraw
-		clef := runClef(t, "--suppress-bootwarn", "--lightkdf", "importraw", keyPath)
-		clef.input("shorty").input("shorty").WaitExit()
-		if have, want := clef.StderrText(),
-			"password requirements not met: password too short (<10 characters)\n"; have != want {
-			t.Errorf("have %q, want %q", have, want)
-		}
-	})
-}
-
-// TestListAccounts tests clef --list-accounts
-func TestListAccounts(t *testing.T) {
-	t.Parallel()
-	keyPath := filepath.Join(t.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
-	os.WriteFile(keyPath, []byte("0102030405060708090a0102030405060708090a0102030405060708090a0102"), 0777)
-
-	t.Run("no-accounts", func(t *testing.T) {
-		t.Parallel()
-		clef := runClef(t, "--suppress-bootwarn", "--lightkdf", "list-accounts")
-		if out := string(clef.Output()); !strings.Contains(out, "The keystore is empty.") {
-			t.Logf("Output\n%v", out)
-			t.Error("Failure")
-		}
-	})
-	t.Run("one-account", func(t *testing.T) {
-		t.Parallel()
-		// First, we need to import
-		clef := runClef(t, "--suppress-bootwarn", "--lightkdf", "importraw", keyPath)
-		clef.input("myverylongpassword").input("myverylongpassword").WaitExit()
-		// Secondly, do a listing, using the same datadir
-		clef = runWithKeystore(t, clef.Datadir, "--suppress-bootwarn", "--lightkdf", "list-accounts")
-		if out := string(clef.Output()); !strings.Contains(out, "0x9160DC9105f7De5dC5E7f3d97ef11DA47269BdA6 (keystore:") {
-			t.Logf("Output\n%v", out)
-			t.Error("Failure")
-		}
-	})
-}
-
-// TestListWallets tests clef --list-wallets
-func TestListWallets(t *testing.T) {
-	t.Parallel()
-	keyPath := filepath.Join(t.TempDir(), fmt.Sprintf("%v-tempkey.test", t.Name()))
-	os.WriteFile(keyPath, []byte("0102030405060708090a0102030405060708090a0102030405060708090a0102"), 0777)
-
-	t.Run("no-accounts", func(t *testing.T) {
-		t.Parallel()
-		clef := runClef(t, "--suppress-bootwarn", "--lightkdf", "list-wallets")
-		if out := string(clef.Output()); !strings.Contains(out, "There are no wallets.") {
-			t.Logf("Output\n%v", out)
-			t.Error("Failure")
-		}
-	})
-	t.Run("one-account", func(t *testing.T) {
-		t.Parallel()
-		// First, we need to import
-		clef := runClef(t, "--suppress-bootwarn", "--lightkdf", "importraw", keyPath)
-		clef.input("myverylongpassword").input("myverylongpassword").WaitExit()
-		// Secondly, do a listing, using the same datadir
-		clef = runWithKeystore(t, clef.Datadir, "--suppress-bootwarn", "--lightkdf", "list-wallets")
-		if out := string(clef.Output()); !strings.Contains(out, "Account 0: 0x9160DC9105f7De5dC5E7f3d97ef11DA47269BdA6") {
-			t.Logf("Output\n%v", out)
-			t.Error("Failure")
-		}
-	})
-}
--- a/cmd/clef/datatypes.md
+++ b/cmd/clef/datatypes.md
@ -1,224 +0,0 @@
-## UI Client interface
-
-These data types are defined in the channel between clef and the UI
-### SignDataRequest
-
-SignDataRequest contains information about a pending request to sign some data. The data to be signed can be of various types, defined by content-type. Clef has done most of the work in canonicalizing and making sense of the data, and it's up to the UI to present the user with the contents of the `message`
-
-Example:
-```json
-{
-  "content_type": "text/plain",
-  "address": "0xDEADbEeF000000000000000000000000DeaDbeEf",
-  "raw_data": "GUV0aGVyZXVtIFNpZ25lZCBNZXNzYWdlOgoxMWhlbGxvIHdvcmxk",
-  "messages": [
-    {
-      "name": "message",
-      "value": "\u0019Ethereum Signed Message:\n11hello world",
-      "type": "text/plain"
-    }
-  ],
-  "hash": "0xd9eba16ed0ecae432b71fe008c98cc872bb4cc214d3220a36f365326cf807d68",
-  "meta": {
-    "remote": "localhost:9999",
-    "local": "localhost:8545",
-    "scheme": "http",
-    "User-Agent": "Firefox 3.2",
-    "Origin": "www.malicious.ru"
-  }
-}
-```
-### SignDataResponse - approve
-
-Response to SignDataRequest
-
-Example:
-```json
-{
-  "approved": true
-}
-```
-### SignDataResponse - deny
-
-Response to SignDataRequest
-
-Example:
-```json
-{
-  "approved": false
-}
-```
-### SignTxRequest
-
-SignTxRequest contains information about a pending request to sign a transaction. Aside from the transaction itself, there is also a `call_info`-struct. That struct contains messages of various types, that the user should be informed of.
-
-As in any request, it's important to consider that the `meta` info also contains untrusted data.
-
-The `transaction` (on input into clef) can have either `data` or `input` -- if both are set, they must be identical, otherwise an error is generated. However, Clef will always use `data` when passing this struct on (if Clef does otherwise, please file a ticket)
-
-Example:
-```json
-{
-  "transaction": {
-    "from": "0xDEADbEeF000000000000000000000000DeaDbeEf",
-    "to": null,
-    "gas": "0x3e8",
-    "gasPrice": "0x5",
-    "value": "0x6",
-    "nonce": "0x1",
-    "data": "0x01020304"
-  },
-  "call_info": [
-    {
-      "type": "Warning",
-      "message": "Something looks odd, show this message as a warning"
-    },
-    {
-      "type": "Info",
-      "message": "User should see this as well"
-    }
-  ],
-  "meta": {
-    "remote": "localhost:9999",
-    "local": "localhost:8545",
-    "scheme": "http",
-    "User-Agent": "Firefox 3.2",
-    "Origin": "www.malicious.ru"
-  }
-}
-```
-### SignTxResponse - approve
-
-Response to request to sign a transaction. This response needs to contain the `transaction`, because the UI is free to make modifications to the transaction.
-
-Example:
-```json
-{
-  "transaction": {
-    "from": "0xDEADbEeF000000000000000000000000DeaDbeEf",
-    "to": null,
-    "gas": "0x3e8",
-    "gasPrice": "0x5",
-    "value": "0x6",
-    "nonce": "0x4",
-    "data": "0x04030201"
-  },
-  "approved": true
-}
-```
-### SignTxResponse - deny
-
-Response to SignTxRequest. When denying a request, there's no need to provide the transaction in return
-
-Example:
-```json
-{
-  "transaction": {
-    "from": "0x",
-    "to": null,
-    "gas": "0x0",
-    "gasPrice": "0x0",
-    "value": "0x0",
-    "nonce": "0x0",
-    "data": null
-  },
-  "approved": false
-}
-```
-### OnApproved - SignTransactionResult
-
-SignTransactionResult is used in the call `clef` -> `OnApprovedTx(result)`
-
-This occurs _after_ successful completion of the entire signing procedure, but right before the signed transaction is passed to the external caller. This method (and data) can be used by the UI to signal to the user that the transaction was signed, but it is primarily useful for ruleset implementations.
-
-A ruleset that implements a rate limitation needs to know what transactions are sent out to the external interface. By hooking into this methods, the ruleset can maintain track of that count.
-
-**OBS:** Note that if an attacker can restore your `clef` data to a previous point in time (e.g through a backup), the attacker can reset such windows, even if he/she is unable to decrypt the content.
-
-The `OnApproved` method cannot be responded to, it's purely informative
-
-Example:
-```json
-{
-  "raw": "0xf85d640101948a8eafb1cf62bfbeb1741769dae1a9dd47996192018026a0716bd90515acb1e68e5ac5867aa11a1e65399c3349d479f5fb698554ebc6f293a04e8a4ebfff434e971e0ef12c5bf3a881b06fd04fc3f8b8a7291fb67a26a1d4ed",
-  "tx": {
-    "nonce": "0x64",
-    "gasPrice": "0x1",
-    "gas": "0x1",
-    "to": "0x8a8eafb1cf62bfbeb1741769dae1a9dd47996192",
-    "value": "0x1",
-    "input": "0x",
-    "v": "0x26",
-    "r": "0x716bd90515acb1e68e5ac5867aa11a1e65399c3349d479f5fb698554ebc6f293",
-    "s": "0x4e8a4ebfff434e971e0ef12c5bf3a881b06fd04fc3f8b8a7291fb67a26a1d4ed",
-    "hash": "0x662f6d772692dd692f1b5e8baa77a9ff95bbd909362df3fc3d301aafebde5441"
-  }
-}
-```
-### UserInputRequest
-
-Sent when clef needs the user to provide data. If 'password' is true, the input field should be treated accordingly (echo-free)
-
-Example:
-```json
-{
-  "prompt": "The question to ask the user",
-  "title": "The title here",
-  "isPassword": true
-}
-```
-### UserInputResponse
-
-Response to UserInputRequest
-
-Example:
-```json
-{
-  "text": "The textual response from user"
-}
-```
-### ListRequest
-
-Sent when a request has been made to list addresses. The UI is provided with the full `account`s, including local directory names. Note: this information is not passed back to the external caller, who only sees the `address`es.
-
-Example:
-```json
-{
-  "accounts": [
-    {
-      "address": "0xdeadbeef000000000000000000000000deadbeef",
-      "url": "keystore:///path/to/keyfile/a"
-    },
-    {
-      "address": "0x1111111122222222222233333333334444444444",
-      "url": "keystore:///path/to/keyfile/b"
-    }
-  ],
-  "meta": {
-    "remote": "localhost:9999",
-    "local": "localhost:8545",
-    "scheme": "http",
-    "User-Agent": "Firefox 3.2",
-    "Origin": "www.malicious.ru"
-  }
-}
-```
-### ListResponse
-
-Response to list request. The response contains a list of all addresses to show to the caller. Note: the UI is free to respond with any address the caller, regardless of whether it exists or not
-
-Example:
-```json
-{
-  "accounts": [
-    {
-      "address": "0x0000000000000000000000000000000000000000",
-      "url": ".. ignored .."
-    },
-    {
-      "address": "0xffffffffffffffffffffffffffffffffffffffff",
-      "url": ""
-    }
-  ]
-}
-```
--- a/cmd/clef/docs/clef_architecture_pt1.png
+++ b/cmd/clef/docs/clef_architecture_pt1.png
--- a/cmd/clef/docs/clef_architecture_pt2.png
+++ b/cmd/clef/docs/clef_architecture_pt2.png
--- a/cmd/clef/docs/clef_architecture_pt3.png
+++ b/cmd/clef/docs/clef_architecture_pt3.png
--- a/cmd/clef/docs/clef_architecture_pt4.png
+++ b/cmd/clef/docs/clef_architecture_pt4.png
--- a/cmd/clef/docs/qubes/clef_qubes_http.png
+++ b/cmd/clef/docs/qubes/clef_qubes_http.png
--- a/cmd/clef/docs/qubes/clef_qubes_qrexec.png
+++ b/cmd/clef/docs/qubes/clef_qubes_qrexec.png
--- a/cmd/clef/docs/qubes/qrexec-example.png
+++ b/cmd/clef/docs/qubes/qrexec-example.png
--- a/cmd/clef/docs/qubes/qubes-client.py
+++ b/cmd/clef/docs/qubes/qubes-client.py
@ -1,23 +0,0 @@
-"""
-This implements a dispatcher which listens to localhost:8550, and proxies
-requests via qrexec to the service qubes.EthSign on a target domain
-"""
-
-import http.server
-import socketserver,subprocess
-
-PORT=8550
-TARGET_DOMAIN= 'debian-work'
-
-class Dispatcher(http.server.BaseHTTPRequestHandler):
-    def do_POST(self):
-        post_data = self.rfile.read(int(self.headers['Content-Length']))
-        p = subprocess.Popen(['/usr/bin/qrexec-client-vm',TARGET_DOMAIN,'qubes.Clefsign'],stdin=subprocess.PIPE, stdout=subprocess.PIPE)
-        output = p.communicate(post_data)[0]
-        self.wfile.write(output)
-
-
-with socketserver.TCPServer(("",PORT), Dispatcher) as httpd:
-    print("Serving at port", PORT)
-    httpd.serve_forever()
-
--- a/cmd/clef/docs/qubes/qubes.Clefsign
+++ b/cmd/clef/docs/qubes/qubes.Clefsign
@ -1,16 +0,0 @@
-#!/bin/bash
-
-SIGNER_BIN="/home/user/tools/clef/clef"
-SIGNER_CMD="/home/user/tools/gtksigner/gtkui.py -s $SIGNER_BIN"
-
-# Start clef if not already started
-if [ ! -S /home/user/.clef/clef.ipc ]; then
-	$SIGNER_CMD &
-	sleep 1
-fi
-
-# Should be started by now
-if [ -S /home/user/.clef/clef.ipc ]; then
-    # Post incoming request to HTTP channel
-	curl -H "Content-Type: application/json" -X POST -d @- http://localhost:8550 2>/dev/null
-fi
--- a/cmd/clef/docs/qubes/qubes_newaccount-1.png
+++ b/cmd/clef/docs/qubes/qubes_newaccount-1.png
--- a/cmd/clef/docs/qubes/qubes_newaccount-2.png
+++ b/cmd/clef/docs/qubes/qubes_newaccount-2.png
--- a/cmd/clef/docs/setup.md
+++ b/cmd/clef/docs/setup.md
@ -1,198 +0,0 @@
-# Setting up Clef
-
-This document describes how Clef can be used in a more secure manner than executing it from your everyday laptop, 
-in order to ensure that the keys remain safe in the event that your computer should get compromised. 
-
-## Qubes OS
-
-
-### Background 
-
-The Qubes operating system is based around virtual machines (qubes), where a set of virtual machines are configured, typically for 
-different purposes such as:
-
- personal
-   - Your personal email, browsing etc
- work
-  - Work email etc
- vault
-  - a VM without network access, where gpg-keys and/or keepass credentials are stored. 
-
-A couple of dedicated virtual machines handle externalities:
-
- sys-net provides networking to all other (network-enabled) machines
- sys-firewall handles firewall rules
- sys-usb handles USB devices, and can map usb-devices to certain qubes.
-
-The goal of this document is to describe how we can set up clef to provide secure transaction
-signing from a `vault` vm, to another networked qube which runs Dapps.
-
-### Setup
-
-There are two ways that this can be achieved: integrated via Qubes or integrated via networking. 
-
-
-#### 1. Qubes Integrated
-
-Qubes provides a facility for inter-qubes communication via `qrexec`. A qube can request to make a cross-qube RPC request 
-to another qube. The OS then asks the user if the call is permitted. 
-
-![Example](qubes/qrexec-example.png)
-
-A policy-file can be created to allow such interaction. On the `target` domain, a service is invoked which can read the
-`stdin` from the `client` qube. 
-
-This is how [Split GPG](https://www.qubes-os.org/doc/split-gpg/) is implemented. We can set up Clef the same way:
-
-##### Server
-
-![Clef via qrexec](qubes/clef_qubes_qrexec.png)
-
-On the `target` qubes, we need to define the RPC service.
-
-[qubes.Clefsign](qubes/qubes.Clefsign):
-
-```bash
-#!/bin/bash
-
-SIGNER_BIN="/home/user/tools/clef/clef"
-SIGNER_CMD="/home/user/tools/gtksigner/gtkui.py -s $SIGNER_BIN"
-
-# Start clef if not already started
-if [ ! -S /home/user/.clef/clef.ipc ]; then
-	$SIGNER_CMD &
-	sleep 1
-fi
-
-# Should be started by now
-if [ -S /home/user/.clef/clef.ipc ]; then
-    # Post incoming request to HTTP channel
-	curl -H "Content-Type: application/json" -X POST -d @- http://localhost:8550 2>/dev/null
-fi
-
-```
-This RPC service is not complete (see notes about HTTP headers below), but works as a proof-of-concept. 
-It will forward the data received on `stdin` (forwarded by the OS) to Clef's HTTP channel.  
-
-It would have been possible to send data directly to the `/home/user/.clef/.clef.ipc` 
-socket via e.g `nc -U /home/user/.clef/clef.ipc`, but the reason for sending the request 
-data over `HTTP` instead of `IPC` is that we want the ability to forward `HTTP` headers.
-
-To enable the service:
-
-``` bash
-sudo cp qubes.Clefsign /etc/qubes-rpc/
-sudo chmod +x /etc/qubes-rpc/ qubes.Clefsign
-```
-
-This setup uses [gtksigner](https://github.com/holiman/gtksigner), which is a very minimal GTK-based UI that works well 
-with minimal requirements. 
-
-##### Client
-
-
-On the `client` qube, we need to create a listener which will receive the request from the Dapp, and proxy it. 
-
-
-[qubes-client.py](qubes/qubes-client.py):
-
-```python
-
-"""
-This implements a dispatcher which listens to localhost:8550, and proxies
-requests via qrexec to the service qubes.EthSign on a target domain
-"""
-
-import http.server
-import socketserver,subprocess
-
-PORT=8550
-TARGET_DOMAIN= 'debian-work'
-
-class Dispatcher(http.server.BaseHTTPRequestHandler):
-    def do_POST(self):
-        post_data = self.rfile.read(int(self.headers['Content-Length']))
-        p = subprocess.Popen(['/usr/bin/qrexec-client-vm',TARGET_DOMAIN,'qubes.Clefsign'],stdin=subprocess.PIPE, stdout=subprocess.PIPE)
-        output = p.communicate(post_data)[0]
-        self.wfile.write(output)
-
-
-with socketserver.TCPServer(("",PORT), Dispatcher) as httpd:
-    print("Serving at port", PORT)
-    httpd.serve_forever()
-
-
-```
-
-#### Testing
-
-To test the flow, if we have set up `debian-work` as the `target`, we can do
- 
-```bash
-$ cat newaccnt.json 
-{ "id": 0, "jsonrpc": "2.0","method": "account_new","params": []}
-
-$ cat newaccnt.json| qrexec-client-vm debian-work qubes.Clefsign
-```
-
-A dialog should pop up first to allow the IPC call:
-
-![one](qubes/qubes_newaccount-1.png)
-
-Followed by a GTK-dialog to approve the operation:
-
-![two](qubes/qubes_newaccount-2.png)
-
-To test the full flow, we use the client wrapper. Start it on the `client` qube:
-```
-[user@work qubes]$ python3 qubes-client.py 
-```
-
-Make the request over http (`client` qube):
-```
-[user@work clef]$ cat newaccnt.json | curl -X POST -d @- http://localhost:8550
-```
-And it should show the same popups again. 
-
-##### Pros and cons
-
-The benefits of this setup are:
-
- This is the qubes-os intended model for inter-qube communication,
- and thus benefits from qubes-os dialogs and policies for user approval
-
-However, it comes with a couple of drawbacks:
-
- The `qubes-gpg-client` must forward the http request via RPC to the `target` qube. When doing so, the proxy
-  will either drop important headers, or replace them. 
-  - The `Host` header is most likely `localhost` 
-  - The `Origin` header must be forwarded
-  - Information about the remote ip must be added as a `X-Forwarded-For`. However, Clef cannot always trust an `XFF` header, 
-  since malicious clients may lie about `XFF` in order to fool the http server into believing it comes from another address.
- Even with a policy in place to allow RPC calls between `caller` and `target`, there will be several popups:
-  - One qubes-specific where the user specifies the `target` vm
-  - One clef-specific to approve the transaction
-  
-
-#### 2. Network integrated
-
-The second way to set up Clef on a qubes system is to allow networking, and have Clef listen to a port which is accessible
-from other qubes. 
-
-![Clef via http](qubes/clef_qubes_http.png)
-
-
-
-
-## USBArmory
-
-The [USB armory](https://inversepath.com/usbarmory) is an open source hardware design with an 800 MHz ARM processor. It is a pocket-size
-computer. When inserted into a laptop, it identifies itself as a USB network interface, basically adding another network
-to your computer. Over this new network interface, you can SSH into the device. 
-
-Running Clef off a USB armory means that you can use the armory as a very versatile offline computer, which only
-ever connects to a local network between your computer and the device itself.
-
-Needless to say, while this model should be fairly secure against remote attacks, an attacker with physical access
-to the USB Armory would trivially be able to extract the contents of the device filesystem. 
-
--- a/cmd/clef/extapi_changelog.md
+++ b/cmd/clef/extapi_changelog.md
@ -1,104 +0,0 @@
-## Changelog for external API
-
-The API uses [semantic versioning](https://semver.org/).
-
-TL;DR: Given a version number MAJOR.MINOR.PATCH, increment the:
-
-* MAJOR version when you make incompatible API changes,
-* MINOR version when you add functionality in a backwards-compatible manner, and
-* PATCH version when you make backwards-compatible bug fixes.
-
-Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
-
-### 6.1.0
-
-The API-method `account_signGnosisSafeTx` was added. This method takes two parameters, 
-`[address, safeTx]`. The latter, `safeTx`, can be copy-pasted from the gnosis relay. For example: 
-
-```
-{
-  "jsonrpc": "2.0",
-  "method": "account_signGnosisSafeTx",
-  "params": ["0xfd1c4226bfD1c436672092F4eCbfC270145b7256",
-    {
-      "safe": "0x25a6c4BBd32B2424A9c99aEB0584Ad12045382B3",
-      "to": "0xB372a646f7F05Cc1785018dBDA7EBc734a2A20E2",
-      "value": "20000000000000000",
-      "data": null,
-      "operation": 0,
-      "gasToken": "0x0000000000000000000000000000000000000000",
-      "safeTxGas": 27845,
-      "baseGas": 0,
-      "gasPrice": "0",
-      "refundReceiver": "0x0000000000000000000000000000000000000000",
-      "nonce": 2,
-      "executionDate": null,
-      "submissionDate": "2020-09-15T21:54:49.617634Z",
-      "modified": "2020-09-15T21:54:49.617634Z",
-      "blockNumber": null,
-      "transactionHash": null,
-      "safeTxHash": "0x2edfbd5bc113ff18c0631595db32eb17182872d88d9bf8ee4d8c2dd5db6d95e2",
-      "executor": null,
-      "isExecuted": false,
-      "isSuccessful": null,
-      "ethGasPrice": null,
-      "gasUsed": null,
-      "fee": null,
-      "origin": null,
-      "dataDecoded": null,
-      "confirmationsRequired": null,
-      "confirmations": [
-        {
-          "owner": "0xAd2e180019FCa9e55CADe76E4487F126Fd08DA34",
-          "submissionDate": "2020-09-15T21:54:49.663299Z",
-          "transactionHash": null,
-          "confirmationType": "CONFIRMATION",
-          "signature": "0x95a7250bb645f831c86defc847350e7faff815b2fb586282568e96cc859e39315876db20a2eed5f7a0412906ec5ab57652a6f645ad4833f345bda059b9da2b821c",
-          "signatureType": "EOA"
-        }
-      ],
-      "signatures": null
-    }
-  ],
-  "id": 67
-}
-```
-
-Not all fields are required, though. This method is really just a UX helper, which massages the 
-input to conform to the `EIP-712` [specification](https://docs.safe.global/core-api/transaction-service-reference/gnosis) 
-for the Gnosis Safe, and making the output be directly importable to by a relay service. 
-
-
-### 6.0.0
-
-* `New` was changed to deliver only an address, not the full `Account` data
-* `Export` was moved from External API to the UI Server API
-
-#### 5.0.0
-
-* The external `account_EcRecover`-method was reimplemented.
-* The external method `account_sign(address, data)` was replaced with `account_signData(contentType, address, data)`.
-The addition of `contentType` makes it possible to use the method for different types of objects, such as:
-  * signing data with an intended validator (not yet implemented)
-  * signing clique headers,
-  * signing plain personal messages,
-* The external method `account_signTypedData` implements [EIP-712](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md) and makes it possible to sign typed data.
-
-#### 4.0.0
-
-* The external `account_Ecrecover`-method was removed.
-* The external `account_Import`-method was removed.
-
-#### 3.0.0
-
-* The external `account_List`-method was changed to not expose `url`, which contained info about the local filesystem. It now returns only a list of addresses.
-
-#### 2.0.0
-
-* Commit `73abaf04b1372fa4c43201fb1b8019fe6b0a6f8d`, move `from` into `transaction` object in `signTransaction`. This
-makes the `accounts_signTransaction` identical to the old `eth_signTransaction`.
-
-
-#### 1.0.0
-
-Initial release.
--- a/cmd/clef/intapi_changelog.md
+++ b/cmd/clef/intapi_changelog.md
@ -1,191 +0,0 @@
-## Changelog for internal API (ui-api)
-
-The API uses [semantic versioning](https://semver.org/).
-
-TL;DR: Given a version number MAJOR.MINOR.PATCH, increment the:
-
-* MAJOR version when you make incompatible API changes,
-* MINOR version when you add functionality in a backwards-compatible manner, and
-* PATCH version when you make backwards-compatible bug fixes.
-
-Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
-
-### 7.0.1 
-
-Added `clef_New` to the internal API callable from a UI.
-
-> `New` creates a new password protected Account. The private key is protected with
-> the given password. Users are responsible to backup the private key that is stored
-> in the keystore location that was specified when this API was created.
-> This method is the same as New on the external API, the difference being that
-> this implementation does not ask for confirmation, since it's initiated by
-> the user
-
-### 7.0.0
-
- The `message` field was renamed to `messages` in all data signing request methods to better reflect that it's a list, not a value.
- The `storage.Put` and `storage.Get` methods in the rule execution engine were lower-cased to `storage.put` and `storage.get` to be consistent with JavaScript call conventions.
-
-### 6.0.0
-
-Removed `password` from responses to operations which require them. This is for two reasons,
-
- Consistency between how rulesets operate and how manual processing works. A rule can `Approve` but require the actual password to be stored in the clef storage.
-With this change, the same stored password can be used even if rulesets are not enabled, but storage is.
- It also removes the usability-shortcut that a UI might otherwise want to implement; remembering passwords. Since we now will not require the
-password on every `Approve`, there's no need for the UI to cache it locally.
-  - In a future update, we'll likely add `clef_storePassword` to the internal API, so the user can store it via his UI (currently only CLI works).
-
-Affected datatypes:
- `SignTxResponse`
- `SignDataResponse`
- `NewAccountResponse`
-
-If `clef` requires a password, the `OnInputRequired` will be used to collect it.
-
-
-### 5.0.0
-
-Changed the namespace format to adhere to the legacy ethereum format: `name_methodName`. Changes:
-
-* `ApproveTx` -> `ui_approveTx`
-* `ApproveSignData` -> `ui_approveSignData`
-* `ApproveExport` -> `removed`
-* `ApproveImport`  -> `removed`
-* `ApproveListing`  -> `ui_approveListing`
-* `ApproveNewAccount`  -> `ui_approveNewAccount`
-* `ShowError` -> `ui_showError`
-* `ShowInfo` -> `ui_showInfo`
-* `OnApprovedTx` -> `ui_onApprovedTx`
-* `OnSignerStartup` -> `ui_onSignerStartup`
-* `OnInputRequired` -> `ui_onInputRequired`
-
-
-### 4.0.0
-
-* Bidirectional communication implemented, so the UI can query `clef` via the stdin/stdout RPC channel. Methods implemented are:
-  - `clef_listWallets`
-  - `clef_listAccounts`
-  - `clef_listWallets`
-  - `clef_deriveAccount`
-  - `clef_importRawKey`
-  - `clef_openWallet`
-  - `clef_chainId`
-  - `clef_setChainId`
-  - `clef_export`
-  - `clef_import`
-
-* The type `Account` was modified (the json-field `type` was removed), to consist of
-
-```go
-type Account struct {
-	Address common.Address `json:"address"` // Ethereum account address derived from the key
-	URL     URL            `json:"url"`     // Optional resource locator within a backend
-}
-```
-
-
-### 3.2.0
-
-* Make `ShowError`, `OnApprovedTx`, `OnSignerStartup` be json-rpc [notifications](https://www.jsonrpc.org/specification#notification):
-
-> A Notification is a Request object without an "id" member. A Request object that is a Notification signifies the Client's lack of interest in the corresponding Response object, and as such no Response object needs to be returned to the client. The Server MUST NOT reply to a Notification, including those that are within a batch request.
->
->  Notifications are not confirmable by definition, since they do not have a Response object to be returned. As such, the Client would not be aware of any errors (like e.g. "Invalid params","Internal error"
-### 3.1.0
-
-* Add `ContentType` `string` to `SignDataRequest` to accommodate the latest [EIP-191](https://eips.ethereum.org/EIPS/eip-191) and [EIP-712](https://eips.ethereum.org/EIPS/eip-712) implementations.
-
-### 3.0.0
-
-* Make use of `OnInputRequired(info UserInputRequest)` for obtaining master password during startup
-
-### 2.1.0
-
-* Add `OnInputRequired(info UserInputRequest)` to internal API. This method is used when Clef needs user input, e.g. passwords.
-
-The following structures are used:
-
-```go
-UserInputRequest struct {
-	Prompt     string `json:"prompt"`
-	Title      string `json:"title"`
-	IsPassword bool   `json:"isPassword"`
-}
-UserInputResponse struct {
-	Text string `json:"text"`
-}
-```
-
-### 2.0.0
-
-* Modify how `call_info` on a transaction is conveyed. New format:
-
-```
-{
-  "jsonrpc": "2.0",
-  "id": 2,
-  "method": "ApproveTx",
-  "params": [
-    {
-      "transaction": {
-        "from": "0x82A2A876D39022B3019932D30Cd9c97ad5616813",
-        "to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
-        "gas": "0x333",
-        "gasPrice": "0x123",
-        "value": "0x10",
-        "nonce": "0x0",
-        "data": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012",
-        "input": null
-      },
-      "call_info": [
-        {
-          "type": "WARNING",
-          "message": "Invalid checksum on to-address"
-        },
-        {
-          "type": "WARNING",
-          "message": "Tx contains data, but provided ABI signature could not be matched: Did not match: test (0 matches)"
-        }
-      ],
-      "meta": {
-        "remote": "127.0.0.1:54286",
-        "local": "localhost:8550",
-        "scheme": "HTTP/1.1"
-      }
-    }
-  ]
-}
-```
-
-#### 1.2.0
-
-* Add `OnStartup` method, to provide the UI with information about what API version
-the signer uses (both internal and external) as well as build-info and external api.
-
-Example call:
-```json
-{
-  "jsonrpc": "2.0",
-  "id": 1,
-  "method": "OnSignerStartup",
-  "params": [
-    {
-      "info": {
-        "extapi_http": "http://localhost:8550",
-        "extapi_ipc": null,
-        "extapi_version": "2.0.0",
-        "intapi_version": "1.2.0"
-      }
-    }
-  ]
-}
-```
-
-#### 1.1.0
-
-* Add `OnApproved` method
-
-#### 1.0.0
-
-Initial release.
--- a/cmd/clef/main.go
+++ b/cmd/clef/main.go
--- a/cmd/clef/pythonsigner.py
+++ b/cmd/clef/pythonsigner.py
@ -1,315 +0,0 @@
-import sys
-import subprocess
-
-from tinyrpc.transports import ServerTransport
-from tinyrpc.protocols.jsonrpc import JSONRPCProtocol
-from tinyrpc.dispatch import public, RPCDispatcher
-from tinyrpc.server import RPCServer
-
-"""
-This is a POC example of how to write a custom UI for Clef.
-The UI starts the clef process with the '--stdio-ui' option
-and communicates with clef using standard input / output.
-
-The standard input/output is a relatively secure way to communicate,
-as it does not require opening any ports or IPC files. Needless to say,
-it does not protect against memory inspection mechanisms
-where an attacker can access process memory.
-
-To make this work install all the requirements:
-
-  pip install -r requirements.txt
-"""
-
-try:
-    import urllib.parse as urlparse
-except ImportError:
-    import urllib as urlparse
-
-
-class StdIOTransport(ServerTransport):
-    """Uses std input/output for RPC"""
-
-    def receive_message(self):
-        return None, urlparse.unquote(sys.stdin.readline())
-
-    def send_reply(self, context, reply):
-        print(reply)
-
-
-class PipeTransport(ServerTransport):
-    """Uses std a pipe for RPC"""
-
-    def __init__(self, input, output):
-        self.input = input
-        self.output = output
-
-    def receive_message(self):
-        data = self.input.readline()
-        print(">> {}".format(data))
-        return None, urlparse.unquote(data)
-
-    def send_reply(self, context, reply):
-        reply = str(reply, "utf-8")
-        print("<< {}".format(reply))
-        self.output.write("{}\n".format(reply))
-
-
-def sanitize(txt, limit=100):
-    return txt[:limit].encode("unicode_escape").decode("utf-8")
-
-
-def metaString(meta):
-    """
-    "meta":{"remote":"clef binary","local":"main","scheme":"in-proc","User-Agent":"","Origin":""}
-    """  # noqa: E501
-    message = (
-        "\tRequest context:\n"
-        "\t\t{remote} -> {scheme} -> {local}\n"
-        "\tAdditional HTTP header data, provided by the external caller:\n"
-        "\t\tUser-Agent: {user_agent}\n"
-        "\t\tOrigin: {origin}\n"
-    )
-    return message.format(
-        remote=meta.get("remote", "<missing>"),
-        scheme=meta.get("scheme", "<missing>"),
-        local=meta.get("local", "<missing>"),
-        user_agent=sanitize(meta.get("User-Agent"), 200),
-        origin=sanitize(meta.get("Origin"), 100),
-    )
-
-
-class StdIOHandler:
-    def __init__(self):
-        pass
-
-    @public
-    def approveTx(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0","id":20,"method":"ui_approveTx","params":[{"transaction":{"from":"0xDEADbEeF000000000000000000000000DeaDbeEf","to":"0xDEADbEeF000000000000000000000000DeaDbeEf","gas":"0x3e8","gasPrice":"0x5","maxFeePerGas":null,"maxPriorityFeePerGas":null,"value":"0x6","nonce":"0x1","data":"0x"},"call_info":null,"meta":{"remote":"clef binary","local":"main","scheme":"in-proc","User-Agent":"","Origin":""}}]}
-
-        :param transaction: transaction info
-        :param call_info: info about the call, e.g. if ABI info could not be
-        :param meta: metadata about the request, e.g. where the call comes from
-        :return:
-        """  # noqa: E501
-        message = (
-            "Sign transaction request:\n"
-            "\t{meta_string}\n"
-            "\n"
-            "\tFrom: {from_}\n"
-            "\tTo: {to}\n"
-            "\n"
-            "\tAuto-rejecting request"
-        )
-        meta = req.get("meta", {})
-        transaction = req.get("transaction")
-        sys.stdout.write(
-            message.format(
-                meta_string=metaString(meta),
-                from_=transaction.get("from", "<missing>"),
-                to=transaction.get("to", "<missing>"),
-            )
-        )
-        return {
-            "approved": False,
-        }
-
-    @public
-    def approveSignData(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0","id":8,"method":"ui_approveSignData","params":[{"content_type":"application/x-clique-header","address":"0x0011223344556677889900112233445566778899","raw_data":"+QIRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIFOYIFOYIFOoIFOoIFOppFeHRyYSBkYXRhIEV4dHJhIGRhdGEgRXh0cqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgAAAAAAAAAAA==","messages":[{"name":"Clique header","value":"clique header 1337 [0x44381ab449d77774874aca34634cb53bc21bd22aef2d3d4cf40e51176cb585ec]","type":"clique"}],"call_info":null,"hash":"0xa47ab61438a12a06c81420e308c2b7aae44e9cd837a5df70dd021421c0f58643","meta":{"remote":"clef binary","local":"main","scheme":"in-proc","User-Agent":"","Origin":""}}]}
-        """  # noqa: E501
-        message = (
-            "Sign data request:\n"
-            "\t{meta_string}\n"
-            "\n"
-            "\tContent-type: {content_type}\n"
-            "\tAddress: {address}\n"
-            "\tHash: {hash_}\n"
-            "\n"
-            "\tAuto-rejecting request\n"
-        )
-        meta = req.get("meta", {})
-        sys.stdout.write(
-            message.format(
-                meta_string=metaString(meta),
-                content_type=req.get("content_type"),
-                address=req.get("address"),
-                hash_=req.get("hash"),
-            )
-        )
-
-        return {
-            "approved": False,
-            "password": None,
-        }
-
-    @public
-    def approveNewAccount(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0","id":25,"method":"ui_approveNewAccount","params":[{"meta":{"remote":"clef binary","local":"main","scheme":"in-proc","User-Agent":"","Origin":""}}]}
-        """  # noqa: E501
-        message = (
-            "Create new account request:\n"
-            "\t{meta_string}\n"
-            "\n"
-            "\tAuto-rejecting request\n"
-        )
-        meta = req.get("meta", {})
-        sys.stdout.write(message.format(meta_string=metaString(meta)))
-        return {
-            "approved": False,
-        }
-
-    @public
-    def showError(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0","method":"ui_showError","params":[{"text":"If you see this message, enter 'yes' to the next question"}]}
-
-        :param message: to display
-        :return:nothing
-        """  # noqa: E501
-        message = (
-            "## Error\n{text}\n"
-            "Press enter to continue\n"
-        )
-        text = req.get("text")
-        sys.stdout.write(message.format(text=text))
-        input()
-        return
-
-    @public
-    def showInfo(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0","method":"ui_showInfo","params":[{"text":"If you see this message, enter 'yes' to next question"}]}
-
-        :param message: to display
-        :return:nothing
-        """  # noqa: E501
-        message = (
-            "## Info\n{text}\n"
-            "Press enter to continue\n"
-        )
-        text = req.get("text")
-        sys.stdout.write(message.format(text=text))
-        input()
-        return
-
-    @public
-    def onSignerStartup(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0", "method":"ui_onSignerStartup", "params":[{"info":{"extapi_http":"n/a","extapi_ipc":"/home/user/.clef/clef.ipc","extapi_version":"6.1.0","intapi_version":"7.0.1"}}]}
-        """  # noqa: E501
-        message = (
-            "\n"
-            "\t\tExt api url: {extapi_http}\n"
-            "\t\tInt api ipc: {extapi_ipc}\n"
-            "\t\tExt api ver: {extapi_version}\n"
-            "\t\tInt api ver: {intapi_version}\n"
-        )
-        info = req.get("info")
-        sys.stdout.write(
-            message.format(
-                extapi_http=info.get("extapi_http"),
-                extapi_ipc=info.get("extapi_ipc"),
-                extapi_version=info.get("extapi_version"),
-                intapi_version=info.get("intapi_version"),
-            )
-        )
-
-    @public
-    def approveListing(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0","id":23,"method":"ui_approveListing","params":[{"accounts":[{"address":...
-        """  # noqa: E501
-        message = (
-            "\n"
-            "## Account listing request\n"
-            "\t{meta_string}\n"
-            "\tDo you want to allow listing the following accounts?\n"
-            "\t-{addrs}\n"
-            "\n"
-            "->Auto-answering No\n"
-        )
-        meta = req.get("meta", {})
-        accounts = req.get("accounts", [])
-        addrs = [x.get("address") for x in accounts]
-        sys.stdout.write(
-            message.format(
-                addrs="\n\t-".join(addrs),
-                meta_string=metaString(meta)
-            )
-        )
-        return {}
-
-    @public
-    def onInputRequired(self, req):
-        """
-        Example request:
-
-        {"jsonrpc":"2.0","id":1,"method":"ui_onInputRequired","params":[{"title":"Master Password","prompt":"Please enter the password to decrypt the master seed","isPassword":true}]}
-
-        :param message: to display
-        :return:nothing
-        """  # noqa: E501
-        message = (
-            "\n"
-            "## {title}\n"
-            "\t{prompt}\n"
-            "\n"
-            "> "
-        )
-        sys.stdout.write(
-            message.format(
-                title=req.get("title"),
-                prompt=req.get("prompt")
-            )
-        )
-        isPassword = req.get("isPassword")
-        if not isPassword:
-            return {"text": input()}
-
-        return ""
-
-
-def main(args):
-    cmd = ["clef", "--stdio-ui"]
-    if len(args) > 0 and args[0] == "test":
-        cmd.extend(["--stdio-ui-test"])
-    print("cmd: {}".format(" ".join(cmd)))
-
-    dispatcher = RPCDispatcher()
-    dispatcher.register_instance(StdIOHandler(), "ui_")
-
-    # line buffered
-    p = subprocess.Popen(
-        cmd,
-        bufsize=1,
-        universal_newlines=True,
-        stdin=subprocess.PIPE,
-        stdout=subprocess.PIPE,
-    )
-
-    rpc_server = RPCServer(
-        PipeTransport(p.stdout, p.stdin), JSONRPCProtocol(), dispatcher
-    )
-    rpc_server.serve_forever()
-
-
-if __name__ == "__main__":
-    main(sys.argv[1:])
--- a/cmd/clef/requirements.txt
+++ b/cmd/clef/requirements.txt
@ -1 +0,0 @@
-tinyrpc==1.1.4
--- a/cmd/clef/rules.md
+++ b/cmd/clef/rules.md
@ -1,234 +0,0 @@
-# Rules
-
-The `signer` binary contains a ruleset engine, implemented with [OttoVM](https://github.com/robertkrimen/otto)
-
-It enables use cases like the following:
-
-* I want to auto-approve transactions with contract `CasinoDapp`, with up to `0.05 ether` in value to maximum `1 ether` per 24h period
-* I want to auto-approve transaction to contract `EthAlarmClock` with `data`=`0xdeadbeef`, if `value=0`, `gas < 44k` and `gasPrice < 40Gwei`
-
-The two main features that are required for this to work well are:
-
-1. Rule Implementation: how to create, manage, and interpret rules in a flexible but secure manner
-2. Credential management and credentials; how to provide auto-unlock without exposing keys unnecessarily.
-
-The section below deals with both of them
-
-## Rule Implementation
-
-A ruleset file is implemented as a `js` file. Under the hood, the ruleset engine is a `SignerUI`, implementing the same methods as the `json-rpc` methods
-defined in the UI protocol. Example:
-
-```js
-function asBig(str) {
-	if (str.slice(0, 2) == "0x") {
-		return new BigNumber(str.slice(2), 16)
-	}
-	return new BigNumber(str)
-}
-
-// Approve transactions to a certain contract if the value is below a certain limit
-function ApproveTx(req) {
-	var limit = new BigNumber("0xb1a2bc2ec50000")
-	var value = asBig(req.transaction.value);
-
-	if (req.transaction.to.toLowerCase() == "0xae967917c465db8578ca9024c205720b1a3651a9" && value.lt(limit)) {
-		return "Approve"
-	}
-	// If we return "Reject", it will be rejected.
-	// By not returning anything, it will be passed to the next UI, for manual processing
-}
-
-// Approve listings if request made from IPC
-function ApproveListing(req){
-    if (req.metadata.scheme == "ipc"){ return "Approve"}
-}
-```
-
-Whenever the external API is called (and the ruleset is enabled), the `signer` calls the UI, which is an instance of a ruleset-engine. The ruleset-engine
-invokes the corresponding method. In doing so, there are three possible outcomes:
-
-1. JS returns "Approve"
-  * Auto-approve request
-2. JS returns "Reject"
-  * Auto-reject request
-3. Error occurs, or something else is returned
-  * Pass on to `next` ui: the regular UI channel.
-
-A more advanced example can be found below, "Example 1: ruleset for a rate-limited window", using `storage` to `Put` and `Get` `string`s by key.
-
-* At the time of writing, storage only exists as an ephemeral unencrypted implementation, to be used during testing.
-
-### Things to note
-
-The Otto vm has a few [caveats](https://github.com/robertkrimen/otto):
-
-* "use strict" will parse, but does nothing.
-* The regular expression engine (re2/regexp) is not fully compatible with the ECMA5 specification.
-* Otto targets ES5. ES6 features (eg: Typed Arrays) are not supported.
-
-Additionally, a few more have been added
-
-* The rule execution cannot load external javascript files.
-* The only preloaded library is [`bignumber.js`](https://github.com/MikeMcl/bignumber.js) version `2.0.3`. This one is fairly old, and is not aligned with the documentation at the GitHub repository.
-* Each invocation is made in a fresh virtual machine. This means that you cannot store data in global variables between invocations. This is a deliberate choice -- if you want to store data, use the disk-backed `storage`, since rules should not rely on ephemeral data.
-* Javascript API parameters are _always_ an object. This is also a design choice, to ensure that parameters are accessed by _key_ and not by order. This is to prevent mistakes due to missing parameters or parameter changes.
-* The JS engine has access to `storage` and `console`.
-
-#### Security considerations
-
-##### Security of ruleset
-
-Some security precautions can be made, such as:
-
-* Never load `ruleset.js` unless the file is `readonly` (`r-??-??-?`). If the user wishes to modify the ruleset, he must make it writeable and then set back to readonly.
-  * This is to prevent attacks where files are dropped on the users disk.
-* Since we're going to have to have some form of secure storage (not defined in this section), we could also store the `sha3` of the `ruleset.js` file in there.
-  * If the user wishes to modify the ruleset, he'd then have to perform e.g. `signer --attest /path/to/ruleset --credential <creds>`
-
-##### Security of implementation
-
-The drawback of this very flexible solution is that the `signer` needs to contain a javascript engine. This is pretty simple to implement since it's already
-implemented for `geth`. There are no known security vulnerabilities in it, nor have we had any security problems with it so far.
-
-The javascript engine would be an added attack surface; but if the validation of `rulesets` is made good (with hash-based attestation), the actual javascript cannot be considered
-an attack surface -- if an attacker can control the ruleset, a much simpler attack would be to implement an "always-approve" rule instead of exploiting the js vm. The only benefit
-to be gained from attacking the actual `signer` process from the `js` side would be if it could somehow extract cryptographic keys from memory.
-
-##### Security in usability
-
-Javascript is flexible, but also easy to get wrong, especially when users assume that `js` can handle large integers natively. Typical errors
-include trying to multiply `gasCost` with `gas` without using `bigint`:s.
-
-It's unclear whether any other DSL could be more secure; since there's always the possibility of erroneously implementing a rule.
-
-
-## Credential management
-
-The ability to auto-approve transactions means that the signer needs to have the necessary credentials to decrypt keyfiles. These passwords are hereafter called `ksp` (keystore pass).
-
-### Example implementation
-
-Upon startup of the signer, the signer is given a switch: `--seed <path/to/masterseed>`
-The `seed` contains a blob of bytes, which is the master seed for the `signer`.
-
-The `signer` uses the `seed` to:
-
-* Generate the `path` where the settings are stored.
-  * `./settings/1df094eb-c2b1-4689-90dd-790046d38025/vault.dat`
-  * `./settings/1df094eb-c2b1-4689-90dd-790046d38025/rules.js`
-* Generate the encryption password for `vault.dat`.
-
-The `vault.dat` would be an encrypted container storing the following information:
-
-* `ksp` entries
-* `sha256` hash of `rules.js`
-* Information about pair:ed callers (not yet specified)
-
-### Security considerations
-
-This would leave it up to the user to ensure that the `path/to/masterseed` is handled securely. It's difficult to get around this, although one could
-imagine leveraging OS-level keychains where supported. The setup is however, in general, similar to how ssh-keys are stored in `.ssh/`.
-
-
-# Implementation status
-
-This is now implemented (with ephemeral non-encrypted storage for now, so not yet enabled).
-
-## Example 1: ruleset for a rate-limited window
-
-
-```js
-function big(str) {
-	if (str.slice(0, 2) == "0x") {
-		return new BigNumber(str.slice(2), 16)
-	}
-	return new BigNumber(str)
-}
-
-// Time window: 1 week
-var window = 1000* 3600*24*7;
-
-// Limit: 1 ether
-var limit = new BigNumber("1e18");
-
-function isLimitOk(transaction) {
-	var value = big(transaction.value)
-	// Start of our window function
-	var windowstart = new Date().getTime() - window;
-
-	var txs = [];
-	var stored = storage.get('txs');
-
-	if (stored != "") {
-		txs = JSON.parse(stored)
-	}
-	// First, remove all that has passed out of the time window
-	var newtxs = txs.filter(function(tx){return tx.tstamp > windowstart});
-	console.log(txs, newtxs.length);
-
-	// Secondly, aggregate the current sum
-	sum = new BigNumber(0)
-
-	sum = newtxs.reduce(function(agg, tx){ return big(tx.value).plus(agg)}, sum);
-	console.log("ApproveTx > Sum so far", sum);
-	console.log("ApproveTx > Requested", value.toNumber());
-
-	// Would we exceed the weekly limit ?
-	return sum.plus(value).lt(limit)
-
-}
-function ApproveTx(r) {
-	if (isLimitOk(r.transaction)) {
-		return "Approve"
-	}
-	return "Nope"
-}
-
-/**
-* OnApprovedTx(str) is called when a transaction has been approved and signed. The parameter
-	* 'response_str' contains the return value that will be sent to the external caller.
-* The return value from this method is ignore - the reason for having this callback is to allow the
-* ruleset to keep track of approved transactions.
-*
-* When implementing rate-limited rules, this callback should be used.
-* If a rule responds with neither 'Approve' nor 'Reject' - the tx goes to manual processing. If the user
-* then accepts the transaction, this method will be called.
-*
-* TLDR; Use this method to keep track of signed transactions, instead of using the data in ApproveTx.
-*/
-function OnApprovedTx(resp) {
-	var value = big(resp.tx.value)
-	var txs = []
-	// Load stored transactions
-	var stored = storage.get('txs');
-	if (stored != "") {
-		txs = JSON.parse(stored)
-	}
-	// Add this to the storage
-	txs.push({tstamp: new Date().getTime(), value: value});
-	storage.put("txs", JSON.stringify(txs));
-}
-```
-
-## Example 2: allow destination
-
-```js
-function ApproveTx(r) {
-	if (r.transaction.from.toLowerCase() == "0x0000000000000000000000000000000000001337") {
-		return "Approve"
-	}
-	if (r.transaction.from.toLowerCase() == "0x000000000000000000000000000000000000dead") {
-		return "Reject"
-	}
-	// Otherwise goes to manual processing
-}
-```
-
-## Example 3: Allow listing
-
-```js
-function ApproveListing() {
-	return "Approve"
-}
-```
--- a/cmd/clef/run_test.go
+++ b/cmd/clef/run_test.go
@ -1,103 +0,0 @@
-// Copyright 2022 The go-ethereum Authors
-// This file is part of go-ethereum.
