types: remove accuracy from timestamp params

consensus: ensure proposal receipt waits for maxWaitingTime (#7307 )
* consensus: ensure proposal receipt waits for maxWaitingTime * rebase fixups * lint++ * lint++ * register result chan separately * lint++
2026-01-14 08:42:48 +00:00 · 2021-11-30 09:47:21 -05:00 · 2021-11-30 09:45:36 -05:00 · 2021-11-24 18:47:34 -05:00 · 2021-11-24 18:46:46 -05:00 · 2021-11-24 18:27:30 -05:00
625 changed files with 22324 additions and 50616 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -7,4 +7,4 @@
 # global owners are only requested if there isn't a more specific
 # codeowner specified below. For this reason, the global codeowners
 # are often repeated in package-level definitions.
-*       @alexanderbez @ebuchman @cmwaters @tessr @tychoish @williambanfield @creachadair
+*      @ebuchman @cmwaters @tychoish @williambanfield @creachadair
--- a/.github/codecov.yml
+++ b/.github/codecov.yml
@@ -5,19 +5,14 @@ coverage:
  status:
    project:
      default:
-        threshold: 1%
-    patch: on
+        threshold: 20%
+    patch: off
    changes: off

 github_checks:
  annotations: false

-comment:
-  layout: "diff, files"
-  behavior: default
-  require_changes: no
-  require_base: no
-  require_head: yes
+comment: false

 ignore:
  - "docs"
@@ -25,3 +20,6 @@ ignore:
  - "scripts"
  - "**/*.pb.go"
  - "libs/pubsub/query/query.peg.go"
+  - "*.md"
+  - "*.rst"
+  - "*.yml"
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,25 +3,48 @@ updates:
  - package-ecosystem: github-actions
    directory: "/"
    schedule:
-      interval: daily
-      time: "11:00"
+      interval: weekly
    open-pull-requests-limit: 10
+    labels:
+      - T:dependencies
+      - S:automerge
+
  - package-ecosystem: npm
    directory: "/docs"
    schedule:
-      interval: daily
-      time: "11:00"
+      interval: weekly
    open-pull-requests-limit: 10
-    reviewers:
-      - fadeev
+
+  ###################################
+  ##
+  ## Update All Go Dependencies
+
  - package-ecosystem: gomod
    directory: "/"
    schedule:
      interval: daily
-      time: "11:00"
+    target-branch: "master"
    open-pull-requests-limit: 10
-    reviewers:
-      - melekes
-      - tessr
    labels:
      - T:dependencies
+      - S:automerge
+
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: daily
+    target-branch: "v0.34.x"
+    open-pull-requests-limit: 10
+    labels:
+      - T:dependencies
+      - S:automerge
+
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: daily
+    target-branch: "v0.35.x"
+    open-pull-requests-limit: 10
+    labels:
+      - T:dependencies
+      - S:automerge
--- a/.github/mergify.yml
+++ b/.github/mergify.yml
@@ -6,7 +6,7 @@ pull_request_rules:
    actions:
      merge:
        method: squash
-        strict: true
+        strict: smart+fasttrack
        commit_message: title+body
  - name: backport patches to v0.34.x branch
    conditions:
@@ -16,3 +16,12 @@ pull_request_rules:
      backport:
        branches:
          - v0.34.x
+  - name: backport patches to v0.35.x branch
+    conditions:
+      - base=master
+      - label=S:backport-to-v0.35.x
+    actions:
+      backport:
+        branches:
+          - v0.35.x
+
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -2,6 +2,8 @@ name: Test Coverage
 on:
  pull_request:
  push:
+    paths:
+      - "**.go"
    branches:
      - master
      - release/**
@@ -10,7 +12,7 @@ jobs:
  split-test-files:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0
      - name: Create a file with all the pkgs
        run: go list ./... > pkgs.txt
      - name: Split pkgs into 4 files
@@ -44,12 +46,13 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2.3.4
+          go-version: "1.17"
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
            **/**.go
+            "!test/"
            go.mod
            go.sum
      - name: install
@@ -66,12 +69,13 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2.3.4
+          go-version: "1.17"
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
            **/**.go
+            "!test/"
            go.mod
            go.sum
      - uses: actions/download-artifact@v2
@@ -81,10 +85,10 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.16
+          go-version: "1.17"
      - name: test & coverage report creation
        run: |
-          cat pkgs.txt.part.${{ matrix.part }} | xargs go test -mod=readonly -timeout 8m -race -coverprofile=${{ matrix.part }}profile.out -covermode=atomic
+          cat pkgs.txt.part.${{ matrix.part }} | xargs go test -mod=readonly -timeout 8m -race -coverprofile=${{ matrix.part }}profile.out
        if: env.GIT_DIFF
      - uses: actions/upload-artifact@v2
        with:
@@ -95,11 +99,12 @@ jobs:
    runs-on: ubuntu-latest
    needs: tests
    steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
            **/**.go
+            "!test/"
            go.mod
            go.sum
      - uses: actions/download-artifact@v2
@@ -119,9 +124,9 @@ jobs:
          name: "${{ github.sha }}-03-coverage"
        if: env.GIT_DIFF
      - run: |
-          cat ./*profile.out | grep -v "mode: atomic" >> coverage.txt
+          cat ./*profile.out | grep -v "mode: set" >> coverage.txt
        if: env.GIT_DIFF
-      - uses: codecov/codecov-action@v2.0.3
+      - uses: codecov/codecov-action@v2.1.0
        with:
          file: ./coverage.txt
        if: env.GIT_DIFF
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,7 +14,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0
      - name: Prepare
        id: prep
        run: |
@@ -40,7 +40,7 @@ jobs:
          platforms: all

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1.5.0
+        uses: docker/setup-buildx-action@v1.6.0

      - name: Login to DockerHub
        if: ${{ github.event_name != 'pull_request' }}
--- a/.github/workflows/e2e-nightly-34x.yml
+++ b/.github/workflows/e2e-nightly-34x.yml
@@ -17,15 +17,15 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        group: ['00', '01', '02', '03']
+        group: ['00', '01']
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: '1.16'
+          go-version: '1.17'

-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0
        with:
          ref: 'v0.34.x'

@@ -37,7 +37,7 @@ jobs:
      - name: Generate testnets
        working-directory: test/e2e
        # When changing -g, also change the matrix groups above
-        run: ./build/generator -g 4 -d networks/nightly
+        run: ./build/generator -g 2 -d networks/nightly

