fix(nodes): update validator clang requirements

[reveloper]

Closes #2084.

Summary by CodeRabbit

• Documentation
  • Updated Clang version requirement from 16.0.0 to 21.0.0 or higher for validator setup
  • Revised upgrade guide with steps for Ubuntu 22.04 and 24.04 systems

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
mintlify-ton-docs	🟢 Ready	View Preview	May 12, 2026, 9:34 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the validator "Run a validator" guide to require Clang 21.0.0 or higher instead of 16.0.0, and replaced the "Update Clang..." section with revised Ubuntu 22.04 and 24.04 installation instructions and a "skip if version 21" note.

Changes

Clang 21 validator documentation update

Layer / File(s)	Summary
Update minimum Clang version requirement and installation instructions ecosystem/nodes/cpp/run-validator.mdx	Version requirement is updated from 16.0.0+ to 21.0.0+, and the "Update Clang..." accordion instructions are replaced with clang-21-specific steps, including a conditional skip note and revised package management commands for both Ubuntu versions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

• #1890: Both changes update the C++ node validator docs to require Clang 21 as the new minimum version requirement.

Poem

🐰 A whisker-twitch for Clang's leap,
From sixteen unto twenty-one so deep,
The validator's path now bright and new,
With Ubuntu steps both tried and true! 🚀

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR partially addresses issue #2084: it updates Clang requirements as required, but does not address removing database dump guidance or updating the sync section.	Complete the remaining requirements from issue #2084 by removing database dump references and updating the 'Speed up initial sync' section as specified.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Out of Scope Changes check	✅ Passed	The changes are limited to updating Clang version requirements and related instructions, which are directly within the scope of issue #2084.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The PR title directly reflects the main change: updating validator Clang version requirements from 16.0.0 to 21.0.0 in the documentation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch node_requirements

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Thanks for the update to ecosystem/nodes/cpp/run-validator.mdx: I’ve left one inline suggestion there—please apply the inline suggestion to improve the installation command.

[github-actions]

[HIGH] Non-copy-pasteable apt command with unsafe apt-key usage

The Ubuntu 24.04 instructions use sudo apt-key add -, which is deprecated and discouraged in modern Debian/Ubuntu tooling. This conflicts with the style requirement that commands be safe and copy‑pasteable on supported systems, and can fail on newer Ubuntu releases. The same block also hardcodes a repository without using a keyring-based signed-by configuration, which is now the recommended pattern. These issues reduce reliability of the installation instructions and may force readers to troubleshoot outside the guide.

Please leave a reaction 👍/👎 to this suggestion to improve future reviews for everyone!

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ecosystem/nodes/cpp/run-validator.mdx (1)

76-80: ⚡ Quick win

Clean up the downloaded llvm.sh script after installation.

The installation script downloads llvm.sh but doesn't remove it afterward, leaving an executable script in the current directory.

🧹 Proposed cleanup addition

  # Ubuntu 22.04
  sudo apt install lsb-release wget software-properties-common gnupg
  wget https://apt.llvm.org/llvm.sh
  chmod +x llvm.sh
  sudo ./llvm.sh 21 clang
+ rm llvm.sh

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ecosystem/nodes/cpp/run-validator.mdx` around lines 76 - 80, After running
the LLVM installer steps that download and execute llvm.sh, remove the
downloaded script to avoid leaving executables in the working directory; update
the install sequence (the block that calls wget https://apt.llvm.org/llvm.sh,
chmod +x llvm.sh, and sudo ./llvm.sh 21 clang) to delete llvm.sh afterward
(e.g., add a cleanup step that removes the llvm.sh file once the installer
completes or on failure).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ecosystem/nodes/cpp/run-validator.mdx`:
- Around line 82-86: Replace the deprecated apt-key add pipeline by fetching the
LLVM GPG key, dearmoring it into a keyring file and referencing that keyring
with signed-by in the APT source entry: download the key (e.g., with wget or
curl) and run gpg --dearmor > /usr/share/keyrings/llvm-archive-keyring.gpg
(ensure sudo), then change the source line from echo "deb
http://apt.llvm.org/noble/ llvm-toolchain-noble-21 main" | sudo tee ... to echo
"deb [signed-by=/usr/share/keyrings/llvm-archive-keyring.gpg]
http://apt.llvm.org/noble/ llvm-toolchain-noble-21 main" | sudo tee
/etc/apt/sources.list.d/llvm.list, then run sudo apt -y update and sudo apt
install -y clang-21 as before.

---

Nitpick comments:
In `@ecosystem/nodes/cpp/run-validator.mdx`:
- Around line 76-80: After running the LLVM installer steps that download and
execute llvm.sh, remove the downloaded script to avoid leaving executables in
the working directory; update the install sequence (the block that calls wget
https://apt.llvm.org/llvm.sh, chmod +x llvm.sh, and sudo ./llvm.sh 21 clang) to
delete llvm.sh afterward (e.g., add a cleanup step that removes the llvm.sh file
once the installer completes or on failure).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 26c698c0-3301-446d-a1a7-90526bfb527a

📥 Commits

Reviewing files that changed from the base of the PR and between 7fd0d9a and cf026c8.

📒 Files selected for processing (1)

• ecosystem/nodes/cpp/run-validator.mdx

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Replace deprecated apt-key add with modern GPG key management.

The apt-key add command is deprecated since Ubuntu 22.04 and will show warnings or fail on newer systems. Use the modern signed-by approach for GPG key management instead.

🔒 Proposed fix using modern GPG key management

  # Ubuntu 24.04
- wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
- echo "deb http://apt.llvm.org/noble/ llvm-toolchain-noble-21 main" | sudo tee /etc/apt/sources.list.d/llvm.list
+ wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/llvm-snapshot.asc
+ echo "deb [signed-by=/etc/apt/trusted.gpg.d/llvm-snapshot.asc] http://apt.llvm.org/noble/ llvm-toolchain-noble-21 main" | sudo tee /etc/apt/sources.list.d/llvm.list
  sudo apt -y update
  sudo apt install -y clang-21

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Ubuntu 24.04
	wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
	echo "deb http://apt.llvm.org/noble/ llvm-toolchain-noble-21 main" | sudo tee /etc/apt/sources.list.d/llvm.list
	sudo apt -y update
	sudo apt install -y clang-21
	# Ubuntu 24.04
	wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/llvm-snapshot.asc
	echo "deb [signed-by=/etc/apt/trusted.gpg.d/llvm-snapshot.asc] http://apt.llvm.org/noble/ llvm-toolchain-noble-21 main" | sudo tee /etc/apt/sources.list.d/llvm.list
	sudo apt -y update
	sudo apt install -y clang-21

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ecosystem/nodes/cpp/run-validator.mdx` around lines 82 - 86, Replace the
deprecated apt-key add pipeline by fetching the LLVM GPG key, dearmoring it into
a keyring file and referencing that keyring with signed-by in the APT source
entry: download the key (e.g., with wget or curl) and run gpg --dearmor >
/usr/share/keyrings/llvm-archive-keyring.gpg (ensure sudo), then change the
source line from echo "deb http://apt.llvm.org/noble/ llvm-toolchain-noble-21
main" | sudo tee ... to echo "deb
[signed-by=/usr/share/keyrings/llvm-archive-keyring.gpg]
http://apt.llvm.org/noble/ llvm-toolchain-noble-21 main" | sudo tee
/etc/apt/sources.list.d/llvm.list, then run sudo apt -y update and sudo apt
install -y clang-21 as before.