docs(audits): native-module state-root activation playbook

[satyakwok]

Draft — do not merge; for review. Docs/ops only, no protocol code.

Follow-up to #779 (native-module state-root commitment, fork-gated off by default everywhere). Adds the operator-side activation playbook so that if/when the fork is turned on, every validator activates together and state_root doesn't split.

Added

• audits/native-state-in-trie-activation-playbook.md
• one index line in audits/README.md (new "Fork activation playbooks" category)

Playbook contents

1. Testnet-first sequence for NATIVE_STATE_IN_TRIE_HEIGHT.
2. Pre-flight: same binary / height / tip / state_root; matching SRC-20 + NFT canonical_hash across nodes; no SRC-20 drift; cold backup.
3. Cross-node hash comparison via the existing SENTRIX_STATE_FINGERPRINT tool (no new code/CLI).
4. Halt-all → backup → set identical NATIVE_STATE_IN_TRIE_HEIGHT=<HEIGHT> everywhere → simul-start.
5. Monitoring checklist (activation block applies, block production, state_root + STATE-FP agreement, jailing, peer sync, missed blocks, SRC-20 ops).
6. Rollback: unset the gate = complete deterministic rollback (no schema migration); single-node divergence → restore from canonical peer.
7. Sequence: native state-trie first + soak; NFT_TOKENOP_HEIGHT is a separate later decision.
8. Explicit warnings: no mainnet before clean testnet soak; never flip both gates in one window; same height everywhere or abort; this doc is a plan, not an instruction to act.

Not done (by design)

No protocol logic, no fork enabled, no deploy, no validators touched, no RPC/explorer/wallet/marketplace/bridge, no CLI subcommand (would touch bin/sentrix). Scrubbed of host/VPS/internal identifiers.

Commands

• cargo fmt --check ✅ · cargo test --workspace ✅ (67 suites, 0 fail) · cargo clippy --workspace --all-targets -D warnings ✅ (docs-only; gates confirm tree unaffected)

[coderabbitai]

Warning

Review limit reached

@satyakwok, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 41 minutes and 9 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: bb9ab0f8-7684-44c0-b479-5cb2cfc83d90

📥 Commits

Reviewing files that changed from the base of the PR and between 9fb02d9 and 0de2a85.

📒 Files selected for processing (2)

• audits/README.md
• audits/native-state-in-trie-activation-playbook.md

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/native-state-activation-playbook

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!