      - name: Run testnets in group ${{ matrix.group }}
        working-directory: test/e2e
--- a/.github/workflows/e2e-nightly-35x.yml
+++ b/.github/workflows/e2e-nightly-35x.yml
@@ -0,0 +1,76 @@
+# Runs randomly generated E2E testnets nightly on v0.35.x.
+
+# !! If you change something in this file, you probably want
+# to update the e2e-nightly-master workflow as well!
+
+name: e2e-nightly-35x
+on:
+  workflow_dispatch: # allow running workflow manually
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  e2e-nightly-test:
+    # Run parallel jobs for the listed testnet groups (must match the
+    # ./build/generator -g flag)
+    strategy:
+      fail-fast: false
+      matrix:
+        p2p: ['legacy', 'new', 'hybrid']
+        group: ['00', '01', '02', '03']
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '1.17'
+
+      - uses: actions/checkout@v2.4.0
+        with:
+          ref: 'v0.35.x'
+
+      - name: Build
+        working-directory: test/e2e
+        # Run make jobs in parallel, since we can't run steps in parallel.
+        run: make -j2 docker generator runner tests
+
+      - name: Generate testnets
+        working-directory: test/e2e
+        # When changing -g, also change the matrix groups above
+        run: ./build/generator -g 4 -d networks/nightly/${{ matrix.p2p }} -p ${{ matrix.p2p }}
+
+      - name: Run ${{ matrix.p2p }} p2p testnets in group ${{ matrix.group }}
+        working-directory: test/e2e
+        run: ./run-multiple.sh networks/nightly/${{ matrix.p2p }}/*-group${{ matrix.group }}-*.toml
+
+  e2e-nightly-fail-2:
+    needs: e2e-nightly-test
+    if: ${{ failure() }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify Slack on failure
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_CHANNEL: tendermint-internal
+          SLACK_USERNAME: Nightly E2E Tests
+          SLACK_ICON_EMOJI: ':skull:'
+          SLACK_COLOR: danger
+          SLACK_MESSAGE: Nightly E2E tests failed on v0.35.x
+          SLACK_FOOTER: ''
+
+  e2e-nightly-success: # may turn this off once they seem to pass consistently
+    needs: e2e-nightly-test
+    if: ${{ success() }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify Slack on success
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_CHANNEL: tendermint-internal
+          SLACK_USERNAME: Nightly E2E Tests
+          SLACK_ICON_EMOJI: ':white_check_mark:'
+          SLACK_COLOR: good
+          SLACK_MESSAGE: Nightly E2E tests passed on v0.35.x
+          SLACK_FOOTER: ''
--- a/.github/workflows/e2e-nightly-master.yml
+++ b/.github/workflows/e2e-nightly-master.yml
@@ -10,39 +10,38 @@ on:
    - cron: '0 2 * * *'

 jobs:
-  e2e-nightly-test-2:
+  e2e-nightly-test:
    # Run parallel jobs for the listed testnet groups (must match the
    # ./build/generator -g flag)
    strategy:
      fail-fast: false
      matrix:
-        p2p: ['legacy', 'new', 'hybrid']
-        group: ['00', '01']
+        group: ['00', '01', '02', '03']
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: '1.16'
+          go-version: '1.17'

-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0

      - name: Build
        working-directory: test/e2e
        # Run make jobs in parallel, since we can't run steps in parallel.
-        run: make -j2 docker generator runner
+        run: make -j2 docker generator runner tests

      - name: Generate testnets
        working-directory: test/e2e
        # When changing -g, also change the matrix groups above
-        run: ./build/generator -g 2 -d networks/nightly/${{ matrix.p2p }} -p ${{ matrix.p2p }}
+        run: ./build/generator -g 4 -d networks/nightly/

-      - name: Run ${{ matrix.p2p }} p2p testnets in group ${{ matrix.group }}
+      - name: Run ${{ matrix.p2p }} p2p testnets
        working-directory: test/e2e
-        run: ./run-multiple.sh networks/nightly/${{ matrix.p2p }}/*-group${{ matrix.group }}-*.toml
+        run: ./run-multiple.sh networks/nightly/*-group${{ matrix.group }}-*.toml

  e2e-nightly-fail-2:
-    needs: e2e-nightly-test-2
+    needs: e2e-nightly-test
    if: ${{ failure() }}
    runs-on: ubuntu-latest
    steps:
@@ -58,7 +57,7 @@ jobs:
          SLACK_FOOTER: ''

  e2e-nightly-success: # may turn this off once they seem to pass consistently
-    needs: e2e-nightly-test-2
+    needs: e2e-nightly-test
    if: ${{ success() }}
    runs-on: ubuntu-latest
    steps:
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -16,8 +16,8 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: '1.16'
-      - uses: actions/checkout@v2.3.4
+          go-version: '1.17'
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
@@ -28,15 +28,11 @@ jobs:
      - name: Build
        working-directory: test/e2e
        # Run two make jobs in parallel, since we can't run steps in parallel.
-        run: make -j2 docker runner
+        run: make -j2 docker runner tests
        if: "env.GIT_DIFF != ''"

      - name: Run CI testnet
        working-directory: test/e2e
-        run: ./build/runner -f networks/ci.toml
+        run: ./run-multiple.sh networks/ci.toml
        if: "env.GIT_DIFF != ''"

-      - name: Emit logs on failure
-        if: ${{ failure() }}
-        working-directory: test/e2e
-        run: ./build/runner -f networks/ci.toml logs
--- a/.github/workflows/fuzz-nightly.yml
+++ b/.github/workflows/fuzz-nightly.yml
@@ -15,32 +15,17 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: '1.16'
+          go-version: '1.17'

-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0

      - name: Install go-fuzz
        working-directory: test/fuzz
        run: go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build

-      - name: Fuzz mempool-v1
+      - name: Fuzz mempool
        working-directory: test/fuzz
-        run: timeout -s SIGINT --preserve-status 10m make fuzz-mempool-v1
-        continue-on-error: true
-
-      - name: Fuzz mempool-v0
-        working-directory: test/fuzz
-        run: timeout -s SIGINT --preserve-status 10m make fuzz-mempool-v0
-        continue-on-error: true
-
-      - name: Fuzz p2p-addrbook
-        working-directory: test/fuzz
-        run: timeout -s SIGINT --preserve-status 10m make fuzz-p2p-addrbook
-        continue-on-error: true
-
-      - name: Fuzz p2p-pex
-        working-directory: test/fuzz
-        run: timeout -s SIGINT --preserve-status 10m make fuzz-p2p-pex
+        run: timeout -s SIGINT --preserve-status 10m make fuzz-mempool
        continue-on-error: true

