Adds AllowanceBasedPriority extension (#448)

* Adds `AllowanceBasedPriority` extension

This extension gives `store` transactions a proportional priority boost based on the already consumed allowance.

* Nit plus test

* Do not degrade user's performance in time - reset usage when refresh_authorization

* Migration for Paseo

* Fix migration

* fmt

* Ping CI

* Fix tests to match assignment semantics of `authorize`

Re-authorizing an unexpired account/preimage replaces `bytes_allowance`
rather than adding to it. Three tests assumed the additive form. Renamed
`authorize_account_does_not_push_expiry` to
`re_authorize_account_replaces_allowance_and_keeps_expiry` to reflect both
invariants it now covers.

* Compilation for paseo after main merge

* Doc nit for refresh_authorization

* Migration for paseo, which was merged meantime

* Refactor allowance boost behind `BoostStrategy`, default to `FlatBoost`

`AllowanceBasedPriority` is now generic over a `BoostStrategy` so the
runtime can pick its policy in the `TxExtension` tuple. Two impls ship:

- `ProportionalBoost`: original PR #448 behaviour — linear in remaining
  allowance.
- `FlatBoost`: constant boost while in-budget, `0` once over-budget.

The proportional form is vulnerable to censorship: a fresh-allowance
signer outranks partly-used ones and can starve them with small-tx spam
(see karolk91's analysis on PR #448). `FlatBoost` makes in-budget
signers all rank equal and over-budget ones strictly lower; pool nonce/
arrival ordering breaks ties. Both runtimes are wired to `FlatBoost`.

Three pallet unit tests (`proportional_scales_with_remaining_allowance`,
`flat_is_constant_while_in_budget`,
`flat_does_not_let_fresh_outrank_partly_used`) document the contracts
and the censorship-relevant difference.

* Docs nits

* Compute allowance boost against post-this-tx state

* Minimalistic alignment with paritytech/individuality#785 (part 1)

* Pick transactions_used / transactions_allowance from #469

Brings just the AuthorizationExtent + boost-strategy parts of #469;
the period / two-slot / bytes_permanent surface is left out.

- AuthorizationExtent: gain transactions_used / transactions_allowance
  fields. authorize_account now uses its 3rd parameter to set/extend
  transactions_allowance; check_authorization saturating-bumps
  transactions_used on consume.
- BoostStrategy: a shared in_budget helper gates both the byte and tx
  axes; FlatBoost is in-budget at-cap (matching #469); ProportionalBoost
  scales by the tighter of the two remainders.
- AllowanceBasedPriority::validate increments transactions_used in the
  post-this-tx extent before computing the boost.
- v1->v2 migration carries the old transaction-count field over to the
  new transactions_allowance.
- Genesis config tuple becomes (account, transactions_allowance,
  bytes_allowance); preimage authorize_* always sets
  transactions_allowance = 1.
- Tests + bulletin-{westend,paseo} runtime tests updated for the new
  expected counters; new boost_tests::tx_axis_gates_boost_independently.

Out of scope (per #469): bytes_permanent, the two-slot
current/next grant model, for_period parameter, renew matching in the
boost extension, the People-Chain-aligned period model.

Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com>

* transactions_used -> transactions

* Refresh: only extend expiry, do not reset consumed counters

Per review feedback (#448 r3163274071): resetting `bytes` and
`transactions` on refresh implicitly grants a fresh boost-tier window,
which conflates two operations under one extrinsic. Refresh now does
exactly what its name says — extend the expiration block. Holders who
want more capacity call `authorize_account` (additive on the unexpired
path).

Doc updates on `refresh_account_authorization`,
`refresh_preimage_authorization` and the `refresh_authorization` helper
make the split explicit. `authorize_account`'s doc also gets updated
to describe the new tx-axis additivity.

* Move back to 14

* Tighten priority constants for store / renew

- `AuthorizationPeriod` 90 days -> 14 days, aligning with the
  `LongTermStoragePeriodDuration` (2 weeks) on the People-Chain side.
- Drop the unused `SudoPriority` and `SetPurgeKeysPriority` constants;
  they were only chained into `RemoveExpiredAuthorizationPriority` and
  not wired anywhere else.
- `RemoveExpiredAuthorizationPriority` is now `TransactionPriority::MAX`
  so permissionless cleanups always outrank stores.
- `StoreRenewPriority` is `TransactionPriority::MAX / 4`. With
  `AllowanceBasedPriority` adding `ALLOWANCE_PRIORITY_BOOST` for
  in-budget signers, in-budget txs land just above over-budget ones
  without saturating `u64` and with plenty of headroom both above
  generic transactions and below the cleanup ceiling.

