feat: Add CertificateChainSynchronizer and make follower aggregators start their chain by synchronising with their leader

[Alenar]

Content

This PR add a certificate chain synchronization mechanism allowing follower Aggregators to avoid creating genesis certificate by, instead, synchronizing with their leader.

The synchronizer behaves as follows:

1. It check its force parameter (that allow the state machine to force a synchronization based on a condition, today it forces the sync if the follower chain is invalid), else the sync is done if either:
   • there's no chain yet on the follower aggregator
   • the latest remote genesis certificate has changed (it's different than the stored latest genesis certificate)
2. If any of the previous is true it proceed by fetching the latest certificate from the remote/leader aggregator
3. Using a CertificateVerifier wired to the remote aggregator, it fetches the remote certificate chains and validate it at the same time
   • Only the first certificate of each epoch is kept
4. It stores the fetched certificate in the database using a insert or replace to keep the data up to date
5. it finish by creating a certified OpenMessage for MithrilStakeDistribution in the database so the aggregator won't create a certificate for this signed entity

Main changes

• Aggregator:
  • New service: CertificateChainSynchronizer
    • Define several traits:
      • CertificateChainSynchronizer: main trait, define the service api
      • RemoteCertificateRetriever: define how a synchronizer get the latest certificate of the remote (to use it has the starting point of the synchronization) and the latest genesis of the remote (to check if it have changed, triggering a sync)
      • SynchronizedCertificateStorer: define how retrieved certificates are stored and how to retrieve the latest stored genesis certificate of the aggregator
      • OpenMessageStorer: define how the open message created at the end of the process is stored
    • Two implementations:
      • MithrilCertificateChainSynchroniserNoop: allow to construct a synchronizer in the leader aggregator dependency builder
      • MithrilCertificateChainSynchronizer: main implementation
  • state machine and runner: call synchroniser when transitioning from idle to ready if the aggregator is a follower.
  • database, two new queries: InsertOrReplaceCertificateRecordQuery and InsertOrReplaceOpenMessageQuery
  • AggregatorHTTPClient: support three new queries, latest_certificates_list, certificates_details, and latest_genesis_certificate
  • create_certificate_follower integration tests: updated to check the synchronizer instead of spawning a genesis
    certificate on the follower (this simplified the scenario since one less epoch is needed).
• End to end:
  • only the leader aggregator is started at the infrastructure creation
  • start the follower only after the completion of a "bootstrap" step on the leazder the goes until the creation of the genesis certificate and the delegation of some stakes to the pools (since it was done only on the "leader")

Additional changes

• fix(aggregator): giving a aggregator_url with a trailing slash to AggregatorHTTPClient would makes all its queries fails
• refactor(aggregator): Follow DI pattern for the relation of the MithrilSignerRegistrationFollower and the AggregatorHTTPClient by moving and renaming the AggregatorClient trait to it's api defined traits.
• refactor(aggregator): Store the AggregatorHTTPClient directly as its concrete type in the dependencies builder, this storing it multiple times, one for each of the traits it implement.
• refactor(aggregator-integration tests): replace TestHttpServer with axum-test as the backend for the leader aggregator http server.
• refactor(aggregator-integration tests): extract LeaderAggregatorHttpServer to a dedicated module
• feat(common-CertificateChainBuilder): add latest_certificate to the fixture

Pre-submit checklist

• Branch
  • Tests are provided (if possible)
  • Crates versions are updated (if relevant)
  • CHANGELOG file is updated (if relevant)
  • Commit sequence broadly makes sense
  • Key commits have useful messages
• PR
  • All check jobs of the CI have succeeded
  • Self-reviewed the diff
  • Useful pull request description
  • Reviewer requested
• Documentation
  • No new TODOs introduced

Issue(s)

Relates to #2534

[Copilot]

Pull Request Overview

This PR implements a certificate chain synchronization mechanism so that follower aggregators can sync their chain from a leader rather than creating a genesis certificate.

• Introduces a CertificateChainSynchronizer service (and a no-op variant for leaders)
• Refactors infrastructure startup to prepare and register leader/follower aggregators and serve them in sequence
• Updates the runtime state machine to validate and (if needed) synchronize the follower’s certificate chain before proceeding

Reviewed Changes

Copilot reviewed 40 out of 41 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
mithril-test-lab/mithril-end-to-end/src/run_only.rs	Simplify run flow to bootstrap the leader then serve followers
mithril-test-lab/mithril-end-to-end/src/mithril/infrastructure.rs	Refactor aggregator startup to prepare leader/follower and register era
mithril-aggregator/src/services/certificate_chain_synchroniser/synchroniser_service.rs	Add certificate chain synchronization logic
mithril-aggregator/src/services/aggregator_client.rs	Extend HTTP client to fetch certificate lists and details
mithril-aggregator/src/runtime/state_machine.rs	Validate and synchronize follower certificate chain in the runner

Comments suppressed due to low confidence (1)

mithril-test-lab/mithril-end-to-end/src/mithril/infrastructure.rs:318

• The variable leader_aggregator_endpoint is not defined in this scope; you probably meant to use aggregator_endpoints[0] or introduce leader_aggregator_endpoint before this line.

                aggregator_endpoint: &leader_aggregator_endpoint,

[github-actions]

Test Results

    4 files  ± 0    154 suites  ±0   22m 53s ⏱️ + 1m 44s
2 118 tests +39  2 118 ✅ +39  0 💤 ±0  0 ❌ ±0 
6 466 runs  +80  6 466 ✅ +80  0 💤 ±0  0 ❌ ±0 

Results for commit 11c8aec. ± Comparison against base commit b7a272c.

♻️ This comment has been updated with latest results.

[jpraynaud]

LGTM 👍

I left some minor comments.

[dlachaume]

LGTM 🚀

[turmelclem]

LGTM