      - name: Fuzz p2p-sc
--- a/.github/workflows/jepsen.yml
+++ b/.github/workflows/jepsen.yml
@@ -46,7 +46,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the Jepsen repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v2.4.0
        with:
          repository: 'tendermint/jepsen'

--- a/.github/workflows/linkchecker.yml
+++ b/.github/workflows/linkchecker.yml
@@ -6,7 +6,7 @@ jobs:
  markdown-link-check:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0
      - uses: gaurav-nelson/github-action-markdown-link-check@1.0.13
        with:
          folder-path: "docs"
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 8
    steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
@@ -23,7 +23,7 @@ jobs:
      - uses: golangci/golangci-lint-action@v2.5.2
        with:
          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.38
+          version: v1.42.1
          args: --timeout 10m
          github-token: ${{ secrets.github_token }}
        if: env.GIT_DIFF
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v2.4.0
      - name: Lint Code Base
        uses: docker://github/super-linter:v3
        env:
--- a/.github/workflows/proto-docker.yml
+++ b/.github/workflows/proto-docker.yml
@@ -1,51 +0,0 @@
-name: Build & Push TM Proto Builder
-on:
-  pull_request:
-    paths:
-      - "tools/proto/*"
-  push:
-    branches:
-      - master
-    paths:
-      - "tools/proto/*"
-  schedule:
-    # run this job once a month to recieve any go or buf updates
-    - cron: "* * 1 * *"
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2.3.4
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=tendermintdev/docker-build-proto
-          VERSION=noop
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          elif [[ $GITHUB_REF == refs/heads/* ]]; then
-            VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=latest
-            fi
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          echo ::set-output name=tags::${TAGS}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1.5.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v1.10.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Publish to Docker Hub
-        uses: docker/build-push-action@v2.7.0
-        with:
-          context: ./tools/proto
-          file: ./tools/proto/Dockerfile
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
--- a/.github/workflows/proto.yml
+++ b/.github/workflows/proto.yml
@@ -1,23 +0,0 @@
-name: Protobuf
-# Protobuf runs buf (https://buf.build/) lint and check-breakage
-# This workflow is only run when a .proto file has been modified
-on:
-  workflow_dispatch: # allow running workflow manually
-  pull_request:
-    paths:
-      - "**.proto"
-jobs:
-  proto-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 4
-    steps:
-      - uses: actions/checkout@v2.3.4
-      - name: lint
-        run: make proto-lint
-  proto-breakage:
-    runs-on: ubuntu-latest
-    timeout-minutes: 4
-    steps:
-      - uses: actions/checkout@v2.3.4
-      - name: check-breakage
-        run: make proto-check-breaking-ci
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,13 +12,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v2.4.0
        with:
          fetch-depth: 0

      - uses: actions/setup-go@v2
        with:
-          go-version: '1.16'
+          go-version: '1.17'

      - name: Build
        uses: goreleaser/goreleaser-action@v2
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -17,8 +17,8 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2.3.4
+          go-version: "1.17"
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
@@ -49,8 +49,8 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2.3.4
+          go-version: "1.17"
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
@@ -80,8 +80,8 @@ jobs:
    steps:
      - uses: actions/setup-go@v2
        with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2.3.4
+          go-version: "1.17"
+      - uses: actions/checkout@v2.4.0
      - uses: technote-space/get-diff-action@v5
        with:
          PATTERNS: |
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,7 @@ docs/_build
 docs/dist
 docs/node_modules/
 docs/spec
+docs/.vuepress/public/rpc
 index.html.md
 libs/pubsub/query/fuzz_test/output
 profile\.out
@@ -46,3 +47,10 @@ test/fuzz/**/corpus
 test/fuzz/**/crashers
 test/fuzz/**/suppressions
 test/fuzz/**/*.zip
+proto/tendermint/blocksync/types.proto
+proto/tendermint/consensus/types.proto
+proto/tendermint/mempool/*.proto
+proto/tendermint/p2p/*.proto
+proto/tendermint/statesync/*.proto
+proto/tendermint/types/*.proto
+proto/tendermint/version/*.proto
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,32 +1,35 @@
 linters:
  enable:
+    - asciicheck
    - bodyclose
    - deadcode
    - depguard
    - dogsled
    - dupl
    - errcheck
+    - exportloopref
    # - funlen
    # - gochecknoglobals
    # - gochecknoinits
+    # - gocognit
    - goconst
-    - gocritic
+    # - gocritic
    # - gocyclo
    # - godox
    - gofmt
    - goimports
-    - golint
+    - revive
    - gosec
    - gosimple
    - govet
    - ineffassign
    # - interfacer
    - lll
-    - misspell
    # - maligned
+    - misspell
    - nakedret
+    - nolintlint
    - prealloc
-    - exportloopref
    - staticcheck
    - structcheck
    - stylecheck
@@ -37,9 +40,6 @@ linters:
    - varcheck
    # - whitespace
    # - wsl
-    # - gocognit
-    - nolintlint
-    - asciicheck

 issues:
  exclude-rules:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,209 @@
 # Changelog