* Nit

* More nits

---------

Co-authored-by: Branislav Kontur <bkontur@gmail.com>
Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com>

Author: 3 people

console-ui/src/pages/Authorizations/Authorizations.tsx

@@ -17,6 +17,8 @@ import {
   usePreimageAuthsLoading,
   fetchAccountAuthorization,
   fetchPreimageAuthorizations,
+  extentRemainingTransactions,
+  extentRemainingBytes,
 } from "@/state/storage.state";
 import { FileUpload } from "@/components/FileUpload";
 import { getContentHash, HashAlgorithm, WaitFor, BulletinError } from "@parity/bulletin-sdk";
@@ -54,8 +56,8 @@ function AccountAuthorizationsTab() {
         address: searchAddress,
         authorization: auth
           ? {
-              transactions: BigInt(auth.extent.transactions),
-              bytes: auth.extent.bytes,
+              transactions: extentRemainingTransactions(auth.extent),
+              bytes: extentRemainingBytes(auth.extent),
               expiresAt: auth.expiration ?? undefined,
             }
           : null,
@@ -634,8 +636,8 @@ function FaucetAuthorizeAccountPanel() {
         setAuthorization(
           auth
             ? {
-                transactions: BigInt(auth.extent.transactions),
-                bytes: auth.extent.bytes,
+                transactions: extentRemainingTransactions(auth.extent),
+                bytes: extentRemainingBytes(auth.extent),
                 expiresAt: auth.expiration ?? undefined,
               }
             : null
@@ -691,8 +693,8 @@ function FaucetAuthorizeAccountPanel() {
       setAuthorization(
         auth
           ? {
-              transactions: BigInt(auth.extent.transactions),
-              bytes: auth.extent.bytes,
+              transactions: extentRemainingTransactions(auth.extent),
+              bytes: extentRemainingBytes(auth.extent),
               expiresAt: auth.expiration ?? undefined,
             }
           : null

console-ui/src/pages/Dashboard/Dashboard.tsx

@@ -8,6 +8,10 @@ import { Spinner } from "@/components/ui/Spinner";
 import { AuthorizationCard } from "@/components/AuthorizationCard";
 import { useChainState, useApi, StorageType } from "@/state/chain.state";
 import { useSelectedAccount } from "@/state/wallet.state";
+import {
+  extentAllowanceBytes,
+  extentAllowanceTransactions,
+} from "@/state/storage.state";
 import { formatAddress, formatBlockNumber, formatBytes, formatNumber } from "@/utils/format";
 
 function QuickActions() {
@@ -294,12 +298,14 @@ function UsageCard() {
 
         for (const { keyArgs, value } of authEntries) {
           const extent = value.extent;
+          const txAllowance = Number(extentAllowanceTransactions(extent));
+          const bytesAllowance = extentAllowanceBytes(extent);
           if (keyArgs[0].type === "Account") {
-            userAuths.count += Number(extent.transactions);
-            userAuths.bytes += BigInt(extent.bytes);
+            userAuths.count += txAllowance;
+            userAuths.bytes += bytesAllowance;
           } else if (keyArgs[0].type === "Preimage") {
-            preimageAuths.count += Number(extent.transactions);
-            preimageAuths.bytes += BigInt(extent.bytes);
+            preimageAuths.count += txAllowance;
+            preimageAuths.bytes += bytesAllowance;
           }
         }
 

console-ui/src/state/storage.state.ts

@@ -15,6 +15,43 @@ export interface PreimageAuthorization {
   maxSize: bigint;
 }
 
+/**
+ * Backwards-compatible read of an `AuthorizationExtent`: newer chains track
+ * consumption separately (`*_allowance` for the cap, `transactions`/`bytes` for
+ * usage); older chains expose only the cap. The UI surfaces "remaining"
+ * everywhere, so we compute `allowance - consumed` when both are present and
+ * fall back to the raw value otherwise.
+ */
+export function extentRemainingTransactions(extent: any): bigint {
+  const allowance = extent?.transactions_allowance;
+  if (allowance != null) {
+    const used = BigInt(extent.transactions ?? 0);
+    const cap = BigInt(allowance);
+    return cap > used ? cap - used : 0n;
+  }
+  return BigInt(extent?.transactions ?? 0);
+}
+
+export function extentRemainingBytes(extent: any): bigint {
+  const allowance = extent?.bytes_allowance;
+  if (allowance != null) {
+    const used = BigInt(extent.bytes ?? 0n);
+    const cap = BigInt(allowance);
+    return cap > used ? cap - used : 0n;
+  }
+  return BigInt(extent?.bytes ?? 0n);
+}
+
+export function extentAllowanceBytes(extent: any): bigint {
+  const allowance = extent?.bytes_allowance;
+  return BigInt(allowance ?? extent?.bytes ?? 0n);
+}
+
+export function extentAllowanceTransactions(extent: any): bigint {
+  const allowance = extent?.transactions_allowance;
+  return BigInt(allowance ?? extent?.transactions ?? 0);
+}
+
 export interface TransactionInfo {
   chunkRoot: Uint8Array;
   contentHash: Uint8Array;
@@ -45,8 +82,8 @@ export async function fetchAccountAuthorization(
     }
 
     const authorization: Authorization = {
-      transactions: BigInt(auth.extent.transactions),
-      bytes: auth.extent.bytes,
+      transactions: extentRemainingTransactions(auth.extent),
+      bytes: extentRemainingBytes(auth.extent),
       expiresAt: auth.expiration ?? undefined,
     };
 
