datachainlab · ikehara · May 12, 2026 · May 12, 2026 · May 12, 2026 · May 12, 2026
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/app/src/commands/elc.rs b/app/src/commands/elc.rs
@@ -5,7 +5,7 @@ use crate::{
 use anyhow::Result;
 use clap::Parser;
 use enclave_api::{Enclave, EnclaveProtoAPI};
-use host::store::transaction::CommitStore;
+use host::store::transaction::{CommitStore, TxAccessor};
 use serde::de::DeserializeOwned;
 use std::path::PathBuf;
 
@@ -47,7 +47,7 @@ impl ELCOpts {
 impl ELCCmd {
     pub fn run<S, L>(&self, opts: &Opts, enclave_loader: L) -> Result<()>
     where
-        S: CommitStore,
+        S: CommitStore + TxAccessor + 'static,
         Enclave<S>: EnclaveProtoAPI<S>,
         L: EnclaveLoader<S>,
     {

diff --git a/app/src/commands/service.rs b/app/src/commands/service.rs
@@ -2,10 +2,10 @@ use crate::enclave::EnclaveLoader;
 use crate::opts::{EnclaveOpts, Opts};
 use anyhow::Result;
 use clap::Parser;
-use enclave_api::{Enclave, EnclaveInfo, EnclaveProtoAPI};
-use host::store::transaction::CommitStore;
+use enclave_api::{Enclave, EnclaveInfo, EnclaveProtoAPI, SpeculativeEnclaveCommandAPI};
+use host::store::transaction::{CommitStore, TxAccessor};
 use log::*;
-use service::{run_service, AppService};
+use service::{run_service, ElcService};
 use std::sync::Arc;
 use tokio::runtime::Builder;
 
@@ -28,25 +28,49 @@ pub struct Start {
         help = "Address of the App service"
     )]
     pub address: String,
-    /// Worker thread number the tokio `Runtime` will use
-    /// This value is recommended to be less than or equal to TCS_NUM in Enclave config.
+    /// Worker thread number the tokio `Runtime` will use.
+    /// This does not control enclave ECALL/TCS concurrency.
     #[clap(
         long = "threads",
         help = "Worker thread number the tokio `Runtime` will use"
     )]
     pub threads: Option<usize>,
+    /// Size of the dedicated ECALL worker pool. All enclave ECALL execution
+    /// flows through this pool — both serial gRPC handlers and speculative
+    /// scheduler workers — so this value is the single source of truth for
+    /// concurrent ECALL count and cumulative TCS bindings under
+    /// `TCSPolicy=BIND`. Set this to a value at most equal to the loaded
+    /// enclave's `TCSNum`; leaving at least one TCS for the SDK runtime
+    /// (i.e. `--max-enclave-concurrency = TCSNum - 1`) is the conservative
+    /// default.
+    #[clap(
+        long = "max-enclave-concurrency",
+        default_value_t = 4,
+        help = "Size of the dedicated ECALL worker pool"
+    )]
+    pub max_enclave_concurrency: usize,
+    /// Maximum concurrent speculative update-client requests.
+    /// Prefer a value less than or equal to --max-enclave-concurrency; excess
+    /// speculative workers will wait on the enclave ECALL gate.
+    #[clap(
+        long = "max-speculative-concurrency",
+        default_value_t = 1,
+        help = "Maximum concurrent speculative update-client requests"
+    )]
+    pub max_speculative_concurrency: usize,
 }
 
 impl ServiceCmd {
     pub fn run<S, L>(&self, opts: &Opts, enclave_loader: L) -> Result<()>
     where
-        S: CommitStore + 'static,
-        Enclave<S>: EnclaveProtoAPI<S>,
+        S: CommitStore + TxAccessor + 'static,
+        Enclave<S>: EnclaveProtoAPI<S> + SpeculativeEnclaveCommandAPI<S>,
         L: EnclaveLoader<S>,
     {
         match self {
             Self::Start(cmd) => {
                 let addr = cmd.address.parse()?;
+                let enclave_parallelism = cmd.max_enclave_concurrency.max(1);
                 let enclave =
                     enclave_loader.load(opts, cmd.enclave.path.as_ref(), cmd.enclave.is_debug())?;
                 let metadata = enclave.metadata()?;
@@ -58,9 +82,26 @@ impl ServiceCmd {
                     &mut rb
                 };
                 let rt = Arc::new(rb.enable_all().build()?);
-                let srv = AppService::new(opts.get_home(), enclave);
+                let speculative_concurrency_limit = cmd.max_speculative_concurrency.max(1);
+                if speculative_concurrency_limit > enclave_parallelism {
+                    warn!(
+                        "max-speculative-concurrency ({}) is greater than max-enclave-concurrency ({}); speculative workers above the enclave limit will block waiting for an EcallPool slot",
+                        speculative_concurrency_limit,
+                        enclave_parallelism
+                    );
+                }
+                let srv = ElcService::new(
+                    opts.get_home(),
+                    enclave,
+                    speculative_concurrency_limit,
+                    enclave_parallelism,
+                );
 