-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
+Friendly reminder: We have a [bug bounty program](https://hackerone.com/cosmos).
+
+## v0.35.0
+
+November 4, 2021
+
+Special thanks to external contributors on this release: @JayT106,
+@bipulprasad, @alessio, @Yawning, @silasdavis, @cuonglm, @tanyabouman,
+@JoeKash, @githubsands, @jeebster, @crypto-facs, @liamsi, and @gotjoshua
+
+### FEATURES
+
+- [cli] [#7033](https://github.com/tendermint/tendermint/pull/7033) Add a `rollback` command to rollback to the previous tendermint state in the event of an incorrect app hash. (@cmwaters)
+- [config] [\#7174](https://github.com/tendermint/tendermint/pull/7174) expose ability to write config to arbitrary paths. (@tychoish)
+- [mempool, rpc] [\#7065](https://github.com/tendermint/tendermint/pull/7065) add removetx rpc method (backport of #7047) (@tychoish).
+- [\#6982](https://github.com/tendermint/tendermint/pull/6982) tendermint binary has built-in suppport for running the e2e application (with state sync support) (@cmwaters).
+- [config] Add `--mode` flag and config variable. See [ADR-52](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-052-tendermint-mode.md) @dongsam
+- [rpc] [\#6329](https://github.com/tendermint/tendermint/pull/6329) Don't cap page size in unsafe mode (@gotjoshua, @cmwaters)
+- [pex] [\#6305](https://github.com/tendermint/tendermint/pull/6305) v2 pex reactor with backwards compatability. Introduces two new pex messages to
+  accomodate for the new p2p stack. Removes the notion of seeds and crawling. All peer
+  exchange reactors behave the same. (@cmwaters)
+- [crypto] [\#6376](https://github.com/tendermint/tendermint/pull/6376) Enable sr25519 as a validator key type
+- [mempool] [\#6466](https://github.com/tendermint/tendermint/pull/6466) Introduction of a prioritized mempool. (@alexanderbez)
+  - `Priority` and `Sender` have been introduced into the `ResponseCheckTx` type, where the `priority` will determine the prioritization of
+  the transaction when a proposer reaps transactions for a block proposal. The `sender` field acts as an index.
+  - Operators may toggle between the legacy mempool reactor, `v0`, and the new prioritized reactor, `v1`, by setting the
+  `mempool.version` configuration, where `v1` is the default configuration.
+  - Applications that do not specify a priority, i.e. zero, will have transactions reaped by the order in which they are received by the node.
+  - Transactions are gossiped in FIFO order as they are in `v0`.
+- [config/indexer] [\#6411](https://github.com/tendermint/tendermint/pull/6411) Introduce support for custom event indexing data sources, specifically PostgreSQL. (@JayT106)
+- [blocksync/event] [\#6619](https://github.com/tendermint/tendermint/pull/6619) Emit blocksync status event when switching consensus/blocksync (@JayT106)
+- [statesync/event] [\#6700](https://github.com/tendermint/tendermint/pull/6700) Emit statesync status start/end event (@JayT106)
+- [inspect] [\#6785](https://github.com/tendermint/tendermint/pull/6785) Add a new `inspect` command for introspecting the state and block store of a crashed tendermint node. (@williambanfield)
+
+### BUG FIXES
+
+- [\#7106](https://github.com/tendermint/tendermint/pull/7106) Revert mutex change to ABCI Clients (@tychoish).
+- [\#7142](https://github.com/tendermint/tendermint/pull/7142) mempool: remove panic when recheck-tx was not sent to ABCI application (@williambanfield).
+- [consensus]: [\#7060](https://github.com/tendermint/tendermint/pull/7060)
+  wait until peerUpdates channel is closed to close remaining peers (@williambanfield)
+- [privval] [\#5638](https://github.com/tendermint/tendermint/pull/5638) Increase read/write timeout to 5s and calculate ping interval based on it (@JoeKash)
+- [evidence] [\#6375](https://github.com/tendermint/tendermint/pull/6375) Fix bug with inconsistent LightClientAttackEvidence hashing (cmwaters)
+- [rpc] [\#6507](https://github.com/tendermint/tendermint/pull/6507) Ensure RPC client can handle URLs without ports (@JayT106)
+- [statesync] [\#6463](https://github.com/tendermint/tendermint/pull/6463) Adds Reverse Sync feature to fetch historical light blocks after state sync in order to verify any evidence (@cmwaters)
+- [blocksync] [\#6590](https://github.com/tendermint/tendermint/pull/6590) Update the metrics during blocksync (@JayT106)
+
+### BREAKING CHANGES
+
+- Go API
+
+  - [crypto/armor]: [\#6963](https://github.com/tendermint/tendermint/pull/6963) remove package which is unused, and based on
+    deprecated fundamentals. Downstream users should maintain this
+    library. (@tychoish)
+  - [state] [store] [proxy] [rpc/core]: [\#6937](https://github.com/tendermint/tendermint/pull/6937) move packages to
+    `internal` to prevent consumption of these internal APIs by
+    external users. (@tychoish)
+  - [pubsub] [\#6634](https://github.com/tendermint/tendermint/pull/6634) The `Query#Matches` method along with other pubsub methods, now accepts a `[]abci.Event` instead of `map[string][]string`. (@alexanderbez)
+  - [p2p] [\#6618](https://github.com/tendermint/tendermint/pull/6618) [\#6583](https://github.com/tendermint/tendermint/pull/6583) Move `p2p.NodeInfo`, `p2p.NodeID` and `p2p.NetAddress` into `types` to support use in external packages. (@tychoish)
+  - [node] [\#6540](https://github.com/tendermint/tendermint/pull/6540) Reduce surface area of the `node` package by making most of the implementation details private. (@tychoish)
+  - [p2p] [\#6547](https://github.com/tendermint/tendermint/pull/6547) Move the entire `p2p` package and all reactor implementations into `internal`.  (@tychoish)