-//
-// go-ethereum is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// go-ethereum is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"testing"
-
-	"github.com/ethereum/go-ethereum/internal/cmdtest"
-	"github.com/ethereum/go-ethereum/internal/reexec"
-)
-
-const registeredName = "clef-test"
-
-type testproc struct {
-	*cmdtest.TestCmd
-
-	// template variables for expect
-	Datadir   string
-	Etherbase string
-}
-
-func init() {
-	reexec.Register(registeredName, func() {
-		if err := app.Run(os.Args); err != nil {
-			fmt.Fprintln(os.Stderr, err)
-			os.Exit(1)
-		}
-		os.Exit(0)
-	})
-}
-
-func TestMain(m *testing.M) {
-	// check if we have been reexec'd
-	if reexec.Init() {
-		return
-	}
-	os.Exit(m.Run())
-}
-
-// runClef spawns clef with the given command line args and adds keystore arg.
-// This method creates a temporary  keystore folder which will be removed after
-// the test exits.
-func runClef(t *testing.T, args ...string) *testproc {
-	ddir := t.TempDir()
-	return runWithKeystore(t, ddir, args...)
-}
-
-// runWithKeystore spawns clef with the given command line args and adds keystore arg.
-// This method does _not_ create the keystore folder, but it _does_ add the arg
-// to the args.
-func runWithKeystore(t *testing.T, keystore string, args ...string) *testproc {
-	args = append([]string{"--keystore", keystore}, args...)
-	tt := &testproc{Datadir: keystore}
-	tt.TestCmd = cmdtest.NewTestCmd(t, tt)
-	// Boot "clef". This actually runs the test binary but the TestMain
-	// function will prevent any tests from running.
-	tt.Run(registeredName, args...)
-	return tt
-}
-
-func (proc *testproc) input(text string) *testproc {
-	proc.TestCmd.InputLine(text)
-	return proc
-}
-
-/*
-// waitForEndpoint waits for the rpc endpoint to appear, or
-// aborts after 3 seconds.
-func (proc *testproc) waitForEndpoint(t *testing.T) *testproc {
-	t.Helper()
-	timeout := 3 * time.Second
-	ipc := filepath.Join(proc.Datadir, "clef.ipc")
-
-	start := time.Now()
-	for time.Since(start) < timeout {
-		if _, err := os.Stat(ipc); !errors.Is(err, os.ErrNotExist) {
-			t.Logf("endpoint %v opened", ipc)
-			return proc
-		}
-		time.Sleep(200 * time.Millisecond)
-	}
-	t.Logf("stderr: \n%v", proc.StderrText())
-	t.Logf("stdout: \n%v", proc.Output())
-	t.Fatal("endpoint", ipc, "did not open within", timeout)
-	return proc
-}
-*/
--- a/cmd/clef/sign_flow.png
+++ b/cmd/clef/sign_flow.png
--- a/cmd/clef/testdata/sign_1559_missing_field_exp_fail.json
+++ b/cmd/clef/testdata/sign_1559_missing_field_exp_fail.json
@ -1,16 +0,0 @@
-{
-  "jsonrpc": "2.0",
-  "method": "account_signTransaction",
-  "params": [
-    {
-      "from": "0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-      "to": "0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-      "gas": "0x333",
-      "maxFeePerGas": "0x123",
-      "nonce": "0x0",
-      "value": "0x10",
-      "data": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"
-    }
-  ],
-  "id": 67
-}
--- a/cmd/clef/testdata/sign_1559_missing_maxfeepergas_exp_fail.json
+++ b/cmd/clef/testdata/sign_1559_missing_maxfeepergas_exp_fail.json
@ -1,16 +0,0 @@
-{
-  "jsonrpc": "2.0",
-  "method": "account_signTransaction",
-  "params": [
-    {
-      "from": "0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-      "to": "0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-      "gas": "0x333",
-      "maxPriorityFeePerGas": "0x123",
-      "nonce": "0x0",
-      "value": "0x10",
-      "data": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"
-    }
-  ],
-  "id": 67
-}
--- a/cmd/clef/testdata/sign_1559_tx.json
+++ b/cmd/clef/testdata/sign_1559_tx.json
@ -1,17 +0,0 @@
-{
-  "jsonrpc": "2.0",
-  "method": "account_signTransaction",
-  "params": [
-    {
-      "from": "0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-      "to": "0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-      "gas": "0x333",
-      "maxPriorityFeePerGas": "0x123",
-      "maxFeePerGas": "0x123",
-      "nonce": "0x0",
-      "value": "0x10",
-      "data": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"
-    }
-  ],
-  "id": 67
-}
--- a/cmd/clef/testdata/sign_bad_checksum_exp_fail.json
+++ b/cmd/clef/testdata/sign_bad_checksum_exp_fail.json
@ -1,17 +0,0 @@
-{
-  "jsonrpc": "2.0",
-  "method": "account_signTransaction",
-  "params": [
-    {
-	"from":"0x8a8eafb1cf62bfbeb1741769dae1a9dd47996192",
-	"to":"0x8a8eafb1cf62bfbeb1741769dae1a9dd47996192",
-      "gas": "0x333",
-      "gasPrice": "0x123",
-      "nonce": "0x0",
-      "value": "0x10",
-      "data":
-        "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"
-    }
-  ],
-  "id": 67
-}
--- a/cmd/clef/testdata/sign_normal_exp_ok.json
+++ b/cmd/clef/testdata/sign_normal_exp_ok.json
@ -1,17 +0,0 @@
-{
-  "jsonrpc": "2.0",
-  "method": "account_signTransaction",
-  "params": [
-    {
-	"from":"0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-	"to":"0x8A8eAFb1cf62BfBeb1741769DAE1a9dd47996192",
-      "gas": "0x333",
-      "gasPrice": "0x123",
-      "nonce": "0x0",
-      "value": "0x10",
-      "data":
-        "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"
-    }
-  ],
-  "id": 67
-}
--- a/cmd/clef/tests/testsigner.js
+++ b/cmd/clef/tests/testsigner.js
@ -1,89 +0,0 @@
-// Copyright 2019 The go-ethereum Authors
-// This file is part of go-ethereum.
-//
-// go-ethereum is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// go-ethereum is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
-
-// This file is a test-utility for testing clef-functionality
-//
-// Start clef with
-//
-// build/bin/clef --4bytedb=./cmd/clef/4byte.json --rpc
-//
-// Start geth with
-//
-// build/bin/geth --nodiscover --maxpeers 0 --signer http://localhost:8550 console --preload=cmd/clef/tests/testsigner.js
-//
-// and in the console simply invoke
-//
-// > test()
-//
-// You can reload the file via `reload()`
-
-function reload(){
-	loadScript("./cmd/clef/tests/testsigner.js");
-}
-
-function init(){
-    if (typeof accts == 'undefined' || accts.length == 0){
-        accts = eth.accounts
-        console.log("Got accounts ", accts);
-    }
-}
-init()
-function testTx(){
-    if( accts && accts.length > 0) {
-        var a = accts[0]
-        var txdata = eth.signTransaction({from: a, to: a, value: 1, nonce: 1, gas: 1, gasPrice: 1})
-        var v = parseInt(txdata.tx.v)
-        console.log("V value: ", v)
-        if (v == 37 || v == 38){
-            console.log("Mainnet 155-protected chainid was used")
-        }
-        if (v == 27 || v == 28){
-            throw new Error("Mainnet chainid was used, but without replay protection!")
-        }
-    }
-}
-function testSignText(){
-    if( accts && accts.length > 0){
-        var a = accts[0]
-        var r = eth.sign(a, "0x68656c6c6f20776f726c64"); //hello world
-        console.log("signing response",  r)
-    }
-}
-function testClique(){
-    if( accts && accts.length > 0){
-        var a = accts[0]
-        var r = debug.testSignCliqueBlock(a, 0); // Sign genesis
-        console.log("signing response",  r)
-        if( a != r){
-            throw new Error("Requested signing by "+a+ " but got sealer "+r)
-        }
-    }
-}
-
-function test(){
-    var tests = [
-        testTx,
-        testSignText,
-        testClique,
-    ]
-    for( i in tests){
-        try{
-            tests[i]()
-        }catch(err){
-            console.log(err)
-        }
-    }
- }
--- a/cmd/clef/tutorial.md
+++ b/cmd/clef/tutorial.md
@ -1,353 +0,0 @@
-## Initializing Clef
-
-First things first, Clef needs to store some data itself. Since that data might be sensitive (passwords, signing rules, accounts), Clef's entire storage is encrypted. To support encrypting data, the first step is to initialize Clef with a random master seed, itself too encrypted with your chosen password:
-
-```text
-$ clef init
-
-WARNING!
-
-Clef is an account management tool. It may, like any software, contain bugs.
-
-Please take care to
- backup your keystore files,
- verify that the keystore(s) can be opened with your password.
-
-Clef is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
-without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-PURPOSE. See the GNU General Public License for more details.
-
-Enter 'ok' to proceed:
-> ok
-
-The master seed of clef will be locked with a password.
-Please specify a password. Do not forget this password!
-Password:
-Repeat password:
-
-A master seed has been generated into /home/martin/.clef/masterseed.json
-
-This is required to be able to store credentials, such as:
-* Passwords for keystores (used by rule engine)
-* Storage for JavaScript auto-signing rules
-* Hash of JavaScript rule-file
-
-You should treat 'masterseed.json' with utmost secrecy and make a backup of it!
-* The password is necessary but not enough, you need to back up the master seed too!
-* The master seed does not contain your accounts, those need to be backed up separately!
-```
-
-*For readability purposes, we'll remove the WARNING printout, user confirmation and the unlocking of the master seed in the rest of this document.*
-
-## Remote interactions
-
-Clef is capable of managing both key-file based accounts as well as hardware wallets. To evaluate clef, we're going to point it to our Rinkeby testnet keystore and specify the Rinkeby chain ID for signing (Clef doesn't have a backing chain, so it doesn't know what network it runs on).
-
-```text
-$ clef --keystore ~/.ethereum/rinkeby/keystore --chainid 4
-
-INFO [07-01|11:00:46.385] Starting signer                          chainid=4 keystore=$HOME/.ethereum/rinkeby/keystore light-kdf=false advanced=false
-DEBUG[07-01|11:00:46.389] FS scan times                            list=3.521941ms set=9.017µs diff=4.112µs
-DEBUG[07-01|11:00:46.391] Ledger support enabled
-DEBUG[07-01|11:00:46.391] Trezor support enabled via HID
-DEBUG[07-01|11:00:46.391] Trezor support enabled via WebUSB
-INFO [07-01|11:00:46.391] Audit logs configured                    file=audit.log
-DEBUG[07-01|11:00:46.392] IPC registered                           namespace=account
-INFO [07-01|11:00:46.392] IPC endpoint opened                      url=$HOME/.clef/clef.ipc
------- Signer info -------
-* intapi_version : 7.0.0
-* extapi_version : 6.0.0
-* extapi_http : n/a
-* extapi_ipc : $HOME/.clef/clef.ipc
-```
-
-By default, Clef starts up in CLI (Command Line Interface) mode. Arbitrary remote processes may *request* account interactions (e.g. sign a transaction), which the user will need to individually *confirm*.
-
-To test this out, we can *request* Clef to list all account via its *External API endpoint*:
-
-```text
-echo '{"id": 1, "jsonrpc": "2.0", "method": "account_list"}' | nc -U ~/.clef/clef.ipc
-```
-
-This will prompt the user within the Clef CLI to confirm or deny the request:
-
-```text
-------- List Account request--------------
-A request has been made to list all accounts.
-You can select which accounts the caller can see
-  [x] 0xD9C9Cd5f6779558b6e0eD4e6Acf6b1947E7fA1F3
-    URL: keystore://$HOME/.ethereum/rinkeby/keystore/UTC--2017-04-14T15-15-00.327614556Z--d9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3
-  [x] 0x086278A6C067775F71d6B2BB1856Db6E28c30418
-    URL: keystore://$HOME/.ethereum/rinkeby/keystore/UTC--2018-02-06T22-53-11.211657239Z--086278a6c067775f71d6b2bb1856db6e28c30418
-------------------------------------------
-Request context:
-	NA -> NA -> NA
-
-Additional HTTP header data, provided by the external caller:
-	User-Agent:
-	Origin:
-Approve? [y/N]:
->
-```
-
-Depending on whether we approve or deny the request, the original NetCat process will get:
-
-```text
-{"jsonrpc":"2.0","id":1,"result":["0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3","0x086278a6c067775f71d6b2bb1856db6e28c30418"]}
-
-or
-
-{"jsonrpc":"2.0","id":1,"error":{"code":-32000,"message":"Request denied"}}
-```
-
-Apart from listing accounts, you can also *request* creating a new account; signing transactions and data; and recovering signatures. You can find the available methods in the Clef [External API Spec](https://github.com/ethereum/go-ethereum/tree/master/cmd/clef#external-api-1) and the [External API Changelog](https://github.com/ethereum/go-ethereum/blob/master/cmd/clef/extapi_changelog.md).
-
-*Note, the number of things you can do from the External API is deliberately small, since we want to limit the power of remote calls by as much as possible! Clef has an [Internal API](https://github.com/ethereum/go-ethereum/tree/master/cmd/clef#ui-api-1) too for the UI (User Interface) which is much richer and can support custom interfaces on top. But that's out of scope here.*
-
-## Automatic rules
-
-For most users, manually confirming every transaction is the way to go. However, there are cases when it makes sense to set up some rules which permit Clef to sign a transaction without prompting the user. One such example would be running a signer on Rinkeby or other PoA networks.
-
-For starters, we can create a rule file that automatically permits anyone to list our available accounts without user confirmation. The rule file is a tiny JavaScript snippet that you can program however you want:
-
-```js
-function ApproveListing() {
-    return "Approve"
-}
-```
-
-Of course, Clef isn't going to just accept and run arbitrary scripts you give it, that would be dangerous if someone changes your rule file! Instead, you need to explicitly *attest* the rule file, which entails injecting its hash into Clef's secure store.
-
-```text
-$ sha256sum rules.js
-645b58e4f945e24d0221714ff29f6aa8e860382ced43490529db1695f5fcc71c  rules.js
-
-$ clef attest 645b58e4f945e24d0221714ff29f6aa8e860382ced43490529db1695f5fcc71c
-Decrypt master seed of clef
-Password:
-INFO [07-01|13:25:03.290] Ruleset attestation updated              sha256=645b58e4f945e24d0221714ff29f6aa8e860382ced43490529db1695f5fcc71c
-```
-
-At this point, we can start Clef with the rule file:
-
-```text
-$ clef --keystore ~/.ethereum/rinkeby/keystore --chainid 4 --rules rules.js
-
-INFO [07-01|13:39:49.726] Rule engine configured                   file=rules.js
-INFO [07-01|13:39:49.726] Starting signer                          chainid=4 keystore=$HOME/.ethereum/rinkeby/keystore light-kdf=false advanced=false
-DEBUG[07-01|13:39:49.726] FS scan times                            list=35.15µs set=4.251µs diff=2.766µs
-DEBUG[07-01|13:39:49.727] Ledger support enabled
-DEBUG[07-01|13:39:49.727] Trezor support enabled via HID
-DEBUG[07-01|13:39:49.727] Trezor support enabled via WebUSB
-INFO [07-01|13:39:49.728] Audit logs configured                    file=audit.log
-DEBUG[07-01|13:39:49.728] IPC registered                           namespace=account
-INFO [07-01|13:39:49.728] IPC endpoint opened                      url=$HOME/.clef/clef.ipc
------- Signer info -------
-* intapi_version : 7.0.0
-* extapi_version : 6.0.0
-* extapi_http : n/a
-* extapi_ipc : $HOME/.clef/clef.ipc
-```
-
-Any account listing *request* will now be auto-approved by the rule file:
-
-```text
-$ echo '{"id": 1, "jsonrpc": "2.0", "method": "account_list"}' | nc -U ~/.clef/clef.ipc
-{"jsonrpc":"2.0","id":1,"result":["0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3","0x086278a6c067775f71d6b2bb1856db6e28c30418"]}
-```
-
-## Under the hood
-
-While doing the operations above, these files have been created:
-
-```text
-$ ls -laR ~/.clef/
-
-$HOME/.clef/:
-total 24
-drwxr-x--x   3 user user  4096 Jul  1 13:45 .
-drwxr-xr-x 102 user user 12288 Jul  1 13:39 ..
-drwx------   2 user user  4096 Jul  1 13:25 02f90c0603f4f2f60188
-r--------   1 user user   868 Jun 28 13:55 masterseed.json
-
-$HOME/.clef/02f90c0603f4f2f60188:
-total 12
-drwx------ 2 user user 4096 Jul  1 13:25 .
-drwxr-x--x 3 user user 4096 Jul  1 13:45 ..
-rw------- 1 user user  159 Jul  1 13:25 config.json
-
-$ cat ~/.clef/02f90c0603f4f2f60188/config.json
-{"ruleset_sha256":{"iv":"SWWEtnl+R+I+wfG7","c":"I3fjmwmamxVcfGax7D0MdUOL29/rBWcs73WBILmYK0o1CrX7wSMc3y37KsmtlZUAjp0oItYq01Ow8VGUOzilG91tDHInB5YHNtm/YkufEbo="}}
-```
-
-In `$HOME/.clef`, the `masterseed.json` file was created, containing the master seed. This seed was then used to derive a few other things:
-
- **Vault location**: in this case `02f90c0603f4f2f60188`.
-   - If you use a different master seed, a different vault location will be used that does not conflict with each other (e.g. `clef --signersecret /path/to/file`). This allows you to run multiple instances of Clef, each with its own rules (e.g. mainnet + testnet).
- **`config.json`**: the encrypted key/value storage for configuration data, currently only containing the key `ruleset_sha256`, the attested hash of the automatic rules to use.
-
-## Advanced rules
-
-In order to make more useful rules - like signing transactions - the signer needs access to the passwords needed to unlock keys from the keystore. You can inject an unlock password via `clef setpw`.
-
-```text
-$ clef setpw 0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3
-
-Please enter a password to store for this address:
-Password:
-Repeat password:
-
-Decrypt master seed of clef
-Password:
-INFO [07-01|14:05:56.031] Credential store updated                 key=0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3
-```
-
-Now let's update the rules to make use of the new credentials:
-
-```js
-function ApproveListing() {
-    return "Approve"
-}
-
-function ApproveSignData(req) {
-    if (req.address.toLowerCase() == "0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3") {
-        if (req.messages[0].value.indexOf("bazonk") >= 0) {
-            return "Approve"
-        }
-        return "Reject"
-    }
-    // Otherwise goes to manual processing
-}
-```
-
-In this example:
-
- Any requests to sign data with the account `0xd9c9...` will be:
-    - Auto-approved if the message contains `bazonk`,
-    - Auto-rejected if the message does not contain `bazonk`,
- Any other requests will be passed along for manual confirmation.
-
-*Note, to make this example work, please use you own accounts. You can create a new account either via Clef or the traditional account CLI tools. If the latter was chosen, make sure both Clef and Geth use the same keystore by specifying `--keystore path/to/your/keystore` when running Clef.*
-
-Attest the new rule file so that Clef will accept loading it:
-
-```text
-$ sha256sum rules.js
-f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178  rules.js
-
-$ clef attest f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178
-Decrypt master seed of clef
-Password:
-INFO [07-01|14:11:28.509] Ruleset attestation updated              sha256=f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178
-```
-
-Restart Clef with the new rules in place:
-
-```
-$ clef --keystore ~/.ethereum/rinkeby/keystore --chainid 4 --rules rules.js
-
-INFO [07-01|14:12:41.636] Rule engine configured                   file=rules.js
-INFO [07-01|14:12:41.636] Starting signer                          chainid=4 keystore=$HOME/.ethereum/rinkeby/keystore light-kdf=false advanced=false
-DEBUG[07-01|14:12:41.636] FS scan times                            list=46.722µs set=4.47µs diff=2.157µs
-DEBUG[07-01|14:12:41.637] Ledger support enabled
-DEBUG[07-01|14:12:41.637] Trezor support enabled via HID
-DEBUG[07-01|14:12:41.638] Trezor support enabled via WebUSB
-INFO [07-01|14:12:41.638] Audit logs configured                    file=audit.log
-DEBUG[07-01|14:12:41.638] IPC registered                           namespace=account
-INFO [07-01|14:12:41.638] IPC endpoint opened                      url=$HOME/.clef/clef.ipc
------- Signer info -------
-* intapi_version : 7.0.0
-* extapi_version : 6.0.0
-* extapi_http : n/a
-* extapi_ipc : $HOME/.clef/clef.ipc
-```
-
-Then test signing, once with `bazonk` and once without:
-
-```
-$ echo '{"id": 1, "jsonrpc":"2.0", "method":"account_signData", "params":["data/plain", "0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3", "0x202062617a6f6e6b2062617a2067617a0a"]}' | nc -U ~/.clef/clef.ipc
-{"jsonrpc":"2.0","id":1,"result":"0x4f93e3457027f6be99b06b3392d0ebc60615ba448bb7544687ef1248dea4f5317f789002df783979c417d969836b6fda3710f5bffb296b4d51c8aaae6e2ac4831c"}
-
-$ echo '{"id": 1, "jsonrpc":"2.0", "method":"account_signData", "params":["data/plain", "0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3", "0x2020626f6e6b2062617a2067617a0a"]}' | nc -U ~/.clef/clef.ipc
-{"jsonrpc":"2.0","id":1,"error":{"code":-32000,"message":"Request denied"}}
-```
-
-Meanwhile, in the Clef output log you can see:
-```text
-INFO [02-21|14:42:41] Op approved
-INFO [02-21|14:42:56] Op rejected
-```
-
-The signer also stores all traffic over the external API in a log file. The last 4 lines shows the two requests and their responses:
-
-```text
-$ tail -n 4 audit.log
-t=2019-07-01T15:52:14+0300 lvl=info msg=SignData   api=signer type=request  metadata="{\"remote\":\"NA\",\"local\":\"NA\",\"scheme\":\"NA\",\"User-Agent\":\"\",\"Origin\":\"\"}" addr="0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3 [chksum INVALID]" data=0x202062617a6f6e6b2062617a2067617a0a content-type=data/plain
-t=2019-07-01T15:52:14+0300 lvl=info msg=SignData   api=signer type=response data=4f93e3457027f6be99b06b3392d0ebc60615ba448bb7544687ef1248dea4f5317f789002df783979c417d969836b6fda3710f5bffb296b4d51c8aaae6e2ac4831c error=nil
-t=2019-07-01T15:52:23+0300 lvl=info msg=SignData   api=signer type=request  metadata="{\"remote\":\"NA\",\"local\":\"NA\",\"scheme\":\"NA\",\"User-Agent\":\"\",\"Origin\":\"\"}" addr="0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3 [chksum INVALID]" data=0x2020626f6e6b2062617a2067617a0a     content-type=data/plain
-t=2019-07-01T15:52:23+0300 lvl=info msg=SignData   api=signer type=response data=                                     error="Request denied"
-```
-
-For more details on writing automatic rules, please see the [rules spec](https://github.com/ethereum/go-ethereum/blob/master/cmd/clef/rules.md).
-
-## Geth integration
-
-Of course, as awesome as Clef is, it's not feasible to interact with it via JSON RPC by hand. Long term, we're hoping to convince the general Ethereum community to support Clef as a general signer (it's only 3-5 methods), thus allowing your favorite DApp, Metamask, MyCrypto, etc to request signatures directly.
-
-Until then however, we're trying to pave the way via Geth. Geth v1.9.0 has built in support via `--signer <API endpoint>` for using a local or remote Clef instance as an account backend!
-
-We can try this by running Clef with our previous rules on Rinkeby (for now it's a good idea to allow auto-listing accounts, since Geth likes to retrieve them once in a while).
-
-```text
-$ clef --keystore ~/.ethereum/rinkeby/keystore --chainid 4 --rules rules.js
-```
-
-In a different window we can start Geth, list our accounts, even list our wallets to see where the accounts originate from:
-
-```text
-$ geth --rinkeby --signer=~/.clef/clef.ipc console
-
-> eth.accounts
-["0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3", "0x086278a6c067775f71d6b2bb1856db6e28c30418"]
-
-> personal.listWallets
-[{
-    accounts: [{
-        address: "0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3",
-        url: "extapi://$HOME/.clef/clef.ipc"
-    }, {
-        address: "0x086278a6c067775f71d6b2bb1856db6e28c30418",
-        url: "extapi://$HOME/.clef/clef.ipc"
-    }],
-    status: "ok [version=6.0.0]",
-    url: "extapi://$HOME/.clef/clef.ipc"
-}]
-
-> eth.sendTransaction({from: eth.accounts[0], to: eth.accounts[0]})
-```
-
-Lastly, when we requested a transaction to be sent, Clef prompted us in the original window to approve it:
-
-```text
--------- Transaction request-------------
-to:       0xD9C9Cd5f6779558b6e0eD4e6Acf6b1947E7fA1F3
-from:     0xD9C9Cd5f6779558b6e0eD4e6Acf6b1947E7fA1F3 [chksum ok]
-value:    0 wei
-gas:      0x5208 (21000)
-gasprice: 1000000000 wei
-nonce:    0x2366 (9062)
-
-Request context:
-	NA -> NA -> NA
-
-Additional HTTP header data, provided by the external caller:
-	User-Agent:
-	Origin:
-------------------------------------------
-Approve? [y/N]:
-> y
-```
-
-:boom:
-
-*Note, if you enable the external signer backend in Geth, all other account management is disabled. This is because long term we want to remove account management from Geth.*
--- a/cmd/devp2p/enrcmd.go
+++ b/cmd/devp2p/enrcmd.go
@ -194,7 +194,7 @@ func formatAttrString(v rlp.RawValue) (string, bool) {

