Node Operation

Docs directory
/
words = AND · "phrase" · || · -term
Chain
Core
Introduction Chain Specification Consensus (IBFT) Genesis & Configuration Gas Price Behavior
RPC & Operation
Ethereum JSON-RPC Node Operation Operator RPC & Internals Networking & P2P Access Control Network Upgrades
Staking / PoS
Staking PoS Model Staking PoS RPC
XDaLa
Overview
General Introduction
XRC-137
Smart Contract JSON Rule Specification XRC-137 — Expression Evaluation Validation Gas
XRC-729
Smart Contract Orchestration & Session Manager
Reference
JSON-RPC Endpoint Reference Permit Types Limits Encryption & Grants
UI
Builder 137
Builder 137 Payload ContractReads API Guide Rules Output Payload Output Panel Validation Preview ReadKey Wallet Compile Deploy Multi Bundle Deploy Panel Update Gas
Operation Center
List Session Manage/Start Session Manage Session Execution
Test Suite
Test Suite Guide
Builder 729
Builder 729
MCP
Overview
Gateway Overview
Reference
Tool Reference Operation Handoff Authoring & Knowledge
Setup
Setup & Configuration
Open on GitHub

XGR Chain — Node Operation & Validator Runbook

Document ID: XGRCHAIN-NODE-OPERATION
Last updated: 2026-05-24
Audience: Node operators, validator operators, RPC operators, infrastructure engineers
Release baseline: xgr-node release tag v2.0.5
Mainnet genesis source: xgr-network/XGR branch main, path genesis/mainnet/genesis.json
Node implementation: xgr-network/xgr-node
Operating mode: Standalone XGR Chain node, without xgrEngine and without XDaLa

1. Purpose

This document is the practical operator runbook for starting an XGR Chain node.

It is written so that a user can:

  • check out the correct release
  • build the node binary
  • install the binary
  • install the published mainnet genesis
  • start a full node
  • start an RPC node
  • prepare a validator node
  • generate validator keys
  • join as a validator
  • check validator-set state
  • open a delegation pool
  • enable or disable validator activity
  • add stake
  • request unstake
  • withdraw stake
  • monitor the node

This document is intentionally operational.

It does not describe XDaLa, XRC standards, UI behavior, or private engine integration.

2. Operating model

The public XGR Chain node can be built and run from:

https://github.com/xgr-network/xgr-node

Use release tag:

v2.0.5

The binary built from this tag is enough to run a normal XGR Chain node.

Do not build with embedded private engine tags for this public node guide.

Do not require:

xgrEngine
XDaLa
private engine module
engine_embedded build tag

The public go.mod explicitly states that xgrchain must build standalone even if the private ../xgrEngine repository is absent.

Standard build:

go build -o xgrchain .

Do not use:

go build -tags engine_embedded -o xgrchain .

unless a separate official operator instruction explicitly requires it.

3. Mainnet genesis reference

The published mainnet genesis is in the XGR repository:

Repository: xgr-network/XGR
Branch:     main
Path:       genesis/mainnet/genesis.json

Raw download path:

https://raw.githubusercontent.com/xgr-network/XGR/main/genesis/mainnet/genesis.json

Mainnet identity:

Field Value
Network name xgrchain
Chain ID 1643
Chain ID hex 0x66b
Genesis gas limit 0x3938700
Genesis gas limit decimal 60,000,000
Bootnode port 1478
PoS active from 5446500
Micro epoch size 25
Macro epoch micro factor 40
Derived PoS epoch size 1000 blocks
Minimum PoS validators 4
Maximum PoS validators 25

Install the published genesis to:

/etc/xgr/genesis.json

Example:

sudo install -d -m 0755 /etc/xgr

sudo curl -fsSL   https://raw.githubusercontent.com/xgr-network/XGR/main/genesis/mainnet/genesis.json   -o /etc/xgr/genesis.json

sudo chown root:root /etc/xgr/genesis.json
sudo chmod 0644 /etc/xgr/genesis.json

Do not edit this file locally for mainnet.