+  - [libs/log] [\#6534](https://github.com/tendermint/tendermint/pull/6534) Remove the existing custom Tendermint logger backed by go-kit. The logging interface, `Logger`, remains. Tendermint still provides a default logger backed by the performant zerolog logger. (@alexanderbez)
+  - [libs/time] [\#6495](https://github.com/tendermint/tendermint/pull/6495) Move types/time to libs/time to improve consistency. (@tychoish)
+  - [mempool] [\#6529](https://github.com/tendermint/tendermint/pull/6529) The `Context` field has been removed from the `TxInfo` type. `CheckTx` now requires a `Context` argument. (@alexanderbez)
+  - [abci/client, proxy] [\#5673](https://github.com/tendermint/tendermint/pull/5673) `Async` funcs return an error, `Sync` and `Async` funcs accept `context.Context` (@melekes)
+  - [p2p] Remove unused function `MakePoWTarget`. (@erikgrinaker)
+  - [libs/bits] [\#5720](https://github.com/tendermint/tendermint/pull/5720) Validate `BitArray` in `FromProto`, which now returns an error (@melekes)
+  - [proto/p2p] Rename `DefaultNodeInfo` and `DefaultNodeInfoOther` to `NodeInfo` and `NodeInfoOther` (@erikgrinaker)
+  - [proto/p2p] Rename `NodeInfo.default_node_id` to `node_id` (@erikgrinaker)
+  - [libs/os] Kill() and {Must,}{Read,Write}File() functions have been removed. (@alessio)
+  - [store] [\#5848](https://github.com/tendermint/tendermint/pull/5848) Remove block store state in favor of using the db iterators directly (@cmwaters)
+  - [state] [\#5864](https://github.com/tendermint/tendermint/pull/5864) Use an iterator when pruning state (@cmwaters)
+  - [types] [\#6023](https://github.com/tendermint/tendermint/pull/6023) Remove `tm2pb.Header`, `tm2pb.BlockID`, `tm2pb.PartSetHeader` and `tm2pb.NewValidatorUpdate`.
+	- Each of the above types has a `ToProto` and `FromProto` method or function which replaced this logic.
+  - [light] [\#6054](https://github.com/tendermint/tendermint/pull/6054) Move `MaxRetryAttempt` option from client to provider.
+	- `NewWithOptions` now sets the max retry attempts and timeouts (@cmwaters)
+  - [all] [\#6077](https://github.com/tendermint/tendermint/pull/6077) Change spelling from British English to American (@cmwaters)
+	- Rename "Subscription.Cancelled()" to "Subscription.Canceled()" in libs/pubsub
+	- Rename "behaviour" pkg to "behavior" and internalized it in blocksync v2
+  - [rpc/client/http] [\#6176](https://github.com/tendermint/tendermint/pull/6176) Remove `endpoint` arg from `New`, `NewWithTimeout` and `NewWithClient` (@melekes)
+  - [rpc/client/http] [\#6176](https://github.com/tendermint/tendermint/pull/6176) Unexpose `WSEvents` (@melekes)
+  - [rpc/jsonrpc/client/ws_client] [\#6176](https://github.com/tendermint/tendermint/pull/6176) `NewWS` no longer accepts options (use `NewWSWithOptions` and `OnReconnect` funcs to configure the client) (@melekes)
+  - [internal/libs] [\#6366](https://github.com/tendermint/tendermint/pull/6366) Move `autofile`, `clist`,`fail`,`flowrate`, `protoio`, `sync`, `tempfile`, `test` and `timer` lib packages to an internal folder
+  - [libs/rand] [\#6364](https://github.com/tendermint/tendermint/pull/6364) Remove most of libs/rand in favour of standard lib's `math/rand` (@liamsi)
+  - [mempool] [\#6466](https://github.com/tendermint/tendermint/pull/6466) The original mempool reactor has been versioned as `v0` and moved to a sub-package under the root `mempool` package.
+	Some core types have been kept in the `mempool` package such as `TxCache` and it's implementations, the `Mempool` interface itself
+	and `TxInfo`. (@alexanderbez)
+  - [crypto/sr25519] [\#6526](https://github.com/tendermint/tendermint/pull/6526) Do not re-execute the Ed25519-style key derivation step when doing signing and verification.  The derivation is now done once and only once.  This breaks `sr25519.GenPrivKeyFromSecret` output compatibility. (@Yawning)
+  - [types] [\#6627](https://github.com/tendermint/tendermint/pull/6627) Move `NodeKey` to types to make the type public.
+  - [config] [\#6627](https://github.com/tendermint/tendermint/pull/6627) Extend `config` to contain methods `LoadNodeKeyID` and `LoadorGenNodeKeyID`
+  - [blocksync] [\#6755](https://github.com/tendermint/tendermint/pull/6755) Rename `FastSync` and `Blockchain` package to `BlockSync` (@cmwaters)
+
+- CLI/RPC/Config
+
+  - [pubsub/events] [\#6634](https://github.com/tendermint/tendermint/pull/6634) The `ResultEvent.Events` field is now of type `[]abci.Event` preserving event order instead of `map[string][]string`. (@alexanderbez)
+  - [config] [\#5598](https://github.com/tendermint/tendermint/pull/5598) The `test_fuzz` and `test_fuzz_config` P2P settings have been removed. (@erikgrinaker)
+  - [config] [\#5728](https://github.com/tendermint/tendermint/pull/5728) `fastsync.version = "v1"` is no longer supported (@melekes)
+  - [cli] [\#5772](https://github.com/tendermint/tendermint/pull/5772) `gen_node_key` prints JSON-encoded `NodeKey` rather than ID and does not save it to `node_key.json` (@melekes)
+  - [cli] [\#5777](https://github.com/tendermint/tendermint/pull/5777) use hyphen-case instead of snake_case for all cli commands and config parameters (@cmwaters)
+  - [rpc] [\#6019](https://github.com/tendermint/tendermint/pull/6019) standardise RPC errors and return the correct status code (@bipulprasad & @cmwaters)
+  - [rpc] [\#6168](https://github.com/tendermint/tendermint/pull/6168) Change default sorting to desc for `/tx_search` results (@melekes)
+  - [cli] [\#6282](https://github.com/tendermint/tendermint/pull/6282) User must specify the node mode when using `tendermint init` (@cmwaters)