 func formatAttrIP(v rlp.RawValue) (string, bool) {
 	content, _, err := rlp.SplitString(v)
-	if err != nil || len(content) != 4 && len(content) != 6 {
+	if err != nil || len(content) != 4 && len(content) != 16 {
 		return "", false
 	}
 	return net.IP(content).String(), true
--- a/cmd/devp2p/internal/ethtest/chain.go
+++ b/cmd/devp2p/internal/ethtest/chain.go
@ -51,6 +51,12 @@ type Chain struct {
 	state   map[common.Address]state.DumpAccount // state of head block
 	senders map[common.Address]*senderInfo
 	config  *params.ChainConfig
+
+	txInfo txInfo
+}
+
+type txInfo struct {
+	LargeReceiptBlock *uint64 `json:"tx-largereceipt"`
 }

 // NewChain takes the given chain.rlp file, and decodes and returns
@ -74,12 +80,20 @@ func NewChain(dir string) (*Chain, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	var txInfo txInfo
+	err = common.LoadJSON(filepath.Join(dir, "txinfo.json"), &txInfo)
+	if err != nil {
+		return nil, err
+	}
+
 	return &Chain{
 		genesis: gen,
 		blocks:  blocks,
 		state:   state,
 		senders: accounts,
 		config:  gen.Config,
+		txInfo:  txInfo,
 	}, nil
 }