4. Placeholders used in this guide

Replace these placeholders before running commands:

Placeholder Meaning Example
<PUBLIC_IP> Public IP address of the server 203.0.113.10
<RPC_URL> Client URL to a JSON-RPC endpoint http://127.0.0.1:8545
<VALIDATOR_DATA_DIR> Validator node data directory /var/lib/xgr/validator
<NODE_DATA_DIR> Non-validator node data directory /var/lib/xgr/node
<STAKE_XGR> Stake amount in whole XGR units 2000000
<MAX_DELEGATED_XGR> Pool cap in whole XGR units 5000000
<MIN_DELEGATOR_XGR> Minimum delegation in whole XGR units 1000
<COMMISSION_BPS> Commission in basis points 500 means 5%

Important syntax distinction:

Context Correct format
Server bind flag --jsonrpc 127.0.0.1:8545
CLI transaction command --jsonrpc http://127.0.0.1:8545
curl client URL http://127.0.0.1:8545

Do not pass http://... to the server bind flag.

5. Build from release tag v2.0.5

Install prerequisites:

sudo apt-get update
sudo apt-get install -y git curl ca-certificates build-essential

Install Go 1.23.x.

The release declares:

go 1.23.4
toolchain go1.23.11

Check Go:

go version

Clone and build:

git clone https://github.com/xgr-network/xgr-node.git
cd xgr-node

git fetch --all --tags
git checkout v2.0.5

git status
git describe --tags --exact-match

go build -o xgrchain .
./xgrchain version

Expected source state:

HEAD detached at v2.0.5

or equivalent release-tag checkout.

6. Install binary and directories

Create system user and directories:

sudo useradd --system --home /var/lib/xgr --shell /usr/sbin/nologin xgr || true

sudo install -d -m 0755 /opt/xgr/bin
sudo install -d -m 0755 /etc/xgr
sudo install -d -m 0750 -o xgr -g xgr /var/lib/xgr
sudo install -d -m 0700 -o xgr -g xgr /var/lib/xgr/node
sudo install -d -m 0700 -o xgr -g xgr /var/lib/xgr/validator
sudo install -d -m 0750 -o xgr -g xgr /var/log/xgr

Install binary:

sudo install -m 0755 ./xgrchain /opt/xgr/bin/xgrchain

Install mainnet genesis:

sudo curl -fsSL   https://raw.githubusercontent.com/xgr-network/XGR/main/genesis/mainnet/genesis.json   -o /etc/xgr/genesis.json

sudo chown root:root /etc/xgr/genesis.json
sudo chmod 0644 /etc/xgr/genesis.json

Check:

/opt/xgr/bin/xgrchain version
test -f /etc/xgr/genesis.json

7. Start a normal full node

Use this for a node that follows the chain but does not validate.

Manual start:

sudo -u xgr /opt/xgr/bin/xgrchain server   --chain /etc/xgr/genesis.json   --data-dir /var/lib/xgr/node   --libp2p 0.0.0.0:1478   --nat <PUBLIC_IP>   --jsonrpc 127.0.0.1:8545   --grpc-address 127.0.0.1:9632   --seal=false   --log-level INFO   --log-to /var/log/xgr/node.log

Important:

--seal=false

is mandatory for a normal full node.

The server default is sealing enabled, so non-validator nodes must explicitly disable sealing.

8. systemd service for a full node

Create service file:

sudo tee /etc/systemd/system/xgr-node.service >/dev/null <<'EOF'
[Unit]
Description=XGR Chain Full Node
After=network-online.target
Wants=network-online.target

[Service]
User=xgr
Group=xgr
Type=simple
ExecStart=/opt/xgr/bin/xgrchain server   --chain /etc/xgr/genesis.json   --data-dir /var/lib/xgr/node   --libp2p 0.0.0.0:1478   --nat <PUBLIC_IP>   --jsonrpc 127.0.0.1:8545   --grpc-address 127.0.0.1:9632   --seal=false   --log-level INFO   --log-to /var/log/xgr/node.log
Restart=on-failure
RestartSec=5
LimitNOFILE=1048576
WorkingDirectory=/var/lib/xgr
ReadWritePaths=/var/lib/xgr /var/log/xgr
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full
ProtectHome=true