+  - [state/indexer] [\#6382](https://github.com/tendermint/tendermint/pull/6382) reconstruct indexer, move txindex into the indexer package (@JayT106)
+  - [cli] [\#6372](https://github.com/tendermint/tendermint/pull/6372) Introduce `BootstrapPeers` as part of the new p2p stack. Peers to be connected on  startup (@cmwaters)
+  - [config] [\#6462](https://github.com/tendermint/tendermint/pull/6462) Move `PrivValidator` configuration out of `BaseConfig` into its own section. (@tychoish)
+  - [rpc] [\#6610](https://github.com/tendermint/tendermint/pull/6610) Add MaxPeerBlockHeight into /status rpc call (@JayT106)
+  - [blocksync/rpc] [\#6620](https://github.com/tendermint/tendermint/pull/6620) Add TotalSyncedTime & RemainingTime to SyncInfo in /status RPC  (@JayT106)
+  - [rpc/grpc] [\#6725](https://github.com/tendermint/tendermint/pull/6725) Mark gRPC in the RPC layer as deprecated.
+  - [blocksync/v2] [\#6730](https://github.com/tendermint/tendermint/pull/6730) Fast Sync v2 is deprecated, please use v0
+  - [rpc] Add genesis_chunked method to support paginated and parallel fetching of large genesis documents.
+  - [rpc/jsonrpc/server] [\#6785](https://github.com/tendermint/tendermint/pull/6785) `Listen` function updated to take an `int` argument, `maxOpenConnections`, instead of an entire config object. (@williambanfield)
+  - [rpc] [\#6820](https://github.com/tendermint/tendermint/pull/6820) Update RPC methods to reflect changes in the p2p layer, disabling support for `UnsafeDialPeers` and `UnsafeDialPeers` when used with the new p2p layer, and changing the response format of the peer list in `NetInfo` for all users.
+  - [cli] [\#6854](https://github.com/tendermint/tendermint/pull/6854) Remove deprecated snake case commands. (@tychoish)
+  - [tools] [\#6498](https://github.com/tendermint/tendermint/pull/6498) Set OS home dir to instead of the hardcoded PATH. (@JayT106)
+  - [cli/indexer] [\#6676](https://github.com/tendermint/tendermint/pull/6676) Reindex events command line tooling. (@JayT106)
+
+- Apps
+
+  - [ABCI] [\#6408](https://github.com/tendermint/tendermint/pull/6408) Change the `key` and `value` fields from `[]byte` to `string` in the `EventAttribute` type. (@alexanderbez)
+  - [ABCI] [\#5447](https://github.com/tendermint/tendermint/pull/5447) Remove `SetOption` method from `ABCI.Client` interface
+  - [ABCI] [\#5447](https://github.com/tendermint/tendermint/pull/5447) Reset `Oneof` indexes for  `Request` and `Response`.
+  - [ABCI] [\#5818](https://github.com/tendermint/tendermint/pull/5818) Use protoio for msg length delimitation. Migrates from int64 to uint64 length delimiters.
+  - [ABCI] [\#3546](https://github.com/tendermint/tendermint/pull/3546) Add `mempool_error` field to `ResponseCheckTx`. This field will contain an error string if Tendermint encountered an error while adding a transaction to the mempool. (@williambanfield)
+  - [Version] [\#6494](https://github.com/tendermint/tendermint/pull/6494) `TMCoreSemVer` has been renamed to `TMVersion`.
+	- It is not required any longer to set ldflags to set version strings
+  - [abci/counter] [\#6684](https://github.com/tendermint/tendermint/pull/6684) Delete counter example app
+
+- Data Storage
+  - [store/state/evidence/light] [\#5771](https://github.com/tendermint/tendermint/pull/5771) Use an order-preserving varint key encoding (@cmwaters)
+  - [mempool] [\#6396](https://github.com/tendermint/tendermint/pull/6396) Remove mempool's write ahead log (WAL), (previously unused by the tendermint code). (@tychoish)
+  - [state] [\#6541](https://github.com/tendermint/tendermint/pull/6541) Move pruneBlocks from consensus/state to state/execution. (@JayT106)
+
+### IMPROVEMENTS
+
+- [libs/log] Console log formatting changes as a result of [\#6534](https://github.com/tendermint/tendermint/pull/6534) and [\#6589](https://github.com/tendermint/tendermint/pull/6589). (@tychoish)
+- [statesync] [\#6566](https://github.com/tendermint/tendermint/pull/6566) Allow state sync fetchers and request timeout to be configurable. (@alexanderbez)
+- [types] [\#6478](https://github.com/tendermint/tendermint/pull/6478) Add `block_id` to `newblock` event (@jeebster)
+- [crypto/ed25519] [\#5632](https://github.com/tendermint/tendermint/pull/5632) Adopt zip215 `ed25519` verification. (@marbar3778)
+- [crypto/ed25519] [\#6526](https://github.com/tendermint/tendermint/pull/6526) Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `ed25519` signing and verification. (@Yawning)
+- [crypto/sr25519] [\#6526](https://github.com/tendermint/tendermint/pull/6526) Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `sr25519` signing and verification. (@Yawning)
+- [privval] [\#5603](https://github.com/tendermint/tendermint/pull/5603) Add `--key` to `init`, `gen_validator`, `testnet` & `unsafe_reset_priv_validator` for use in generating `secp256k1` keys.
+- [privval] [\#5725](https://github.com/tendermint/tendermint/pull/5725) Add gRPC support to private validator.
+- [privval] [\#5876](https://github.com/tendermint/tendermint/pull/5876) `tendermint show-validator` will query the remote signer if gRPC is being used (@marbar3778)
+- [abci/client] [\#5673](https://github.com/tendermint/tendermint/pull/5673) `Async` requests return an error if queue is full (@melekes)
+- [mempool] [\#5673](https://github.com/tendermint/tendermint/pull/5673) Cancel `CheckTx` requests if RPC client disconnects or times out (@melekes)
+- [abci] [\#5706](https://github.com/tendermint/tendermint/pull/5706) Added `AbciVersion` to `RequestInfo` allowing applications to check ABCI version when connecting to Tendermint. (@marbar3778)
+- [blocksync/v1] [\#5728](https://github.com/tendermint/tendermint/pull/5728) Remove blocksync v1 (@melekes)