--- a/cmd/devp2p/internal/ethtest/conn.go
+++ b/cmd/devp2p/internal/ethtest/conn.go
@ -66,9 +66,10 @@ func (s *Suite) dialAs(key *ecdsa.PrivateKey) (*Conn, error) {
 		return nil, err
 	}
 	conn.caps = []p2p.Cap{
+		{Name: "eth", Version: 70},
 		{Name: "eth", Version: 69},
 	}
-	conn.ourHighestProtoVersion = 69
+	conn.ourHighestProtoVersion = 70
 	return &conn, nil
 }

@ -83,6 +84,19 @@ func (s *Suite) dialSnap() (*Conn, error) {
 	return conn, nil
 }

+// dialSnap2 creates a connection advertising snap/2 as the only snap capability.
+// This is used by the snap/2 (EIP-8189) test suite to force the peer to
+// negotiate snap/2 rather than falling back to snap/1.
+func (s *Suite) dialSnap2() (*Conn, error) {
+	conn, err := s.dial()
+	if err != nil {
+		return nil, fmt.Errorf("dial failed: %v", err)
+	}
+	conn.caps = append(conn.caps, p2p.Cap{Name: "snap", Version: 2})
+	conn.ourHighestSnapProtoVersion = 2
+	return conn, nil
+}
+
 // Conn represents an individual connection with a peer
 type Conn struct {
 	*rlpx.Conn
@ -182,7 +196,10 @@ func (c *Conn) ReadEth() (any, error) {
 	}
 }

-// ReadSnap reads a snap/1 response with the given id from the connection.
+// ReadSnap reads a snap protocol response from the connection. It decodes
+// the full message catalog of both snap/1 and snap/2. The caller is
+// expected to only receive codes that were actually valid on the
+// negotiated protocol version.
 func (c *Conn) ReadSnap() (any, error) {
 	c.SetReadDeadline(time.Now().Add(timeout))
 	for {
@ -214,6 +231,10 @@ func (c *Conn) ReadSnap() (any, error) {
 			msg = new(snap.GetTrieNodesPacket)
 		case snap.TrieNodesMsg:
 			msg = new(snap.TrieNodesPacket)
+		case snap.GetAccessListsMsg:
+			msg = new(snap.GetAccessListsPacket)
+		case snap.AccessListsMsg:
+			msg = new(snap.AccessListsPacket)
 		default:
 			panic(fmt.Errorf("unhandled snap code: %d", code))
 		}
@ -335,10 +356,12 @@ loop:
 			if have, want := msg.ForkID, chain.ForkID(); !reflect.DeepEqual(have, want) {
 				return fmt.Errorf("wrong fork ID in status: have %v, want %v", have, want)
 			}
-			if have, want := msg.ProtocolVersion, c.ourHighestProtoVersion; have != uint32(want) {
-				return fmt.Errorf("wrong protocol version: have %v, want %v", have, want)
+			for _, cap := range c.caps {
+				if cap.Name == "eth" && cap.Version == uint(msg.ProtocolVersion) {
+					break loop
+				}
 			}
-			break loop
+			return fmt.Errorf("wrong protocol version: have %v, want %v", msg.ProtocolVersion, c.caps)
 		case discMsg:
 			var msg []p2p.DiscReason
 			if rlp.DecodeBytes(data, &msg); len(msg) == 0 {
--- a/cmd/devp2p/internal/ethtest/protocol.go
+++ b/cmd/devp2p/internal/ethtest/protocol.go
@ -33,7 +33,11 @@ const (
 const (
 	baseProtoLen = 16
 	ethProtoLen  = 18
-	snapProtoLen = 8
+	// snapProtoLen accommodates snap/2 (EIP-8189) which extends snap/1 with two
+	// additional message codes (GetBlockAccessLists=0x08, BlockAccessLists=0x09).
+	// Using 10 is safe for snap/1 connections because the extra codes are simply
+	// never used on that protocol version.
+	snapProtoLen = 10
 )

 // Unexported handshake structure from p2p/peer.go.
--- a/cmd/devp2p/internal/ethtest/snap.go
+++ b/cmd/devp2p/internal/ethtest/snap.go
@ -87,9 +87,9 @@ func (s *Suite) TestSnapGetAccountRange(t *utesting.T) {
 			root:         root,
 			startingHash: zero,
 			limitHash:    ffHash,
-			expAccounts:  67,
+			expAccounts:  68,
 			expFirst:     firstKey,
-			expLast:      common.HexToHash("0x622e662246601dd04f996289ce8b85e86db7bb15bb17f86487ec9d543ddb6f9a"),
+			expLast:      common.HexToHash("0x59312f89c13e9e24c1cb8b103aa39a9b2800348d97a92c2c9e2a78fa02b70025"),
 			desc:         "In this test, we request the entire state range, but limit the response to 4000 bytes.",
 		},
 		{
@ -97,9 +97,9 @@ func (s *Suite) TestSnapGetAccountRange(t *utesting.T) {
 			root:         root,
 			startingHash: zero,
 			limitHash:    ffHash,
-			expAccounts:  49,
+			expAccounts:  50,
 			expFirst:     firstKey,
-			expLast:      common.HexToHash("0x445cb5c1278fdce2f9cbdb681bdd76c52f8e50e41dbd9e220242a69ba99ac099"),
+			expLast:      common.HexToHash("0x4615e5f5df5b25349a00ad313c6cd0436b6c08ee5826e33a018661997f85ebaa"),
 			desc:         "In this test, we request the entire state range, but limit the response to 3000 bytes.",
 		},
 		{
@ -107,9 +107,9 @@ func (s *Suite) TestSnapGetAccountRange(t *utesting.T) {
 			root:         root,
 			startingHash: zero,
 			limitHash:    ffHash,
-			expAccounts:  34,
+			expAccounts:  35,
 			expFirst:     firstKey,
-			expLast:      common.HexToHash("0x2ef46ebd2073cecde499c2e8df028ad79a26d57bfaa812c4c6f7eb4c9617b913"),
+			expLast:      common.HexToHash("0x2de4bdbddcfbb9c3e195dae6b45f9c38daff897e926764bf34887fb0db5c3284"),
 			desc:         "In this test, we request the entire state range, but limit the response to 2000 bytes.",
 		},
 		{
@ -178,9 +178,9 @@ The server should return the first available account.`,
 			root:         root,
 			startingHash: firstKey,
 			limitHash:    ffHash,
-			expAccounts:  67,
+			expAccounts:  68,
 			expFirst:     firstKey,
-			expLast:      common.HexToHash("0x622e662246601dd04f996289ce8b85e86db7bb15bb17f86487ec9d543ddb6f9a"),
+			expLast:      common.HexToHash("0x59312f89c13e9e24c1cb8b103aa39a9b2800348d97a92c2c9e2a78fa02b70025"),
 			desc: `In this test, startingHash is exactly the first available account key.
 The server should return the first available account of the state as the first item.`,
 		},
@ -189,9 +189,9 @@ The server should return the first available account of the state as the first i
 			root:         root,
 			startingHash: hashAdd(firstKey, 1),
 			limitHash:    ffHash,
-			expAccounts:  67,
+			expAccounts:  68,
 			expFirst:     secondKey,
-			expLast:      common.HexToHash("0x66192e4c757fba1cdc776e6737008f42d50370d3cd801db3624274283bf7cd63"),
+			expLast:      common.HexToHash("0x59a7c8818f1c16b298a054020dc7c3f403a970d1d1db33f9478b1c36e3a2e509"),
 			desc: `In this test, startingHash is after the first available key.
 The server should return the second account of the state as the first item.`,
 		},
@ -227,9 +227,9 @@ server to return no data because genesis is older than 127 blocks.`,
 			root:         s.chain.RootAt(int(s.chain.Head().Number().Uint64()) - 127),
 			startingHash: zero,
 			limitHash:    ffHash,
-			expAccounts:  66,
+			expAccounts:  68,
 			expFirst:     firstKey,
-			expLast:      common.HexToHash("0x729953a43ed6c913df957172680a17e5735143ad767bda8f58ac84ec62fbec5e"),
+			expLast:      common.HexToHash("0x683b6c03cc32afe5db8cb96050f711fdaff8f8ff44c7587a9a848f921d02815e"),
 			desc: `This test requests data at a state root that is 127 blocks old.
 We expect the server to have this state available.`,
 		},
@ -658,8 +658,8 @@ The server should reject the request.`,
 				// It's a bit unfortunate these are hard-coded, but the result depends on
 				// a lot of aspects of the state trie and can't be guessed in a simple
 				// way. So you'll have to update this when the test chain is changed.
-				common.HexToHash("0x5bdc0d6057b35642a16d27223ea5454e5a17a400e28f7328971a5f2a87773b76"),
-				common.HexToHash("0x0a76c9812ca90ffed8ee4d191e683f93386b6e50cfe3679c0760d27510aa7fc5"),
+				common.HexToHash("0x4bdecec09691ad38113eebee2df94fadefdff5841c0f182bae1be3c8a6d60bf3"),
+				common.HexToHash("0x4178696465d4514ff5924ef8c28ce64d41a669634b63184c2c093e252d6b4bc4"),
 				empty, empty, empty, empty, empty, empty, empty, empty, empty, empty, empty, empty,
 				empty, empty, empty, empty, empty, empty, empty, empty, empty, empty, empty, empty,
 				empty, empty, empty, empty, empty, empty, empty, empty, empty, empty, empty, empty,
@ -679,8 +679,8 @@ The server should reject the request.`,
 			// be updated when the test chain is changed.
 			expHashes: []common.Hash{
 				empty,
-				common.HexToHash("0x0a76c9812ca90ffed8ee4d191e683f93386b6e50cfe3679c0760d27510aa7fc5"),
-				common.HexToHash("0x5bdc0d6057b35642a16d27223ea5454e5a17a400e28f7328971a5f2a87773b76"),
+				common.HexToHash("0x4178696465d4514ff5924ef8c28ce64d41a669634b63184c2c093e252d6b4bc4"),
+				common.HexToHash("0x4bdecec09691ad38113eebee2df94fadefdff5841c0f182bae1be3c8a6d60bf3"),
 			},
 		},