[Install]
WantedBy=multi-user.target
EOF

Replace <PUBLIC_IP>:

sudo vi /etc/systemd/system/xgr-node.service

Start service:

sudo systemctl daemon-reload
sudo systemctl enable xgr-node
sudo systemctl start xgr-node

Check:

systemctl status xgr-node
journalctl -u xgr-node -n 100 --no-pager

9. Start an RPC node

An RPC node is a full node with JSON-RPC exposed through a proxy.

Node process should bind locally:

sudo -u xgr /opt/xgr/bin/xgrchain server   --chain /etc/xgr/genesis.json   --data-dir /var/lib/xgr/node   --libp2p 0.0.0.0:1478   --nat <PUBLIC_IP>   --jsonrpc 127.0.0.1:8545   --grpc-address 127.0.0.1:9632   --seal=false   --json-rpc-batch-request-limit 20   --json-rpc-block-range-limit 1000   --concurrent-requests-debug 32   --websocket-read-limit 8192   --log-level INFO   --log-to /var/log/xgr/rpc.log

Do not expose validator keys on an RPC node.

Public RPC should normally be exposed as:

Internet
  -> TLS reverse proxy / load balancer
  -> rate limiting
  -> local RPC node on 127.0.0.1:8545

10. Basic node checks

Check client version:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"web3_clientVersion","params":[]}'

Check chain ID:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_chainId","params":[]}'

Expected:

0x66b

Check current block:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_blockNumber","params":[]}'

Check peer count:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"net_peerCount","params":[]}'

Check syncing:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_syncing","params":[]}'

11. Validator workflow overview

Validator onboarding has this sequence:

  1. Build and install v2.0.5.
  2. Install mainnet genesis.
  3. Create validator data directory.
  4. Generate validator ECDSA and BLS keys with ibft join --init-only.
  5. Fund the generated validator address with XGR for gas and stake.
  6. Start a synced node using the same validator data directory.
  7. Run ibft join.
  8. Check validator state.
  9. Configure/open delegation pool if desired.
  10. Set validator active.
  11. Run validator node with --seal=true.
  12. Monitor PoS overview and logs.

The validator data directory matters.

The same data directory must be used by:

  • the node process
  • ibft join
  • ibft stake
  • ibft pool-config
  • ibft set-active
  • ibft unstake
  • ibft withdraw

Example validator data directory:

/var/lib/xgr/validator

12. Generate validator keys only

This step generates local validator ECDSA and BLS keys and prints the validator address.

It does not send an on-chain transaction.

sudo -u xgr /opt/xgr/bin/xgrchain ibft join   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --stake 2000000   --init-only

Output includes the validator address.

Fund that validator address with enough XGR for:

  • gas
  • validator self-stake

The --stake value is in whole XGR units.

Example:

--stake 2000000

means:

2,000,000 XGR

The join command converts XGR units to wei internally using 18 decimals.

13. Start a validator node before joining

Before the validator is active, start the node in synced non-sealing mode using the validator data directory.

Manual start:

sudo -u xgr /opt/xgr/bin/xgrchain server   --chain /etc/xgr/genesis.json   --data-dir /var/lib/xgr/validator   --libp2p 0.0.0.0:1478   --nat <PUBLIC_IP>   --jsonrpc 127.0.0.1:8545   --grpc-address 127.0.0.1:9632   --seal=false   --log-level INFO   --log-to /var/log/xgr/validator.log

Wait until the node is synced.

Check:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_syncing","params":[]}'

Expected when synced:

false

14. Join as validator

Run the join transaction using the same validator data directory.

sudo -u xgr /opt/xgr/bin/xgrchain ibft join   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --stake 2000000

What this command does:

  • ensures ECDSA and BLS keys exist
  • loads validator keys from the secrets manager
  • checks current on-chain stake
  • queries validator self-stake minimum
  • stakes missing amount if needed
  • registers the validator BLS public key if needed
  • returns validator status

The --stake value is in whole XGR units.