+- [blocksync/v0] [\#5741](https://github.com/tendermint/tendermint/pull/5741) Relax termination conditions and increase sync timeout (@melekes)
+- [cli] [\#5772](https://github.com/tendermint/tendermint/pull/5772) `gen_node_key` output now contains node ID (`id` field) (@melekes)
+- [blocksync/v2] [\#5774](https://github.com/tendermint/tendermint/pull/5774) Send status request when new peer joins (@melekes)
+- [store] [\#5888](https://github.com/tendermint/tendermint/pull/5888) store.SaveBlock saves using batches instead of transactions for now to improve ACID properties. This is a quick fix for underlying issues around tm-db and ACID guarantees. (@githubsands)
+- [consensus] [\#5987](https://github.com/tendermint/tendermint/pull/5987) and [\#5792](https://github.com/tendermint/tendermint/pull/5792) Remove the `time_iota_ms` consensus parameter. Merge `tmproto.ConsensusParams` and `abci.ConsensusParams`. (@marbar3778, @valardragon)
+- [types] [\#5994](https://github.com/tendermint/tendermint/pull/5994) Reduce the use of protobuf types in core logic. (@marbar3778)
+  - `ConsensusParams`, `BlockParams`, `ValidatorParams`, `EvidenceParams`, `VersionParams`, `sm.Version` and `version.Consensus` have become native types. They still utilize protobuf when being sent over the wire or written to disk.
+- [rpc/client/http] [\#6163](https://github.com/tendermint/tendermint/pull/6163) Do not drop events even if the `out` channel is full (@melekes)
+- [node] [\#6059](https://github.com/tendermint/tendermint/pull/6059) Validate and complete genesis doc before saving to state store (@silasdavis)
+- [state] [\#6067](https://github.com/tendermint/tendermint/pull/6067) Batch save state data (@githubsands & @cmwaters)
+- [crypto] [\#6120](https://github.com/tendermint/tendermint/pull/6120) Implement batch verification interface for ed25519 and sr25519. (@marbar3778)
+- [types] [\#6120](https://github.com/tendermint/tendermint/pull/6120) use batch verification for verifying commits signatures.
+  - If the key type supports the batch verification API it will try to batch verify. If the verification fails we will single verify each signature.
+- [privval/file] [\#6185](https://github.com/tendermint/tendermint/pull/6185) Return error on `LoadFilePV`, `LoadFilePVEmptyState`. Allows for better programmatic control of Tendermint.
+- [privval] [\#6240](https://github.com/tendermint/tendermint/pull/6240) Add `context.Context` to privval interface.
+- [rpc] [\#6265](https://github.com/tendermint/tendermint/pull/6265) set cache control in http-rpc response header (@JayT106)
+- [statesync] [\#6378](https://github.com/tendermint/tendermint/pull/6378) Retry requests for snapshots and add a minimum discovery time (5s) for new snapshots.
+- [node/state] [\#6370](https://github.com/tendermint/tendermint/pull/6370) graceful shutdown in the consensus reactor (@JayT106)
+- [crypto/merkle] [\#6443](https://github.com/tendermint/tendermint/pull/6443) Improve HashAlternatives performance (@cuonglm)
+- [crypto/merkle] [\#6513](https://github.com/tendermint/tendermint/pull/6513) Optimize HashAlternatives (@marbar3778)
+- [p2p/pex] [\#6509](https://github.com/tendermint/tendermint/pull/6509) Improve addrBook.hash performance (@cuonglm)
+- [consensus/metrics] [\#6549](https://github.com/tendermint/tendermint/pull/6549) Change block_size gauge to a histogram for better observability over time (@marbar3778)
+- [statesync] [\#6587](https://github.com/tendermint/tendermint/pull/6587) Increase chunk priority and re-request chunks that don't arrive (@cmwaters)
+- [state/privval] [\#6578](https://github.com/tendermint/tendermint/pull/6578) No GetPubKey retry beyond the proposal/voting window (@JayT106)
+- [rpc] [\#6615](https://github.com/tendermint/tendermint/pull/6615) Add TotalGasUsed to block_results response (@crypto-facs)
+- [cmd/tendermint/commands] [\#6623](https://github.com/tendermint/tendermint/pull/6623) replace `$HOME/.some/test/dir` with `t.TempDir` (@tanyabouman)
+- [statesync] \6807 Implement P2P state provider as an alternative to RPC (@cmwaters)
+
+## v0.34.14
+
+This release backports the `rollback` feature to allow recovery in the event of an incorrect app hash.
+
+### FEATURES
+
+- [\#6982](https://github.com/tendermint/tendermint/pull/6982) The tendermint binary now has built-in suppport for running the end-to-end test application (with state sync support) (@cmwaters).
+- [cli] [#7033](https://github.com/tendermint/tendermint/pull/7033) Add a `rollback` command to rollback to the previous tendermint state. This may be useful in the event of non-determinstic app hash or when reverting an upgrade. @cmwaters
+
+### IMPROVEMENTS
+
+- [\#7103](https://github.com/tendermint/tendermint/pull/7104) Remove IAVL dependency (backport of #6550) (@cmwaters)
+
+### BUG FIXES
+
+- [\#7057](https://github.com/tendermint/tendermint/pull/7057) Import Postgres driver support for the psql indexer (@creachadair).
+- [ABCI] [\#7110](https://github.com/tendermint/tendermint/issues/7110) Revert "change client to use multi-reader mutexes (#6873)" (@tychoish).
+
+## v0.34.13
+
+*September 6, 2021*
+
+This release backports improvements to state synchronization and ABCI
+performance under concurrent load, and the PostgreSQL event indexer.
+
+### IMPROVEMENTS
+
+- [statesync] [\#6881](https://github.com/tendermint/tendermint/issues/6881) improvements to stateprovider logic (@cmwaters)
+- [ABCI] [\#6873](https://github.com/tendermint/tendermint/issues/6873) change client to use multi-reader mutexes (@tychoish)
+- [indexing] [\#6906](https://github.com/tendermint/tendermint/issues/6906) enable the PostgreSQL indexer sink (@creachadair)