--- a/cmd/devp2p/internal/ethtest/snap2.go
+++ b/cmd/devp2p/internal/ethtest/snap2.go
@ -0,0 +1,375 @@
+// Copyright 2026 The go-ethereum Authors
+// This file is part of go-ethereum.
+//
+// go-ethereum is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// go-ethereum is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
+
+package ethtest
+
+import (
+	"bytes"
+	"fmt"
+	"math/rand"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/core/types/bal"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/eth/protocols/snap"
+	"github.com/ethereum/go-ethereum/internal/utesting"
+	"github.com/ethereum/go-ethereum/rlp"
+)
+
+// Snap/2 (EIP-8189) replaces trie node healing with BAL-based state catch-up.
+// It keeps 0x00..0x05 (AccountRange/StorageRanges/ByteCodes) unchanged, removes
+// GetTrieNodes (0x06) / TrieNodes (0x07), and adds GetBlockAccessLists (0x08) /
+// BlockAccessLists (0x09).
+//
+// The tests in this file focus on the wire behavior that is new or changed in
+// snap/2. Tests for the unchanged messages are already covered by the snap/1
+// suite in snap.go; the harness reuses the same code paths because those
+// message formats are identical across versions.
+
+// TestSnap2Status performs an RLPx+eth+snap/2 handshake against the node,
+// verifying that the node advertises and negotiates snap/2.
+func (s *Suite) TestSnap2Status(t *utesting.T) {
+	t.Log(`This test performs a snap/2 (EIP-8189) handshake. The peer is expected to
+advertise snap/2 as a p2p capability and accept the connection.`)
+
+	conn, err := s.dialSnap2()
+	if err != nil {
+		t.Fatalf("dial failed: %v", err)
+	}
+	defer conn.Close()
+	if err := conn.peer(s.chain, nil); err != nil {
+		t.Fatalf("peering failed: %v", err)
+	}
+	if conn.negotiatedSnapProtoVersion != 2 {
+		t.Fatalf("unexpected negotiated snap version: got %d, want 2", conn.negotiatedSnapProtoVersion)
+	}
+}
+
+type accessListsTest struct {
+	nBytes uint64
+	hashes []common.Hash
+
+	// minEntries/maxEntries bound the number of entries the response list
+	// MUST contain. Per EIP-8189 the server may truncate from the tail when
+	// the byte soft limit is reached, but MUST preserve request order.
+	minEntries int
+	maxEntries int
+
+	desc string
+}
+
+// TestSnap2GetBlockAccessLists exercises various forms of GetBlockAccessLists
+// requests defined in EIP-8189. Per the spec:
+//
+//   - Nodes MUST always respond.
+//   - Unavailable BALs are returned as the RLP empty string (0x80) at the
+//     matching position.
+//   - The server MAY return fewer entries than requested (respecting the byte
+//     soft limit or QoS limits), truncating from the tail.
+//   - Returned entries MUST preserve request order.
+//   - When a BAL is returned, its keccak256(rlp.encode(bal)) MUST match the
+//     block-access-list-hash field of the corresponding block header.
+func (s *Suite) TestSnap2GetBlockAccessLists(t *utesting.T) {
+	var (
+		head     = s.chain.Head()
+		headHash = head.Hash()
+		preHash  = s.chain.blocks[s.chain.Len()-2].Hash()
+		unknown  = common.HexToHash("0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")
+	)
+
+	// Collect a window of recent canonical block hashes. Limit to at most 16
+	// entries to keep the request small and well under any reasonable limit.
+	var recent []common.Hash
+	start := s.chain.Len() - 16
+	if start < 1 {
+		start = 1
+	}
+	for i := start; i < s.chain.Len(); i++ {
+		recent = append(recent, s.chain.blocks[i].Hash())
+	}
+
+	tests := []accessListsTest{
+		{
+			desc: `An empty request. The server must respond with an empty list and must
+not disconnect.`,
+			nBytes:     softResponseLimitSnap,
+			hashes:     nil,
+			minEntries: 0,
+			maxEntries: 0,
+		},
+		{
+			desc: `A request for a single random/unknown block hash. Per the spec the
+server must respond and include an RLP empty string (0x80) at that position.`,
+			nBytes:     softResponseLimitSnap,
+			hashes:     []common.Hash{unknown},
+			minEntries: 1,
+			maxEntries: 1,
+		},
+		{
+			desc: `A request for multiple random/unknown block hashes. The server must
+preserve request order and return an RLP empty string for each position.`,
+			nBytes: softResponseLimitSnap,
+			hashes: []common.Hash{
+				unknown,
+				common.HexToHash("0x0000000000000000000000000000000000000000000000000000000000000001"),
+				common.HexToHash("0x0000000000000000000000000000000000000000000000000000000000000002"),
+			},
+			minEntries: 3,
+			maxEntries: 3,
+		},
+		{
+			desc: `A request for the chain head. The server must respond. If the node is
+post-Amsterdam and has the BAL for this block, the returned BAL must hash to
+the block-access-list-hash in the header. Otherwise an empty entry is valid.`,
+			nBytes:     softResponseLimitSnap,
+			hashes:     []common.Hash{headHash},
+			minEntries: 1,
+			maxEntries: 1,
+		},
+		{
+			desc: `A request for the chain head and its parent. The server must return
+exactly two entries, in request order.`,
+			nBytes:     softResponseLimitSnap,
+			hashes:     []common.Hash{headHash, preHash},
+			minEntries: 2,
+			maxEntries: 2,
+		},
+		{
+			desc: `A mixed request with known and unknown hashes. The server must
+return entries in request order, with the RLP empty string at positions
+corresponding to unknown hashes.`,
+			nBytes: softResponseLimitSnap,
+			hashes: []common.Hash{headHash, unknown, preHash, unknown},
+			// We expect exactly 4 entries — mixed responses are small and well
+			// under the byte limit, so truncation is not expected.
+			minEntries: 4,
+			maxEntries: 4,
+		},
+		{
+			desc: `A request spanning the most recent canonical window. Implementations
+may serve or drop individual entries, but the entries that are returned must
+preserve request order.`,
+			nBytes:     softResponseLimitSnap,
+			hashes:     recent,
+			minEntries: 0,
+			maxEntries: len(recent),
+		},
+		{
+			desc: `A request with a very small byte soft limit. The server must return
+at least zero entries and no more than the requested number, truncating from
+the tail. It must not disconnect.`,
+			nBytes:     1,
+			hashes:     recent,
+			minEntries: 0,
+			maxEntries: len(recent),
+		},
+		{
+			desc: `A request with a zero byte soft limit. The server must still respond
+(possibly with an empty list) and must not disconnect.`,
+			nBytes:     0,
+			hashes:     recent,
+			minEntries: 0,
+			maxEntries: len(recent),
+		},
+		{
+			desc: `A request containing the same hash repeated. The server must treat
+each position independently and preserve request order.`,
+			nBytes:     softResponseLimitSnap,
+			hashes:     []common.Hash{headHash, headHash, headHash},
+			minEntries: 3,
+			maxEntries: 3,
+		},
+	}
+
+	for i, tc := range tests {
+		if i > 0 {
+			t.Log("\n")
+		}
+		t.Logf("-- Test %d", i)
+		t.Log(tc.desc)
+		t.Log("  request:")
+		t.Logf("      hashes: %d", len(tc.hashes))
+		t.Logf("      responseBytes: %d", tc.nBytes)
+		if err := s.snapGetAccessLists(t, &tc); err != nil {
+			t.Errorf("test %d failed: %v", i, err)
+		}
+	}
+}
+
+// TestSnap2TrieNodesRemoved verifies that snap/2 no longer serves the
+// GetTrieNodes message (0x06). Per EIP-8189, snap/2 removes GetTrieNodes and
+// TrieNodes entirely. A server that negotiated snap/2 must not treat these
+// codes as valid snap messages and should disconnect the peer that sends them.
+func (s *Suite) TestSnap2TrieNodesRemoved(t *utesting.T) {
+	t.Log(`This test verifies that sending a GetTrieNodes message over a snap/2
+connection causes the peer to reject the request. Per EIP-8189, GetTrieNodes
+is removed in snap/2.`)
+
+	conn, err := s.dialSnap2()
+	if err != nil {
+		t.Fatalf("dial failed: %v", err)
+	}
+	defer conn.Close()
+	if err := conn.peer(s.chain, nil); err != nil {
+		t.Fatalf("peering failed: %v", err)
+	}
+
+	// Build a syntactically valid GetTrieNodes request to the head state root.
+	paths, err := rlp.EncodeToRawList([]snap.TrieNodePathSet{{[]byte{0}}})
+	if err != nil {
+		t.Fatalf("failed to encode paths: %v", err)
+	}
+	req := &snap.GetTrieNodesPacket{
+		ID:    uint64(rand.Int63()),
+		Root:  s.chain.Head().Root(),
+		Paths: paths,
+		Bytes: 5000,
+	}
+	if err := conn.Write(snapProto, snap.GetTrieNodesMsg, req); err != nil {
+		t.Fatalf("failed to write GetTrieNodes: %v", err)
+	}
+
+	// We expect either a disconnect or a read error/timeout. We must NOT
+	// receive a valid TrieNodes response. Loop a few times to consume any
+	// incidental messages the peer might send (e.g. block updates) before
+	// deciding.
+	for i := 0; i < 5; i++ {
+		msg, err := conn.ReadSnap()
+		if err != nil {
+			// Disconnect or read error — the peer rejected the request.
+			return
+		}
+		if _, ok := msg.(*snap.TrieNodesPacket); ok {
+			t.Fatal("peer responded with TrieNodes over snap/2; GetTrieNodes must be unsupported")
+		}
+	}
+	t.Fatal("peer did not reject GetTrieNodes over snap/2 within the observation window")
+}
+
+// softResponseLimitSnap mirrors the recommended 2 MiB soft limit for
+// BlockAccessLists responses from EIP-8189 §"Response Size Limit".
+const softResponseLimitSnap = 2 * 1024 * 1024
+
+// snapGetAccessLists sends a GetBlockAccessLists request, validates the
+// response structure against EIP-8189, and verifies BAL content against the
+// block-access-list-hash field of the corresponding block header (when the
+// block is known and a BAL was returned).
+func (s *Suite) snapGetAccessLists(t *utesting.T, tc *accessListsTest) error {
+	conn, err := s.dialSnap2()
+	if err != nil {
+		return fmt.Errorf("dial failed: %v", err)
+	}
+	defer conn.Close()
+	if err = conn.peer(s.chain, nil); err != nil {
+		return fmt.Errorf("peering failed: %v", err)
+	}
+
+	req := &snap.GetAccessListsPacket{
+		ID:     uint64(rand.Int63()),
+		Hashes: tc.hashes,
+		Bytes:  tc.nBytes,
+	}
+	msg, err := conn.snapRequest(snap.GetAccessListsMsg, req)
+	if err != nil {
+		return fmt.Errorf("access list request failed: %v", err)
+	}
+	res, ok := msg.(*snap.AccessListsPacket)
+	if !ok {
+		return fmt.Errorf("unexpected response type: %T", msg)
+	}
+	if res.ID != req.ID {
+		return fmt.Errorf("request id mismatch: got %d, want %d", res.ID, req.ID)
+	}
+
+	// Check list length bounds.
+	got := res.AccessLists.Len()
+	if got < tc.minEntries || got > tc.maxEntries {
+		return fmt.Errorf("response has %d entries, want between %d and %d", got, tc.minEntries, tc.maxEntries)
+	}
+
+	// Build a map of request-index -> block so we can verify BAL hashes.
+	blocks := make(map[int]*types.Block)
+	for i, h := range tc.hashes {
+		for _, b := range s.chain.blocks {
+			if b.Hash() == h {
+				blocks[i] = b
+				break
+			}
+		}
+	}
+
+	// Iterate the response, validating each entry positionally.
+	var (
+		idx int
+		it  = res.AccessLists.ContentIterator()
+	)
+	for it.Next() {
+		raw := it.Value()
+		block := blocks[idx]
+
+		// Empty entry: per spec, indicates BAL is unavailable for that block.
+		if bytes.Equal(raw, rlp.EmptyString) {
+			if block != nil && block.Header().BlockAccessListHash != nil {
+				// Not a failure — the server is allowed to legitimately not
+				// have the BAL. But we log it so the test output is diagnosable.
+				t.Logf("    entry %d: server returned empty for known post-Amsterdam block %x", idx, tc.hashes[idx])
+			}
+			idx++
+			continue
+		}
+
+		// Non-empty entry. A BAL is only legitimate for a block we know
+		// locally whose header commits to one; for any other hash the only
+		// valid response is the RLP empty string, so receiving data here
+		// means the server fabricated it.
+		if block == nil {
+			return fmt.Errorf("entry %d: server returned BAL data for unknown hash %x", idx, tc.hashes[idx])
+		}
+		if block.Header().BlockAccessListHash == nil {
+			return fmt.Errorf("entry %d: server returned BAL data for a block with no expected BAL (hash %x)", idx, tc.hashes[idx])
+		}
+
+		// Per EIP-8189: compute keccak256(rlp.encode(bal)) against the raw
+		// bytes actually received on the wire, and compare to the header
+		// commitment. Hashing raw bytes (rather than re-encoding after a
+		// decode round-trip) catches peers that send non-canonical BAL
+		// encodings.
+		have := crypto.Keccak256Hash(raw)
+		want := *block.Header().BlockAccessListHash
+		if have != want {
+			return fmt.Errorf("entry %d: BAL hash mismatch: have %x, want %x", idx, have, want)
+		}
+
+		// Decode and validate the BAL's internal structure: ordering of
+		// accounts/slots/changes, code-size limits, and per-entry access-index
+		// bounds, against the known block.
+		var accessList bal.BlockAccessList
+		if err := rlp.DecodeBytes(raw, &accessList); err != nil {
+			return fmt.Errorf("entry %d: invalid BAL RLP: %v", idx, err)
+		}
+		if err := accessList.Validate(block.GasLimit(), len(block.Transactions())); err != nil {
+			return fmt.Errorf("entry %d: BAL failed validation: %v", idx, err)
+		}
+		idx++
+	}
+
+	// Sanity: iterator consumed exactly the reported number of entries.
+	if idx != got {
+		return fmt.Errorf("iterator visited %d entries, expected %d", idx, got)
+	}
+	return nil
+}
--- a/cmd/devp2p/internal/ethtest/suite.go
+++ b/cmd/devp2p/internal/ethtest/suite.go
@ -35,6 +35,7 @@ import (
 	"github.com/ethereum/go-ethereum/p2p"
 	"github.com/ethereum/go-ethereum/p2p/enode"
 	"github.com/ethereum/go-ethereum/rlp"
+	"github.com/ethereum/go-ethereum/trie"
 	"github.com/holiman/uint256"
 )

@ -83,6 +84,7 @@ func (s *Suite) EthTests() []utesting.Test {
 		// get history
 		{Name: "GetBlockBodies", Fn: s.TestGetBlockBodies},
 		{Name: "GetReceipts", Fn: s.TestGetReceipts},
+		{Name: "GetLargeReceipts", Fn: s.TestGetLargeReceipts},
 		// test transactions
 		{Name: "LargeTxRequest", Fn: s.TestLargeTxRequest, Slow: true},
 		{Name: "Transaction", Fn: s.TestTransaction},
@ -104,6 +106,16 @@ func (s *Suite) SnapTests() []utesting.Test {
 	}
 }

+// Snap2Tests returns the list of tests for the snap/2 protocol (EIP-8189).
+// These tests require the peer to advertise and negotiate snap/2.
+func (s *Suite) Snap2Tests() []utesting.Test {
+	return []utesting.Test{
+		{Name: "Status", Fn: s.TestSnap2Status},
+		{Name: "GetBlockAccessLists", Fn: s.TestSnap2GetBlockAccessLists},
+		{Name: "TrieNodesRemoved", Fn: s.TestSnap2TrieNodesRemoved},
+	}
+}
+
 func (s *Suite) TestStatus(t *utesting.T) {
 	t.Log(`This test is just a sanity check. It performs an eth protocol handshake.`)
 	conn, err := s.dialAndPeer(nil)
@ -336,7 +348,7 @@ func (s *Suite) checkHeadersAgainstChain(req *eth.GetBlockHeadersPacket, resp *e
 }

 // collectResponses waits for n messages of type T on the given connection.
-// The messsages are collected according to the 'identity' function.
+// The messages are collected according to the 'identity' function.
 //
 // This function is written in a generic way to handle
 func collectHeaderResponses(conn *Conn, n int, identity func(*eth.BlockHeadersPacket) uint64) (map[uint64]*eth.BlockHeadersPacket, error) {
@ -429,6 +441,9 @@ func (s *Suite) TestGetReceipts(t *utesting.T) {
 	// Find some blocks containing receipts.
 	var hashes = make([]common.Hash, 0, 3)
 	for i := range s.chain.Len() {
+		if s.chain.txInfo.LargeReceiptBlock != nil && uint64(i) == *s.chain.txInfo.LargeReceiptBlock {
+			continue
+		}
 		block := s.chain.GetBlock(i)
 		if len(block.Transactions()) > 0 {
 			hashes = append(hashes, block.Hash())
@ -437,25 +452,121 @@ func (s *Suite) TestGetReceipts(t *utesting.T) {
 			break
 		}
 	}
+	if conn.negotiatedProtoVersion < eth.ETH70 {
+		// Create block bodies request.
+		req := &eth.GetReceiptsPacket69{
+			RequestId:          66,
+			GetReceiptsRequest: (eth.GetReceiptsRequest)(hashes),
+		}
+		if err := conn.Write(ethProto, eth.GetReceiptsMsg, req); err != nil {
+			t.Fatalf("could not write to connection: %v", err)
+		}
+		// Wait for response.
+		resp := new(eth.ReceiptsPacket69)
+		if err := conn.ReadMsg(ethProto, eth.ReceiptsMsg, &resp); err != nil {
+			t.Fatalf("error reading block receipts msg: %v", err)
+		}
+		if got, want := resp.RequestId, req.RequestId; got != want {
+			t.Fatalf("unexpected request id in respond", got, want)
+		}
+		if resp.List.Len() != len(req.GetReceiptsRequest) {
+			t.Fatalf("wrong receipts in response: expected %d receipts, got %d", len(req.GetReceiptsRequest), resp.List.Len())
+		}
+	} else {
+		// Create block bodies request.
+		req := &eth.GetReceiptsPacket70{
+			RequestId:              66,
+			FirstBlockReceiptIndex: 0,
+			GetReceiptsRequest:     (eth.GetReceiptsRequest)(hashes),
+		}
+		if err := conn.Write(ethProto, eth.GetReceiptsMsg, req); err != nil {
+			t.Fatalf("could not write to connection: %v", err)
+		}
+		// Wait for response.
+		resp := new(eth.ReceiptsPacket70)
+		if err := conn.ReadMsg(ethProto, eth.ReceiptsMsg, &resp); err != nil {
+			t.Fatalf("error reading block receipts msg: %v", err)
+		}
+		if got, want := resp.RequestId, req.RequestId; got != want {
+			t.Fatalf("unexpected request id in respond", got, want)
+		}
+		if resp.List.Len() != len(req.GetReceiptsRequest) {
+			t.Fatalf("wrong receipts in response: expected %d receipts, got %d", len(req.GetReceiptsRequest), resp.List.Len())
+		}
+	}
+}