-                info!("start service: addr={addr} mrenclave={mrenclave}");
+                info!(
+                    "start service: addr={addr} mrenclave={mrenclave} speculative_concurrency_limit={} enclave_parallelism={}",
+                    speculative_concurrency_limit,
+                    enclave_parallelism
+                );
                 rt.block_on(async { run_service(srv, addr).await })
             }
         }

diff --git a/enclave-modules/ecall-handler/src/light_client/init_client.rs b/enclave-modules/ecall-handler/src/light_client/init_client.rs
@@ -5,7 +5,7 @@ use core::str::FromStr;
 use crypto::Signer;
 use ecall_commands::{InitClientInput, InitClientResponse, LightClientResponse};
 use lcp_types::ClientId;
-use light_client::commitments::{prove_commitment, CommitmentProof};
+use light_client::commitments::{prove_commitment, CommitmentProof, ProxyMessage};
 use light_client::{ClientKeeper, ClientReader, LightClientResolver};
 use store::KVStore;
 
@@ -34,9 +34,19 @@ pub fn init_client<R: LightClientResolver, S: KVStore, K: Signer>(
     if ctx.client_exists(&client_id) {
         return Err(Error::client_already_exists(client_id.to_string()));
     }
+    let state_id = match &res.message {
+        ProxyMessage::UpdateState(message) => message.post_state_id,
+        message => {
+            return Err(Error::invalid_argument(format!(
+                "create_client must return update-state message: actual_type={}",
+                message.message_type()
+            )))
+        }
+    };
     ctx.store_client_type(client_id.clone(), client_type)?;
     ctx.store_any_client_state(client_id.clone(), input.any_client_state)?;
     ctx.store_any_consensus_state(client_id.clone(), res.height, input.any_consensus_state)?;
+    ctx.store_state_id(client_id.clone(), res.height, state_id)?;
 
     let proof = if res.prove {
         prove_commitment(ek, res.message)?

diff --git a/enclave-modules/ecall-handler/src/light_client/update_client.rs b/enclave-modules/ecall-handler/src/light_client/update_client.rs
@@ -16,6 +16,7 @@ pub fn update_client<R: LightClientResolver, S: KVStore, K: Signer>(
     let ek = ctx.get_enclave_key();
     match lc.update_client(ctx, input.client_id.clone(), input.any_header)? {
         UpdateClientResult::UpdateState(mut data) => {
+            let post_state_id = data.message.post_state_id;
             let message: ProxyMessage = {
                 if input.include_state && data.message.emitted_states.is_empty() {
                     data.message.emitted_states =
@@ -26,10 +27,11 @@ pub fn update_client<R: LightClientResolver, S: KVStore, K: Signer>(
 
             ctx.store_any_client_state(input.client_id.clone(), data.new_any_client_state)?;
             ctx.store_any_consensus_state(
-                input.client_id,
+                input.client_id.clone(),
                 data.height,
                 data.new_any_consensus_state,
             )?;
+            ctx.store_state_id(input.client_id, data.height, post_state_id)?;
 
             let proof = if data.prove {
                 prove_commitment(ek, message)?

diff --git a/enclave-modules/host-api/src/api.rs b/enclave-modules/host-api/src/api.rs
@@ -92,7 +92,7 @@ mod tests {
             assert_eq!(res.unwrap(), CommandResult::Log);
         }
         {
-            let tx = TestEnv.begin_tx(None).unwrap();
+            let tx = TestEnv.begin_tx(Some("test-client".to_string())).unwrap();
             let res = execute_command(
                 StoreCommand::Set(tx.get_id(), b"k0".to_vec(), b"v0".to_vec()).into(),
             );

diff --git a/enclave/Enclave.config.xml b/enclave/Enclave.config.xml
@@ -4,7 +4,7 @@
   <ISVSVN>0</ISVSVN>
   <StackMaxSize>0x40000</StackMaxSize>
   <HeapMaxSize>0x100000</HeapMaxSize>
-  <TCSNum>2</TCSNum>
+  <TCSNum>4</TCSNum>
   <TCSPolicy>0</TCSPolicy>
   <DisableDebug>0</DisableDebug>
   <MiscSelect>0</MiscSelect>

diff --git a/modules/enclave-api/src/api.rs b/modules/enclave-api/src/api.rs
@@ -1,5 +1,8 @@
-pub use command::EnclaveCommandAPI;
-pub use primitive::EnclavePrimitiveAPI;
+pub use command::{
+    EnclaveCommandAPI, SpeculativeBaseState, SpeculativeEnclaveCommandAPI,
+    SpeculativeUpdateClientInput, SpeculativeUpdateClientResponse,
+};
+pub use primitive::{EnclavePrimitiveAPI, SpeculativeEnclavePrimitiveAPI};
 pub use proto::EnclaveProtoAPI;
 
 mod command;