@@ -83,8 +120,8 @@ export async function checkPreimageAuthorization(
     }
 
     const authorization: Authorization = {
-      transactions: BigInt(auth.extent.transactions),
-      bytes: auth.extent.bytes,
+      transactions: extentRemainingTransactions(auth.extent),
+      bytes: extentRemainingBytes(auth.extent),
       expiresAt: auth.expiration ?? undefined,
     };
 
@@ -131,7 +168,7 @@ export async function fetchPreimageAuthorizations(
         }
         return {
           contentHash,
-          maxSize: value.extent.bytes,
+          maxSize: extentAllowanceBytes(value.extent),
         };
       });
 

pallets/transaction-storage/src/benchmarking.rs

@@ -200,7 +200,7 @@ mod benchmarks {
 		let origin = T::Authorizer::try_successful_origin()
 			.map_err(|_| BenchmarkError::Stop("unable to compute origin"))?;
 		let who: T::AccountId = whitelisted_caller();
-		let transactions = 10;
+		let transactions: u32 = 10;
 		let bytes: u64 = 1024 * 1024;
 
 		#[extrinsic_call]
@@ -215,13 +215,12 @@ mod benchmarks {
 		let origin = T::Authorizer::try_successful_origin()
 			.map_err(|_| BenchmarkError::Stop("unable to compute origin"))?;
 		let who: T::AccountId = whitelisted_caller();
-		let transactions = 10;
 		let bytes: u64 = 1024 * 1024;
 		let origin2 = origin.clone();
 		TransactionStorage::<T>::authorize_account(
 			origin2 as T::RuntimeOrigin,
 			who.clone(),
-			transactions,
+			0,
 			bytes,
 		)
 		.map_err(|_| BenchmarkError::Stop("unable to authorize account"))?;
@@ -273,7 +272,7 @@ mod benchmarks {
 		let origin = T::Authorizer::try_successful_origin()
 			.map_err(|_| BenchmarkError::Stop("unable to compute origin"))?;
 		let who: T::AccountId = whitelisted_caller();
-		TransactionStorage::<T>::authorize_account(origin, who.clone(), 1, 1)
+		TransactionStorage::<T>::authorize_account(origin, who.clone(), 0, 1)
 			.map_err(|_| BenchmarkError::Stop("unable to authorize account"))?;
 
 		let period = T::AuthorizationPeriod::get();
@@ -314,13 +313,12 @@ mod benchmarks {
 			.map_err(|_| BenchmarkError::Stop("unable to compute origin"))?;
 		let caller: T::AccountId = whitelisted_caller();
 		let data = vec![0u8; l as usize];
-		let transactions = 10;
-		let bytes = l as u64 * 10;
+		let bytes_allowance = l as u64 * 10;
 		TransactionStorage::<T>::authorize_account(
 			origin as T::RuntimeOrigin,
 			caller.clone(),
-			transactions,
-			bytes,
+			0,
+			bytes_allowance,
 		)
 		.map_err(|_| BenchmarkError::Stop("unable to authorize account"))?;
 
@@ -340,9 +338,10 @@ mod benchmarks {
 			.unwrap();
 		}
 
-		// prepare consumed one transaction worth of authorization
+		// prepare added `l` bytes to the used counter
 		let extent = TransactionStorage::<T>::account_authorization_extent(caller);
-		assert_eq!(extent.transactions, transactions - 1);
+		assert_eq!(extent.bytes, l as u64);
+		assert_eq!(extent.bytes_allowance, bytes_allowance);
 		Ok(())
 	}
 
@@ -355,13 +354,12 @@ mod benchmarks {
 		let origin = T::Authorizer::try_successful_origin()
 			.map_err(|_| BenchmarkError::Stop("unable to compute origin"))?;
 		let caller: T::AccountId = whitelisted_caller();
-		let transactions = 10;
-		let bytes = T::MaxTransactionSize::get() as u64 * 10;
+		let bytes_allowance = T::MaxTransactionSize::get() as u64 * 10;
 		TransactionStorage::<T>::authorize_account(
 			origin as T::RuntimeOrigin,
 			caller.clone(),
-			transactions,
-			bytes,
+			0,
+			bytes_allowance,
 		)
 		.map_err(|_| BenchmarkError::Stop("unable to authorize account"))?;
 
@@ -382,9 +380,10 @@ mod benchmarks {
 			.unwrap();
 		}
 
-		// prepare consumed one transaction worth of authorization
+		// prepare added `MaxTransactionSize` bytes to the used counter
 		let extent = TransactionStorage::<T>::account_authorization_extent(caller);
-		assert_eq!(extent.transactions, transactions - 1);
+		assert_eq!(extent.bytes, T::MaxTransactionSize::get() as u64);
+		assert_eq!(extent.bytes_allowance, bytes_allowance);
 		Ok(())
 	}