-	// Create receipts request.
-	req := &eth.GetReceiptsPacket{
-		RequestId:          66,
-		GetReceiptsRequest: (eth.GetReceiptsRequest)(hashes),
+func (s *Suite) TestGetLargeReceipts(t *utesting.T) {
+	t.Log(`This test sends GetReceipts requests to the node for large receipt (>10MiB) in the test chain.
+	This test is meaningful only if the client supports protocol version ETH70 or higher 
+	and LargeReceiptBlock is configured in txInfo.json.`)
+	conn, err := s.dialAndPeer(nil)
+	if err != nil {
+		t.Fatalf("peering failed: %v", err)
 	}
-	if err := conn.Write(ethProto, eth.GetReceiptsMsg, req); err != nil {
-		t.Fatalf("could not write to connection: %v", err)
+	defer conn.Close()
+
+	if conn.negotiatedProtoVersion < eth.ETH70 || s.chain.txInfo.LargeReceiptBlock == nil {
+		return
 	}
-	// Wait for response.
-	resp := new(eth.ReceiptsPacket)
-	if err := conn.ReadMsg(ethProto, eth.ReceiptsMsg, &resp); err != nil {
-		t.Fatalf("error reading block bodies msg: %v", err)
+
+	// Find block with large receipt.
+	// Place the large receipt block hash in the middle of the query
+	start := max(int(*s.chain.txInfo.LargeReceiptBlock)-2, 0)
+	end := min(*s.chain.txInfo.LargeReceiptBlock+2, uint64(len(s.chain.blocks)))
+
+	var blocks []common.Hash
+	var receiptHashes []common.Hash
+	var receipts []*eth.ReceiptList
+
+	for i := uint64(start); i < end; i++ {
+		block := s.chain.GetBlock(int(i))
+		blocks = append(blocks, block.Hash())
+		receiptHashes = append(receiptHashes, block.Header().ReceiptHash)
+		receipts = append(receipts, &eth.ReceiptList{})
 	}
-	if got, want := resp.RequestId, req.RequestId; got != want {
-		t.Fatalf("unexpected request id in respond", got, want)
+
+	incomplete := false
+	lastBlock := 0
+
+	for incomplete || lastBlock != len(blocks)-1 {
+		// Create get receipt request.
+		req := &eth.GetReceiptsPacket70{
+			RequestId:              66,
+			FirstBlockReceiptIndex: uint64(receipts[lastBlock].Derivable().Len()),
+			GetReceiptsRequest:     blocks[lastBlock:],
+		}
+		if err := conn.Write(ethProto, eth.GetReceiptsMsg, req); err != nil {
+			t.Fatalf("could not write to connection: %v", err)
+		}
+		// Wait for response.
+		resp := new(eth.ReceiptsPacket70)
+		if err := conn.ReadMsg(ethProto, eth.ReceiptsMsg, &resp); err != nil {
+			t.Fatalf("error reading block receipts msg: %v", err)
+		}
+		if got, want := resp.RequestId, req.RequestId; got != want {
+			t.Fatalf("unexpected request id in respond, want: %d, got: %d", want, got)
+		}
+
+		receiptLists, _ := resp.List.Items()
+		for i, rc := range receiptLists {
+			receipts[lastBlock+i].Append(rc)
+		}
+		lastBlock += len(receiptLists) - 1
+
+		incomplete = resp.LastBlockIncomplete
 	}
-	if resp.List.Len() != len(req.GetReceiptsRequest) {
-		t.Fatalf("wrong receipts in response: expected %d receipts, got %d", len(req.GetReceiptsRequest), resp.List.Len())
+
+	hasher := trie.NewStackTrie(nil)
+	hashes := make([]common.Hash, len(receipts))
+	for i := range receipts {
+		hashes[i] = types.DeriveSha(receipts[i].Derivable(), hasher)
+	}
+
+	for i, hash := range hashes {
+		if receiptHashes[i] != hash {
+			t.Fatalf("wrong receipt root: want %x, got %x", receiptHashes[i], hash)
+		}
 	}
 }

@ -564,7 +675,7 @@ func (s *Suite) TestBlockRangeUpdateInvalid(t *utesting.T) {

 func (s *Suite) TestBlockRangeUpdateFuture(t *utesting.T) {
 	t.Log(`This test sends a BlockRangeUpdate that is beyond the chain head.
-The node should accept the update and should not disonnect.`)
+The node should accept the update and should not disconnect.`)
 	conn, err := s.dialAndPeer(nil)
 	if err != nil {
 		t.Fatal(err)
@ -600,7 +711,7 @@ The node should accept the update and should not disonnect.`)

 func (s *Suite) TestBlockRangeUpdateHistoryExp(t *utesting.T) {
 	t.Log(`This test sends a BlockRangeUpdate announcing incomplete (expired) history.
-The node should accept the update and should not disonnect.`)
+The node should accept the update and should not disconnect.`)
 	conn, err := s.dialAndPeer(nil)
 	if err != nil {
 		t.Fatal(err)
--- a/cmd/devp2p/internal/ethtest/suite_test.go
+++ b/cmd/devp2p/internal/ethtest/suite_test.go
@ -99,6 +99,31 @@ func TestSnapSuite(t *testing.T) {
 	}
 }

+func TestSnap2Suite(t *testing.T) {
+	jwtPath, secret, err := makeJWTSecret(t)
+	if err != nil {
+		t.Fatalf("could not make jwt secret: %v", err)
+	}
+	geth, err := runGeth("./testdata", jwtPath)
+	if err != nil {
+		t.Fatalf("could not run geth: %v", err)
+	}
+	defer geth.Close()
+
+	suite, err := NewSuite(geth.Server().Self(), "./testdata", geth.HTTPAuthEndpoint(), common.Bytes2Hex(secret[:]))
+	if err != nil {
+		t.Fatalf("could not create new test suite: %v", err)
+	}
+	for _, test := range suite.Snap2Tests() {
+		t.Run(test.Name, func(t *testing.T) {
+			result := utesting.RunTests([]utesting.Test{{Name: test.Name, Fn: test.Fn}}, os.Stdout)
+			if result[0].Failed {
+				t.Fatal()
+			}
+		})
+	}
+}
+
 // runGeth creates and starts a geth node
 func runGeth(dir string, jwtPath string) (*node.Node, error) {
 	stack, err := node.New(&node.Config{
@ -141,6 +166,7 @@ func setupGeth(stack *node.Node, dir string) error {
 		TrieDirtyCache: 16,
 		TrieTimeout:    60 * time.Minute,
 		SnapshotCache:  10,
+		SnapV2:         true, // advertise snap/2 (alongside snap/1) so the snap/2 suite can negotiate it
 	})
 	if err != nil {
 		return err
--- a/cmd/devp2p/internal/ethtest/testdata/chain.rlp
+++ b/cmd/devp2p/internal/ethtest/testdata/chain.rlp
--- a/cmd/devp2p/internal/ethtest/testdata/genesis.json
+++ b/cmd/devp2p/internal/ethtest/testdata/genesis.json
@ -37,7 +37,7 @@
  "nonce": "0x0",
  "timestamp": "0x0",
  "extraData": "0x68697665636861696e",
-  "gasLimit": "0x23f3e20",
+  "gasLimit": "0x11e1a300",
  "difficulty": "0x20000",
  "mixHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
  "coinbase": "0x0000000000000000000000000000000000000000",
@ -119,6 +119,10 @@
      "balance": "0x1",
      "nonce": "0x1"
    },
+    "8dcd17433742f4c0ca53122ab541d0ba67fc27ff": {
+      "code": "0x6202e6306000a0",
+      "balance": "0x0"
+    },
    "c7b99a164efd027a93f147376cc7da7c67c6bbe0": {
      "balance": "0xc097ce7bc90715b34b9f1000000000"
    },
--- a/cmd/devp2p/internal/ethtest/testdata/headblock.json
+++ b/cmd/devp2p/internal/ethtest/testdata/headblock.json
@ -1,24 +1,24 @@
 {
-  "parentHash": "0x65151b101682b54cd08ba226f640c14c86176865ff9bfc57e0147dadaeac34bb",
+  "parentHash": "0x7e80093a491eba0e5b2c1895837902f64f514100221801318fe391e1e09c96a6",
  "sha3Uncles": "0x1dcc4de8dec75d7aab85b567b6ccd41ad312451b948a7413f0a142fd40d49347",
  "miner": "0x0000000000000000000000000000000000000000",
-  "stateRoot": "0xce423ebc60fc7764a43f09f1fe3ae61eef25e3eb8d09b1108f7e7eb77dfff5e6",
-  "transactionsRoot": "0x7ec1ae3989efa75d7bcc766e5e2443afa8a89a5fda42ebba90050e7e702980f7",
-  "receiptsRoot": "0xfe160832b1ca85f38c6674cb0aae3a24693bc49be56e2ecdf3698b71a794de86",
+  "stateRoot": "0x8fcfb02cfca007773bd55bc1c3e50a3c8612a59c87ce057e5957e8bf17c1728b",
+  "transactionsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
+  "receiptsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
  "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "difficulty": "0x0",
  "number": "0x258",
-  "gasLimit": "0x23f3e20",
-  "gasUsed": "0x19d36",
+  "gasLimit": "0x11e1a300",
+  "gasUsed": "0x0",
  "timestamp": "0x1770",
  "extraData": "0x",
  "mixHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
  "nonce": "0x0000000000000000",
  "baseFeePerGas": "0x7",
-  "withdrawalsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
+  "withdrawalsRoot": "0x92abfda39de7df7d705c5a8f30386802ad59d31e782a06d5c5b0f9a260056cf0",
  "blobGasUsed": "0x0",
  "excessBlobGas": "0x0",
  "parentBeaconBlockRoot": "0xf5003fc8f92358e790a114bce93ce1d9c283c85e1787f8d7d56714d3489b49e6",
  "requestsHash": "0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-  "hash": "0xce8d86ba17a2ec303155f0e264c58a4b8f94ce3436274cf1924f91acdb7502d0"
+  "hash": "0x44e3809c9a3cda717f00aea3a9da336d149612c8d5657fbc0028176ef8d94d2a"
 }
--- a/cmd/devp2p/internal/ethtest/testdata/headfcu.json
+++ b/cmd/devp2p/internal/ethtest/testdata/headfcu.json
@ -4,9 +4,9 @@
  "method": "engine_forkchoiceUpdatedV3",
  "params": [
    {
-      "headBlockHash": "0xce8d86ba17a2ec303155f0e264c58a4b8f94ce3436274cf1924f91acdb7502d0",
-      "safeBlockHash": "0xce8d86ba17a2ec303155f0e264c58a4b8f94ce3436274cf1924f91acdb7502d0",
-      "finalizedBlockHash": "0xce8d86ba17a2ec303155f0e264c58a4b8f94ce3436274cf1924f91acdb7502d0"
+      "headBlockHash": "0x44e3809c9a3cda717f00aea3a9da336d149612c8d5657fbc0028176ef8d94d2a",
+      "safeBlockHash": "0x44e3809c9a3cda717f00aea3a9da336d149612c8d5657fbc0028176ef8d94d2a",
+      "finalizedBlockHash": "0x44e3809c9a3cda717f00aea3a9da336d149612c8d5657fbc0028176ef8d94d2a"
    },
    null
  ]
--- a/cmd/devp2p/internal/ethtest/testdata/headstate.json
+++ b/cmd/devp2p/internal/ethtest/testdata/headstate.json
--- a/cmd/devp2p/internal/ethtest/testdata/newpayload.json
+++ b/cmd/devp2p/internal/ethtest/testdata/newpayload.json
--- a/cmd/devp2p/internal/ethtest/testdata/txinfo.json
+++ b/cmd/devp2p/internal/ethtest/testdata/txinfo.json
--- a/cmd/devp2p/internal/ethtest/transaction.go
+++ b/cmd/devp2p/internal/ethtest/transaction.go
@ -155,7 +155,11 @@ func (s *Suite) sendInvalidTxs(t *utesting.T, txs []*types.Transaction) error {

 		switch msg := msg.(type) {
 		case *eth.TransactionsPacket:
-			for _, tx := range txs {
+			received, err := msg.Items()
+			if err != nil {
+				return fmt.Errorf("failed to decode received transactions: %w", err)
+			}
+			for _, tx := range received {
 				if _, ok := invalids[tx.Hash()]; ok {
 					return fmt.Errorf("received bad tx: %s", tx.Hash())
 				}
--- a/cmd/devp2p/internal/v5test/discv5tests.go
+++ b/cmd/devp2p/internal/v5test/discv5tests.go
@ -257,34 +257,50 @@ that they are returned by FINDNODE.`)

 	// Create bystanders.
 	nodes := make([]*bystander, 5)
-	added := make(chan enode.ID, len(nodes))
+	liveCh := make(chan enode.ID, len(nodes))
 	for i := range nodes {
-		nodes[i] = newBystander(t, s, added)
+		nodes[i] = newBystander(t, s, liveCh)
 		defer nodes[i].close()
 	}

-	// Get them added to the remote table.
+	// Prefill each bystander with the full bystander set so background FINDNODE
+	// lookups see useful routing data instead of empty responses.
+	known := make([]*enode.Node, 0, len(nodes))
+	for _, bn := range nodes {
+		known = append(known, bn.conn.localNode.Node())
+	}
+	for _, bn := range nodes {
+		bn.known = append([]*enode.Node(nil), known...)
+	}
+
+	// Wait until enough bystanders have actually become live, i.e. the remote node
+	// has revalidated them by sending PING and receiving our PONG.
+	requiredLiveNodes := len(nodes)
 	timeout := 60 * time.Second
 	timeoutCh := time.After(timeout)
-	for count := 0; count < len(nodes); {
+	liveSet := make(map[enode.ID]*enode.Node)
+	for len(liveSet) < requiredLiveNodes {
 		select {
-		case id := <-added:
-			t.Logf("bystander node %v added to remote table", id)
-			count++
+		case id := <-liveCh:
+			for _, bn := range nodes {
+				if bn.id() == id {
+					liveSet[id] = bn.conn.localNode.Node()
+					break
+				}
+			}
+			t.Logf("bystander node %v became live", id)
 		case <-timeoutCh:
-			t.Errorf("remote added %d bystander nodes in %v, need %d to continue", count, timeout, len(nodes))
-			t.Logf("this can happen if the node has a non-empty table from previous runs")
+			t.Errorf("remote revalidated %d bystander nodes in %v, need %d to continue", len(liveSet), timeout, requiredLiveNodes)
 			return
 		}
 	}
-	t.Logf("all %d bystander nodes were added", len(nodes))
+	t.Logf("continuing after all %d bystander nodes became live", len(liveSet))

-	// Collect our nodes by distance.
+	// Collect live nodes by distance.
 	var dists []uint
 	expect := make(map[enode.ID]*enode.Node)
-	for _, bn := range nodes {
-		n := bn.conn.localNode.Node()
-		expect[n.ID()] = n
+	for id, n := range liveSet {
+		expect[id] = n
 		d := uint(enode.LogDist(n.ID(), s.Dest.ID()))
 		if !slices.Contains(dists, d) {
 			dists = append(dists, d)
@ -295,42 +311,63 @@ that they are returned by FINDNODE.`)
 	t.Log("requesting nodes")
 	conn, l1 := s.listen1(t)
 	defer conn.close()
-	foundNodes, err := conn.findnode(l1, dists)
-	if err != nil {
-		t.Fatal(err)
-	}
-	t.Logf("remote returned %d nodes for distance list %v", len(foundNodes), dists)
-	for _, n := range foundNodes {
-		delete(expect, n.ID())
-	}
-	if len(expect) > 0 {
-		t.Errorf("missing %d nodes in FINDNODE result", len(expect))
-		t.Logf("this can happen if the test is run multiple times in quick succession")
-		t.Logf("and the remote node hasn't removed dead nodes from previous runs yet")
-	} else {
-		t.Logf("all %d expected nodes were returned", len(nodes))
+
+	const maxAttempts = 5
+	const retryInterval = 2 * time.Second
+
+	for attempt := 1; attempt <= maxAttempts; attempt++ {
+		foundNodes, err := conn.findnode(l1, dists)
+		if err != nil {
+			t.Fatal(err)
+		}
+		missing := make(map[enode.ID]struct{})
+		for id := range expect {
+			missing[id] = struct{}{}
+		}
+		for _, n := range foundNodes {
+			delete(missing, n.ID())
+		}
+		t.Logf("attempt %d: remote returned %d nodes for distance list %v, missing %d", attempt, len(foundNodes), dists, len(missing))
+		if len(missing) == 0 {
+			t.Logf("all %d expected live nodes were returned", len(expect))
+			return
+		}
+		if attempt < maxAttempts {
+			time.Sleep(retryInterval)
+		}
 	}
+	t.Errorf("missing nodes in FINDNODE result after %d attempts", maxAttempts)
+	t.Logf("this can happen if the node has a non-empty table from previous runs")
 }

 // A bystander is a node whose only purpose is filling a spot in the remote table.
 type bystander struct {
-	dest *enode.Node
-	conn *conn
-	l    net.PacketConn
+	dest  *enode.Node
+	conn  *conn
+	l     net.PacketConn
+	known []*enode.Node

-	addedCh chan enode.ID
-	done    sync.WaitGroup
+	liveCh chan enode.ID
+	sent   map[v5wire.Nonce]v5wire.Packet
+	done   sync.WaitGroup
 }

-func newBystander(t *utesting.T, s *Suite, added chan enode.ID) *bystander {
+func newBystander(t *utesting.T, s *Suite, live chan enode.ID) *bystander {
 	conn, l := s.listen1(t)
 	conn.setEndpoint(l) // bystander nodes need IP/port to get pinged
 	bn := &bystander{
-		conn:    conn,
-		l:       l,
-		dest:    s.Dest,
-		addedCh: added,
+		conn:   conn,
+		l:      l,
+		dest:   s.Dest,
+		liveCh: live,
+		sent:   make(map[v5wire.Nonce]v5wire.Packet),
 	}
+	// Establish an initial session and let the remote learn this node before
+	// switching to the passive responder loop below.
+	conn.reqresp(l, &v5wire.Ping{
+		ReqID:  conn.nextReqID(),
+		ENRSeq: conn.localNode.Seq(),
+	})
 	bn.done.Add(1)
 	go bn.loop()
 	return bn
@ -351,48 +388,57 @@ func (bn *bystander) close() {
 func (bn *bystander) loop() {
 	defer bn.done.Done()