The command uses the staking contract methods:

stake()
registerBLSPublicKey(bytes)
validatorInfo(address)
accountStake(address)
VALIDATOR_MIN_SELF_STAKE()

Join does not mean instant consensus participation.

The command result states that activation becomes effective at the next epoch boundary.

15. Check validator set

Check staking-contract validator set:

/opt/xgr/bin/xgrchain ibft validators   --jsonrpc http://127.0.0.1:8545

This returns:

  • minimum validator count
  • maximum validator count
  • validator threshold
  • validator addresses
  • stake balances
  • BLS public keys where available

Check full PoS overview:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_getPosValidatorsOverview","params":[]}'

Expected high-level fields on mainnet:

posActive = true
posFromBlock = 0x531c04
epochSize = 0x3e8
microEpochSize = 0x19
minimumNumValidators = 0x4
maximumNumValidators = 0x19

For the validator address, check:

currentlyValidating
stakingActive
currentStake
selfStake
delegatedRawStake
delegatedActiveStake
totalActiveCurrentStake

16. Open a delegation pool

A validator can open a delegation pool after it has a joined self-position.

Use:

sudo -u xgr /opt/xgr/bin/xgrchain ibft pool-config   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --enabled=true   --max-total-delegated 5000000   --min-delegator-stake 1000   --commission-bps 500

Meaning:

Flag Meaning
--enabled=true Enables delegation pool
--max-total-delegated 5000000 Pool accepts up to 5,000,000 XGR delegated stake
--min-delegator-stake 1000 Minimum delegation is 1,000 XGR
--commission-bps 500 Validator commission is 500 bps = 5%

Amounts are whole XGR units.

The command converts them to wei internally.

Commission limit:

commission-bps must be <= 10000

Disable delegation pool:

sudo -u xgr /opt/xgr/bin/xgrchain ibft pool-config   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --enabled=false   --max-total-delegated 0   --min-delegator-stake 0   --commission-bps 0

Check pool and delegator state:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_getPosValidatorDelegators","params":["<VALIDATOR_ADDRESS>"]}'

Replace:

<VALIDATOR_ADDRESS>

with the validator address printed by ibft join --init-only or ibft join.

17. Activate validator

Set validator active:

sudo -u xgr /opt/xgr/bin/xgrchain ibft set-active   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --value=true

The command sends:

setActive(true)

to the staking contract from the validator key.

Check result with:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_getPosValidatorsOverview","params":[]}'

Then check the validator entry.

Important fields:

stakingActive
currentlyValidating
joinEffectiveAtBlock

18. Start validator in sealing mode

After join and activation, run validator node with sealing enabled.

Manual start:

sudo -u xgr /opt/xgr/bin/xgrchain server   --chain /etc/xgr/genesis.json   --data-dir /var/lib/xgr/validator   --libp2p 0.0.0.0:1478   --nat <PUBLIC_IP>   --jsonrpc 127.0.0.1:8545   --grpc-address 127.0.0.1:9632   --seal=true   --log-level INFO   --log-to /var/log/xgr/validator.log

If using systemd, set:

--seal=true

and use the validator data directory:

--data-dir /var/lib/xgr/validator

19. systemd service for validator

Create service:

sudo tee /etc/systemd/system/xgr-validator.service >/dev/null <<'EOF'
[Unit]
Description=XGR Chain Validator
After=network-online.target
Wants=network-online.target

[Service]
User=xgr
Group=xgr
Type=simple
ExecStart=/opt/xgr/bin/xgrchain server   --chain /etc/xgr/genesis.json   --data-dir /var/lib/xgr/validator   --libp2p 0.0.0.0:1478   --nat <PUBLIC_IP>   --jsonrpc 127.0.0.1:8545   --grpc-address 127.0.0.1:9632   --seal=true   --log-level INFO   --log-to /var/log/xgr/validator.log
Restart=on-failure
RestartSec=5
LimitNOFILE=1048576
WorkingDirectory=/var/lib/xgr
ReadWritePaths=/var/lib/xgr /var/log/xgr
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full
ProtectHome=true

