06-node-operations.md

06 — Node & Validator Operations

For running Quantova nodes and validators. Pairs with the developer documentation's node guide.

Build & run

• Build from source with a pinned toolchain (cargo build --release --bin quantova-node).
• Choose the right node type: full, archive (--pruning archive) for indexers/oracles, or validator.
• Run with an explicit --base-path, --chain, and --name.

RPC hardening (high)

• Keep --rpc-methods=Safe in production; Unsafe only on trusted, private networks.
• Place external RPC/WS (--rpc-external / --ws-external) behind a proxy/firewall.
• Lock down --rpc-cors for production origins; do not leave it open.
• Cap --rpc-max-connections; rate-limit expensive methods.
• Never expose unsafe methods or dev signers publicly. Treat RPC as an edge surface.
• Keep P2P ports reachable (required for sync and consensus).

Validator duties [mainnet]

• Generate and rotate session keys (author_rotateKeys); register them on-chain.
• Keep session keys separate from the funded stash account.
• Bond a stash, set validator preferences, submit staking.validate, and confirm election at an era boundary.
• Understand slashing conditions and finality-layer responsibilities (Falcon authority keys).

Monitoring

• Expose --prometheus-port and scrape metrics.
• Alert on sync lag, finality lag, peer count, and import-queue depth.
• Monitor disk (archive growth), CPU, and memory.
• Have an on-call and incident runbook for missed blocks or finality stalls.

Maintenance

• Track release announcements; apply upgrades during low-impact windows.
• Test upgrades on testnet before mainnet.
• Keep secure, tested backups of keys and node identity.