-	var (
-		lastPing time.Time
-		wasAdded bool
-	)
 	for {
-		// Ping the remote node.
-		if !wasAdded && time.Since(lastPing) > 10*time.Second {
-			bn.conn.reqresp(bn.l, &v5wire.Ping{
-				ReqID:  bn.conn.nextReqID(),
-				ENRSeq: bn.dest.Seq(),
-			})
-			lastPing = time.Now()
-		}
-		// Answer packets.
-		switch p := bn.conn.read(bn.l).(type) {
-		case *v5wire.Ping:
-			bn.conn.write(bn.l, &v5wire.Pong{
-				ReqID:  p.ReqID,
-				ENRSeq: bn.conn.localNode.Seq(),
-				ToIP:   bn.dest.IP(),
-				ToPort: uint16(bn.dest.UDP()),
-			}, nil)
-			wasAdded = true
-			bn.notifyAdded()
-		case *v5wire.Findnode:
-			bn.conn.write(bn.l, &v5wire.Nodes{ReqID: p.ReqID, RespCount: 1}, nil)
-			wasAdded = true
-			bn.notifyAdded()
-		case *v5wire.TalkRequest:
-			bn.conn.write(bn.l, &v5wire.TalkResponse{ReqID: p.ReqID}, nil)
-		case *readError:
-			if !netutil.IsTemporaryError(p.err) {
-				bn.conn.logf("shutting down: %v", p.err)
-				return
+		p, from := bn.conn.readFrom(bn.l)
+		switch p := p.(type) {
+		case *v5wire.Whoareyou:
+			p.Node = bn.dest
+			if resp, ok := bn.sent[p.Nonce]; ok {
+				nonce := bn.conn.writeTo(bn.l, resp, p, from)
+				delete(bn.sent, p.Nonce)
+				bn.sent[nonce] = resp
+			} else {
+				bn.conn.writeTo(bn.l, &v5wire.Ping{
+					ReqID:  bn.conn.nextReqID(),
+					ENRSeq: bn.conn.localNode.Seq(),
+				}, p, from)
 			}
+		case *v5wire.Ping:
+			resp := &v5wire.Pong{
+				ReqID:  append([]byte(nil), p.ReqID...),
+				ENRSeq: bn.conn.localNode.Seq(),
+				ToIP:   from.IP,
+				ToPort: uint16(from.Port),
+			}
+			nonce := bn.conn.writeTo(bn.l, resp, nil, from)
+			bn.sent[nonce] = resp
+			bn.notifyLive()
+		case *v5wire.Findnode:
+			resp := &v5wire.Nodes{ReqID: append([]byte(nil), p.ReqID...), RespCount: 1}
+			for _, n := range bn.known {
+				if slices.Contains(p.Distances, uint(enode.LogDist(n.ID(), bn.id()))) {
+					resp.Nodes = append(resp.Nodes, n.Record())
+				}
+			}
+			nonce := bn.conn.writeTo(bn.l, resp, nil, from)
+			bn.sent[nonce] = resp
+		case *v5wire.TalkRequest:
+			resp := &v5wire.TalkResponse{ReqID: append([]byte(nil), p.ReqID...)}
+			nonce := bn.conn.writeTo(bn.l, resp, nil, from)
+			bn.sent[nonce] = resp
+		case *readError:
+			if netutil.IsTemporaryError(p.err) || v5wire.IsInvalidHeader(p.err) {
+				continue
+			}
+			bn.conn.logf("shutting down: %v", p.err)
+			return
 		}
 	}
 }

-func (bn *bystander) notifyAdded() {
-	if bn.addedCh != nil {
-		bn.addedCh <- bn.id()
-		bn.addedCh = nil
+func (bn *bystander) notifyLive() {
+	if bn.liveCh != nil {
+		bn.liveCh <- bn.id()
+		bn.liveCh = nil
 	}
 }
--- a/cmd/devp2p/internal/v5test/framework.go
+++ b/cmd/devp2p/internal/v5test/framework.go
@ -127,14 +127,16 @@ func (tc *conn) nextReqID() []byte {
 // The request is retried if a handshake is requested.
 func (tc *conn) reqresp(c net.PacketConn, req v5wire.Packet) v5wire.Packet {
 	reqnonce := tc.write(c, req, nil)
-	switch resp := tc.read(c).(type) {
+	resp, from := tc.readFrom(c)
+	switch resp := resp.(type) {
 	case *v5wire.Whoareyou:
 		if resp.Nonce != reqnonce {
 			return readErrorf("wrong nonce %x in WHOAREYOU (want %x)", resp.Nonce[:], reqnonce[:])
 		}
 		resp.Node = tc.remote
-		tc.write(c, req, resp)
-		return tc.read(c)
+		tc.writeTo(c, req, resp, from)
+		resp2, _ := tc.readFrom(c)
+		return resp2
 	default:
 		return resp
 	}
@ -150,21 +152,24 @@ func (tc *conn) findnode(c net.PacketConn, dists []uint) ([]*enode.Node, error)
 		results  []*enode.Node
 	)
 	for n := 1; n > 0; {
-		switch resp := tc.read(c).(type) {
+		resp, from := tc.readFrom(c)
+		switch resp := resp.(type) {
 		case *v5wire.Whoareyou:
 			// Handle handshake.
 			if resp.Nonce == reqnonce {
 				resp.Node = tc.remote
-				tc.write(c, findnode, resp)
+				tc.writeTo(c, findnode, resp, from)
 			} else {
 				return nil, fmt.Errorf("unexpected WHOAREYOU (nonce %x), waiting for NODES", resp.Nonce[:])
 			}
 		case *v5wire.Ping:
 			// Handle ping from remote.
-			tc.write(c, &v5wire.Pong{
+			tc.writeTo(c, &v5wire.Pong{
 				ReqID:  resp.ReqID,
 				ENRSeq: tc.localNode.Seq(),
-			}, nil)
+				ToIP:   from.IP,
+				ToPort: uint16(from.Port),
+			}, nil, from)
 		case *v5wire.Nodes:
 			// Got NODES! Check request ID.
 			if !bytes.Equal(resp.ReqID, findnode.ReqID) {
@ -200,11 +205,16 @@ func (tc *conn) findnode(c net.PacketConn, dists []uint) ([]*enode.Node, error)

 // write sends a packet on the given connection.
 func (tc *conn) write(c net.PacketConn, p v5wire.Packet, challenge *v5wire.Whoareyou) v5wire.Nonce {
+	return tc.writeTo(c, p, challenge, tc.remoteAddr)
+}
+
+// writeTo sends a packet on the given connection to the given UDP address.
+func (tc *conn) writeTo(c net.PacketConn, p v5wire.Packet, challenge *v5wire.Whoareyou, to *net.UDPAddr) v5wire.Nonce {
 	packet, nonce, err := tc.codec.Encode(tc.remote.ID(), tc.remoteAddr.String(), p, challenge)
 	if err != nil {
 		panic(fmt.Errorf("can't encode %v packet: %v", p.Name(), err))
 	}
-	if _, err := c.WriteTo(packet, tc.remoteAddr); err != nil {
+	if _, err := c.WriteTo(packet, to); err != nil {
 		tc.logf("Can't send %s: %v", p.Name(), err)
 	} else {
 		tc.logf(">> %s", p.Name())
@ -214,24 +224,30 @@ func (tc *conn) write(c net.PacketConn, p v5wire.Packet, challenge *v5wire.Whoar

 // read waits for an incoming packet on the given connection.
 func (tc *conn) read(c net.PacketConn) v5wire.Packet {
+	p, _ := tc.readFrom(c)
+	return p
+}
+
+// readFrom waits for an incoming packet and returns its source address.
+func (tc *conn) readFrom(c net.PacketConn) (v5wire.Packet, *net.UDPAddr) {
 	buf := make([]byte, 1280)
 	if err := c.SetReadDeadline(time.Now().Add(waitTime)); err != nil {
-		return &readError{err}
+		return &readError{err}, nil
 	}
-	n, _, err := c.ReadFrom(buf)
+	n, from, err := c.ReadFrom(buf)
 	if err != nil {
-		return &readError{err}
+		return &readError{err}, nil
 	}
-	// Always use tc.remoteAddr for session lookup. The actual source address of
-	// the packet may differ from tc.remoteAddr when the remote node is reachable
-	// via multiple networks (e.g. Docker bridge vs. overlay), but the codec's
-	// session cache is keyed by the address used during Encode.
+	udpFrom, _ := from.(*net.UDPAddr)
+	// Use tc.remoteAddr for codec/session lookup because the fixture keys sessions
+	// by the advertised endpoint, but return the actual UDP source so responses can
+	// comply with the spec and go back to the request envelope address.
 	_, _, p, err := tc.codec.Decode(buf[:n], tc.remoteAddr.String())
 	if err != nil {
-		return &readError{err}
+		return &readError{err}, udpFrom
 	}
 	tc.logf("<< %s", p.Name())
-	return p
+	return p, udpFrom
 }

 // logf prints to the test log.
--- a/cmd/devp2p/rlpxcmd.go
+++ b/cmd/devp2p/rlpxcmd.go
@ -17,6 +17,7 @@
 package main

 import (
+	"bytes"
 	"errors"
 	"fmt"
 	"net"
@ -30,6 +31,31 @@ import (
 	"github.com/urfave/cli/v2"
 )

+// decodeRLPxDisconnect parses a disconnect message payload. Per the RLPx spec
+// the payload is a list containing a single reason, but some implementations
+// (including older geth) sent the reason as a bare byte. Accept both forms.
+func decodeRLPxDisconnect(data []byte) (p2p.DiscReason, error) {
+	s := rlp.NewStream(bytes.NewReader(data), uint64(len(data)))
+	k, _, err := s.Kind()
+	if err != nil {
+		return 0, err
+	}
+	var reason p2p.DiscReason
+	if k == rlp.List {
+		if _, err := s.List(); err != nil {
+			return 0, err
+		}
+		if err := s.Decode(&reason); err != nil {
+			return 0, err
+		}
+		return reason, nil
+	}
+	if err := s.Decode(&reason); err != nil {
+		return 0, err
+	}
+	return reason, nil
+}
+
 var (
 	rlpxCommand = &cli.Command{
 		Name:  "rlpx",
@ -38,6 +64,7 @@ var (
 			rlpxPingCommand,
 			rlpxEthTestCommand,
 			rlpxSnapTestCommand,
+			rlpxSnap2TestCommand,
 		},
 	}
 	rlpxPingCommand = &cli.Command{
@ -73,6 +100,20 @@ var (
 			testNodeEngineFlag,
 		},
 	}
+	rlpxSnap2TestCommand = &cli.Command{
+		Name:      "snap2-test",
+		Usage:     "Runs snap/2 (EIP-8189) protocol tests against a node",
+		ArgsUsage: "",
+		Action:    rlpxSnap2Test,
+		Flags: []cli.Flag{
+			testPatternFlag,
+			testTAPFlag,
+			testChainDirFlag,
+			testNodeFlag,
+			testNodeJWTFlag,
+			testNodeEngineFlag,
+		},
+	}
 )

 func rlpxPing(ctx *cli.Context) error {
@ -103,11 +144,15 @@ func rlpxPing(ctx *cli.Context) error {
 		}
 		fmt.Printf("%+v\n", h)
 	case 1:
-		var msg []p2p.DiscReason
-		if rlp.DecodeBytes(data, &msg); len(msg) == 0 {
-			return errors.New("invalid disconnect message")
+		// The disconnect message is specified as a list containing the reason,
+		// but some implementations (including older geth) send the reason as a
+		// single byte. Handle both forms, and on failure include the raw payload
+		// so the operator can see what was actually sent.
+		reason, decErr := decodeRLPxDisconnect(data)
+		if decErr != nil {
+			return fmt.Errorf("invalid disconnect message: %v (raw=0x%x)", decErr, data)
 		}
-		return fmt.Errorf("received disconnect message: %v", msg[0])
+		return fmt.Errorf("received disconnect message: %v", reason)
 	default:
 		return fmt.Errorf("invalid message code %d, expected handshake (code zero) or disconnect (code one)", code)
 	}
@ -134,6 +179,16 @@ func rlpxSnapTest(ctx *cli.Context) error {
 	return runTests(ctx, suite.SnapTests())
 }

+// rlpxSnap2Test runs the snap/2 (EIP-8189) protocol test suite.
+func rlpxSnap2Test(ctx *cli.Context) error {
+	p := cliTestParams(ctx)
+	suite, err := ethtest.NewSuite(p.node, p.chainDir, p.engineAPI, p.jwt)
+	if err != nil {
+		exit(err)
+	}
+	return runTests(ctx, suite.Snap2Tests())
+}
+
 type testParams struct {
 	node      *enode.Node
 	engineAPI string
--- a/cmd/devp2p/rlpxcmd_test.go
+++ b/cmd/devp2p/rlpxcmd_test.go
@ -0,0 +1,75 @@
+// Copyright 2026 The go-ethereum Authors
+// This file is part of go-ethereum.
+//
+// go-ethereum is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// go-ethereum is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"testing"
+
+	"github.com/ethereum/go-ethereum/p2p"
+)
+
+func TestDecodeRLPxDisconnect(t *testing.T) {
+	tests := []struct {
+		name    string
+		payload []byte
+		want    p2p.DiscReason
+		wantErr bool
+	}{
+		{
+			name:    "list form (spec-compliant)",
+			payload: []byte{0xc1, 0x04}, // [4] = TooManyPeers
+			want:    p2p.DiscTooManyPeers,
+		},
+		{
+			name:    "list form with reason zero",
+			payload: []byte{0xc1, 0x80}, // [0] = Requested
+			want:    p2p.DiscRequested,
+		},
+		{
+			name:    "bare byte form (legacy geth)",
+			payload: []byte{0x04}, // 4 = TooManyPeers
+			want:    p2p.DiscTooManyPeers,
+		},
+		{
+			name:    "bare byte form zero",
+			payload: []byte{0x80}, // 0 = Requested
+			want:    p2p.DiscRequested,
+		},
+		{
+			name:    "empty payload",
+			payload: []byte{},
+			wantErr: true,
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got, err := decodeRLPxDisconnect(tc.payload)
+			if tc.wantErr {
+				if err == nil {
+					t.Fatalf("expected error, got reason=%v", got)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+			if got != tc.want {
+				t.Fatalf("got reason %v, want %v", got, tc.want)
+			}
+		})
+	}
+}
--- a/cmd/era/main.go
+++ b/cmd/era/main.go
@ -183,11 +183,11 @@ func open(ctx *cli.Context, epoch uint64) (era.Era, error) {
 	return openByPath(path)
 }

-// openByPath tries to open a single file as either eraE or era1 based on extension,
+// openByPath tries to open a single file as either Ere or Era1 based on extension,
 // falling back to the other reader if needed.
 func openByPath(path string) (era.Era, error) {
 	switch strings.ToLower(filepath.Ext(path)) {
-	case ".erae":
+	case ".ere":
 		if e, err := execdb.Open(path); err != nil {
 			return nil, err
 		} else {
@ -229,7 +229,7 @@ func verify(ctx *cli.Context) error {

 	// Build the verification list respecting the rule:
 	// era1: must have accumulator, always verify
-	// erae: verify only if accumulator exists (pre-merge)
+	// ere:  verify only if accumulator exists (pre-merge / transition)

 	// Build list of files to verify.
 	verify := make([]string, 0, len(entries))
@ -251,15 +251,15 @@ func verify(ctx *cli.Context) error {
 			}
 			verify = append(verify, path)

-		case ".erae":
+		case ".ere":
 			e, err := execdb.Open(path)
 			if err != nil {
-				return fmt.Errorf("error opening erae file %s: %w", name, err)
+				return fmt.Errorf("error opening ere file %s: %w", name, err)
 			}
 			_, accErr := e.Accumulator()
 			e.Close()
 			if accErr == nil {
-				verify = append(verify, path) // pre-merge only
+				verify = append(verify, path) // pre-merge / transition only
 			}
 		default:
 			return fmt.Errorf("unsupported era file: %s", name)
@ -337,9 +337,6 @@ func checkAccumulator(e era.Era) error {
 	// accumulation across the entire set and are verified at the end.
 	for it.Next() {
 		// 1) next() walks the block index, so we're able to implicitly verify it.
-		if it.Error() != nil {
-			return fmt.Errorf("error reading block %d: %w", it.Number(), it.Error())
-		}
 		block, receipts, err := it.BlockAndReceipts()
 		if err != nil {
 			return fmt.Errorf("error reading block %d: %w", it.Number(), err)
--- a/cmd/evm/internal/t8ntool/block.go
+++ b/cmd/evm/internal/t8ntool/block.go
@ -56,6 +56,8 @@ type header struct {
 	BlobGasUsed           *uint64           `json:"blobGasUsed"   rlp:"optional"`
 	ExcessBlobGas         *uint64           `json:"excessBlobGas"   rlp:"optional"`
 	ParentBeaconBlockRoot *common.Hash      `json:"parentBeaconBlockRoot" rlp:"optional"`
+	RequestsHash          *common.Hash      `json:"requestsHash" rlp:"optional"`
+	BlockAccessListHash   *common.Hash      `json:"blockAccessListHash" rlp:"optional"`
 	SlotNumber            *uint64           `json:"slotNumber" rlp:"optional"`
 }

@ -119,26 +121,28 @@ func (c *cliqueInput) UnmarshalJSON(input []byte) error {
 // ToBlock converts i into a *types.Block
 func (i *bbInput) ToBlock() *types.Block {
 	header := &types.Header{
-		ParentHash:       i.Header.ParentHash,
-		UncleHash:        types.EmptyUncleHash,
-		Coinbase:         common.Address{},
-		Root:             i.Header.Root,
-		TxHash:           types.EmptyTxsHash,
-		ReceiptHash:      types.EmptyReceiptsHash,
-		Bloom:            i.Header.Bloom,
-		Difficulty:       common.Big0,
-		Number:           i.Header.Number,
-		GasLimit:         i.Header.GasLimit,
-		GasUsed:          i.Header.GasUsed,
-		Time:             i.Header.Time,
-		Extra:            i.Header.Extra,
-		MixDigest:        i.Header.MixDigest,
-		BaseFee:          i.Header.BaseFee,
-		WithdrawalsHash:  i.Header.WithdrawalsHash,
-		BlobGasUsed:      i.Header.BlobGasUsed,
-		ExcessBlobGas:    i.Header.ExcessBlobGas,
-		ParentBeaconRoot: i.Header.ParentBeaconBlockRoot,
-		SlotNumber:       i.Header.SlotNumber,
+		ParentHash:          i.Header.ParentHash,
+		UncleHash:           types.EmptyUncleHash,
+		Coinbase:            common.Address{},
+		Root:                i.Header.Root,
+		TxHash:              types.EmptyTxsHash,
+		ReceiptHash:         types.EmptyReceiptsHash,
+		Bloom:               i.Header.Bloom,
+		Difficulty:          common.Big0,
+		Number:              i.Header.Number,
+		GasLimit:            i.Header.GasLimit,
+		GasUsed:             i.Header.GasUsed,
+		Time:                i.Header.Time,
+		Extra:               i.Header.Extra,
+		MixDigest:           i.Header.MixDigest,
+		BaseFee:             i.Header.BaseFee,
+		WithdrawalsHash:     i.Header.WithdrawalsHash,
+		BlobGasUsed:         i.Header.BlobGasUsed,
+		ExcessBlobGas:       i.Header.ExcessBlobGas,
+		ParentBeaconRoot:    i.Header.ParentBeaconBlockRoot,
+		RequestsHash:        i.Header.RequestsHash,
+		BlockAccessListHash: i.Header.BlockAccessListHash,
+		SlotNumber:          i.Header.SlotNumber,
 	}

 	// Fill optional values.
--- a/Show more
+++ b/Show more