[Install]
WantedBy=multi-user.target
EOF

Replace <PUBLIC_IP>:

sudo vi /etc/systemd/system/xgr-validator.service

Start:

sudo systemctl daemon-reload
sudo systemctl enable xgr-validator
sudo systemctl start xgr-validator

Check:

systemctl status xgr-validator
journalctl -u xgr-validator -n 100 --no-pager

20. Check local validator key

The local IBFT status command uses gRPC.

/opt/xgr/bin/xgrchain ibft status   --grpc-address 127.0.0.1:9632

This returns the current validator key known by the local node.

Use this to verify that the running node is using the expected validator identity.

21. Add more self-stake

To increase validator stake:

sudo -u xgr /opt/xgr/bin/xgrchain ibft stake   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --amount 100000

This sends:

stake()

with value:

100000 XGR

The --amount value is in whole XGR units and is converted to wei using 18 decimals.

Check stake after transaction:

/opt/xgr/bin/xgrchain ibft validators   --jsonrpc http://127.0.0.1:8545

or:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_getPosValidatorsOverview","params":[]}'

22. Set validator inactive

To stop active validator participation through staking state:

sudo -u xgr /opt/xgr/bin/xgrchain ibft set-active   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --value=false

This sends:

setActive(false)

After deactivation:

  • the validator remains on disk
  • keys remain in the data directory
  • the validator does not instantly disappear from every view
  • epoch-boundary timing matters
  • unstake/withdraw actions have timing rules

Check:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_getPosValidatorsOverview","params":[]}'

Look for:

stakingActive
deactivatedAtBlock
deactivateEffectiveAtBlock
unstakeAvailableAtBlock
canUnstakeNow

23. Request unstake

Unstake is a full exit path.

The command requires validator deactivation first.

Step 1: deactivate.

sudo -u xgr /opt/xgr/bin/xgrchain ibft set-active   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --value=false

Step 2: wait until the required epoch boundary has passed.

Step 3: request unstake.

sudo -u xgr /opt/xgr/bin/xgrchain ibft unstake   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator

The command sends:

unstake()

If called too early or while still active, the command returns a clear error.

24. Withdraw stake

Withdraw is for withdrawing a specific amount from staking contract state.

Partial withdraw example:

sudo -u xgr /opt/xgr/bin/xgrchain ibft withdraw   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --amount 100000

This sends:

withdraw(uint256)

with:

100000 XGR

The --amount value is in whole XGR units.

Preconditions:

  • validator must be deactivated
  • epoch transition must have passed where required
  • amount must be greater than zero
  • remaining stake must satisfy contract rules

Full exit normally uses:

sudo -u xgr /opt/xgr/bin/xgrchain ibft unstake   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator

25. Re-activate validator after inactivity

If the validator was set inactive but should return:

sudo -u xgr /opt/xgr/bin/xgrchain ibft set-active   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --value=true

Then ensure the validator service runs with sealing enabled:

sudo systemctl restart xgr-validator

Check logs:

journalctl -u xgr-validator -n 100 --no-pager

Check validator state:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_getPosValidatorsOverview","params":[]}'

26. Operator command summary

Build

git clone https://github.com/xgr-network/xgr-node.git
cd xgr-node
git fetch --all --tags
git checkout v2.0.5
go build -o xgrchain .

Start full node

sudo -u xgr /opt/xgr/bin/xgrchain server   --chain /etc/xgr/genesis.json   --data-dir /var/lib/xgr/node   --libp2p 0.0.0.0:1478   --nat <PUBLIC_IP>   --jsonrpc 127.0.0.1:8545   --grpc-address 127.0.0.1:9632   --seal=false

Generate validator keys

sudo -u xgr /opt/xgr/bin/xgrchain ibft join   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --stake 2000000   --init-only

Join validator set

sudo -u xgr /opt/xgr/bin/xgrchain ibft join   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --stake 2000000

Show validators

/opt/xgr/bin/xgrchain ibft validators   --jsonrpc http://127.0.0.1:8545

Open delegation pool

sudo -u xgr /opt/xgr/bin/xgrchain ibft pool-config   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --enabled=true   --max-total-delegated 5000000   --min-delegator-stake 1000   --commission-bps 500

Activate validator

sudo -u xgr /opt/xgr/bin/xgrchain ibft set-active   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --value=true

Deactivate validator

sudo -u xgr /opt/xgr/bin/xgrchain ibft set-active   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --value=false

Add stake

sudo -u xgr /opt/xgr/bin/xgrchain ibft stake   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --amount 100000

Request unstake

sudo -u xgr /opt/xgr/bin/xgrchain ibft unstake   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator

Withdraw

sudo -u xgr /opt/xgr/bin/xgrchain ibft withdraw   --jsonrpc http://127.0.0.1:8545   --data-dir /var/lib/xgr/validator   --amount 100000

27. Troubleshooting

Node does not start

Check:

journalctl -u xgr-node -n 200 --no-pager

Common causes:

  • wrong --chain path
  • missing --data-dir
  • data directory permissions wrong
  • port already in use
  • invalid --nat IP
  • genesis file edited locally

Node syncs but does not validate

Check:

/opt/xgr/bin/xgrchain ibft status   --grpc-address 127.0.0.1:9632

Check PoS overview:

curl -s -X POST http://127.0.0.1:8545   -H 'content-type: application/json'   --data '{"jsonrpc":"2.0","id":1,"method":"eth_getPosValidatorsOverview","params":[]}'

Common causes:

  • node running with --seal=false
  • validator not joined
  • validator not active
  • validator not effective until epoch boundary
  • wrong data directory
  • validator key not funded
  • not enough stake
  • peer count too low
  • node not synced

Join fails with insufficient balance

The join command stakes from the validator address.

Fix:

  • fund the validator address printed by ibft join --init-only
  • include enough XGR for stake plus gas
  • rerun ibft join

Pool config fails

Common causes:

  • validator has not joined
  • wrong --data-dir
  • pool enabled with --max-total-delegated 0
  • --commission-bps greater than 10000

Unstake fails

Common causes:

  • validator is still active
  • deactivation epoch boundary has not passed
  • wrong validator key / data directory
  • staking contract state does not permit the operation yet

28. Security rules

Validator nodes:

  • do not expose public JSON-RPC directly
  • do not reuse validator keys on RPC nodes
  • keep /var/lib/xgr/validator readable only by the xgr user
  • use firewall rules
  • use key-based SSH only
  • monitor process, disk, peers and block height
  • back up validator key material securely

RPC nodes:

  • use --seal=false
  • do not contain validator keys
  • run behind TLS reverse proxy
  • enforce rate limits
  • restrict debug endpoints
  • monitor request volume and error rate

Filesystem:

sudo chown -R xgr:xgr /var/lib/xgr
sudo chmod -R go-rwx /var/lib/xgr/validator
sudo chmod -R go-rwx /var/lib/xgr/node

29. Final checklist

Before considering a node production-ready:

  • binary built from v2.0.5
  • mainnet genesis from xgr-network/XGR:genesis/mainnet/genesis.json
  • chain ID returns 0x66b
  • node reaches current block height
  • peer count is non-zero
  • full/RPC node uses --seal=false
  • validator node uses /var/lib/xgr/validator
  • validator key address is funded
  • ibft join completed
  • validator appears in ibft validators
  • delegation pool configured if desired
  • set-active --value=true completed
  • validator service uses --seal=true
  • PoS overview reports expected validator state
  • logs show no repeated signer or consensus errors
  • firewall and RPC exposure are correct
  • backups exist for validator key material

This guide is for operating XGR Chain as a standalone public node.

It does not require xgrEngine.

It does not require XDaLa.