 ## v0.34.12

@@ -1787,7 +1990,7 @@ For more, see issues marked

 This release also includes a fix to prevent Tendermint from including the same
 piece of evidence in more than one block. This issue was reported by @chengwenxi in our
-[bug bounty program](https://hackerone.com/tendermint).
+[bug bounty program](https://hackerone.com/cosmos).

 ### BREAKING CHANGES:

@@ -2280,7 +2483,7 @@ Special thanks to external contributors on this release:
@james-ray, @overbool, @phymbert, @Slamper, @Uzair1995, @yutianwu.

 Special thanks to @Slamper for a series of bug reports in our [bug bounty
-program](https://hackerone.com/tendermint) which are fixed in this release.
+program](https://hackerone.com/cosmos) which are fixed in this release.

 This release is primarily about adding Version fields to various data structures,
 optimizing consensus messages for signing and verification in
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -1,164 +1,49 @@
 # Unreleased Changes

+Friendly reminder: We have a [bug bounty program](https://hackerone.com/cosmos).
+
 ## vX.X

-Special thanks to external contributors on this release:
+Month, DD, YYYY

-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
+Special thanks to external contributors on this release:

 ### BREAKING CHANGES

 - CLI/RPC/Config
-  - [pubsub/events] \#6634 The `ResultEvent.Events` field is now of type `[]abci.Event` preserving event order instead of `map[string][]string`. (@alexanderbez)
-  - [config] \#5598 The `test_fuzz` and `test_fuzz_config` P2P settings have been removed. (@erikgrinaker)
-  - [config] \#5728 `fast_sync = "v1"` is no longer supported (@melekes)
-  - [cli] \#5772 `gen_node_key` prints JSON-encoded `NodeKey` rather than ID and does not save it to `node_key.json` (@melekes)
-  - [cli] \#5777 use hyphen-case instead of snake_case for all cli commands and config parameters (@cmwaters)
-  - [rpc] \#6019 standardise RPC errors and return the correct status code (@bipulprasad & @cmwaters)
-  - [rpc] \#6168 Change default sorting to desc for `/tx_search` results (@melekes)
-  - [cli] \#6282 User must specify the node mode when using `tendermint init` (@cmwaters)
-  - [state/indexer] \#6382 reconstruct indexer, move txindex into the indexer package (@JayT106)
-  - [cli] \#6372 Introduce `BootstrapPeers` as part of the new p2p stack. Peers to be connected on  startup (@cmwaters)
-  - [config] \#6462 Move `PrivValidator` configuration out of `BaseConfig` into its own section. (@tychoish)
-  - [rpc] \#6610 Add MaxPeerBlockHeight into /status rpc call (@JayT106)
-  - [fastsync/rpc] \#6620 Add TotalSyncedTime & RemainingTime to SyncInfo in /status RPC  (@JayT106)
-  - [rpc/grpc] \#6725 Mark gRPC in the RPC layer as deprecated.
-  - [blockchain/v2] \#6730 Fast Sync v2 is deprecated, please use v0
-  - [rpc] Add genesis_chunked method to support paginated and parallel fetching of large genesis documents.
-  - [rpc/jsonrpc/server] \#6785 `Listen` function updated to take an `int` argument, `maxOpenConnections`, instead of an entire config object. (@williambanfield)
-  - [rpc] \#6820 Update RPC methods to reflect changes in the p2p layer, disabling support for `UnsafeDialPeers` and `UnsafeDialPeers` when used with the new p2p layer, and changing the response format of the peer list in `NetInfo` for all users.
-  - [cli] \#6854 Remove deprecated snake case commands. (@tychoish)
+
+  - [rpc] Remove the deprecated gRPC interface to the RPC service. (@creachadair)
+  - [blocksync] \#7159 Remove support for disabling blocksync in any circumstance. (@tychoish)
+  - [mempool] \#7171 Remove legacy mempool implementation. (@tychoish)
+
 - Apps
-  - [ABCI] \#6408 Change the `key` and `value` fields from `[]byte` to `string` in the `EventAttribute` type. (@alexanderbez)
-  - [ABCI] \#5447 Remove `SetOption` method from `ABCI.Client` interface
-  - [ABCI] \#5447 Reset `Oneof` indexes for  `Request` and `Response`.
-  - [ABCI] \#5818 Use protoio for msg length delimitation. Migrates from int64 to uint64 length delimiters.
-  - [ABCI] \#3546 Add `mempool_error` field to `ResponseCheckTx`. This field will contain an error string if Tendermint encountered an error while adding a transaction to the mempool. (@williambanfield)
-  - [Version] \#6494 `TMCoreSemVer` has been renamed to `TMVersion`.
-	- It is not required any longer to set ldflags to set version strings
-  - [abci/counter] \#6684 Delete counter example app
+
+  - [proto/tendermint] \#6976 Remove core protobuf files in favor of only housing them in the [tendermint/spec](https://github.com/tendermint/spec) repository.

 - P2P Protocol

+  - [p2p] \#7035 Remove legacy P2P routing implementation and associated configuration options. (@tychoish)
+  - [p2p] \#7265 Peer manager reduces peer score for each failed dial attempts for peers that have not successfully dialed. (@tychoish)
+
 - Go API
-  - [pubsub] \#6634 The `Query#Matches` method along with other pubsub methods, now accepts a `[]abci.Event` instead of `map[string][]string`. (@alexanderbez)
-  - [p2p] \#6618 Move `p2p.NodeInfo` into `types` to support use of the SDK. (@tychoish)
-  - [p2p] \#6583 Make `p2p.NodeID` and `p2p.NetAddress` exported types to support their use in the RPC layer. (@tychoish)
-  - [node] \#6540 Reduce surface area of the `node` package by making most of the implementation details private. (@tychoish)
-  - [p2p] \#6547 Move the entire `p2p` package and all reactor implementations into `internal`.  (@tychoish)
-  - [libs/log] \#6534 Remove the existing custom Tendermint logger backed by go-kit. The logging interface, `Logger`, remains. Tendermint still provides a default logger backed by the performant zerolog logger. (@alexanderbez)
-  - [libs/time] \#6495 Move types/time to libs/time to improve consistency. (@tychoish)
-  - [mempool] \#6529 The `Context` field has been removed from the `TxInfo` type. `CheckTx` now requires a `Context` argument. (@alexanderbez)
-  - [abci/client, proxy] \#5673 `Async` funcs return an error, `Sync` and `Async` funcs accept `context.Context` (@melekes)
-  - [p2p] Remove unused function `MakePoWTarget`. (@erikgrinaker)
-  - [libs/bits] \#5720 Validate `BitArray` in `FromProto`, which now returns an error (@melekes)
-  - [proto/p2p] Rename `DefaultNodeInfo` and `DefaultNodeInfoOther` to `NodeInfo` and `NodeInfoOther` (@erikgrinaker)
-  - [proto/p2p] Rename `NodeInfo.default_node_id` to `node_id` (@erikgrinaker)
-  - [libs/os] Kill() and {Must,}{Read,Write}File() functions have been removed. (@alessio)
-  - [store] \#5848 Remove block store state in favor of using the db iterators directly (@cmwaters)
-  - [state] \#5864 Use an iterator when pruning state (@cmwaters)
-  - [types] \#6023 Remove `tm2pb.Header`, `tm2pb.BlockID`, `tm2pb.PartSetHeader` and `tm2pb.NewValidatorUpdate`.
-	- Each of the above types has a `ToProto` and `FromProto` method or function which replaced this logic.
-  - [light] \#6054 Move `MaxRetryAttempt` option from client to provider.
-	- `NewWithOptions` now sets the max retry attempts and timeouts (@cmwaters)
-  - [all] \#6077 Change spelling from British English to American (@cmwaters)
-	- Rename "Subscription.Cancelled()" to "Subscription.Canceled()" in libs/pubsub
-	- Rename "behaviour" pkg to "behavior" and internalized it in blockchain v2
-  - [rpc/client/http] \#6176 Remove `endpoint` arg from `New`, `NewWithTimeout` and `NewWithClient` (@melekes)
-  - [rpc/client/http] \#6176 Unexpose `WSEvents` (@melekes)
-  - [rpc/jsonrpc/client/ws_client] \#6176 `NewWS` no longer accepts options (use `NewWSWithOptions` and `OnReconnect` funcs to configure the client) (@melekes)
-  - [internal/libs] \#6366 Move `autofile`, `clist`,`fail`,`flowrate`, `protoio`, `sync`, `tempfile`, `test` and `timer` lib packages to an internal folder
-  - [libs/rand] \#6364 Remove most of libs/rand in favour of standard lib's `math/rand` (@liamsi)
-  - [mempool] \#6466 The original mempool reactor has been versioned as `v0` and moved to a sub-package under the root `mempool` package.
-	Some core types have been kept in the `mempool` package such as `TxCache` and it's implementations, the `Mempool` interface itself
-	and `TxInfo`. (@alexanderbez)
-  - [crypto/sr25519] \#6526 Do not re-execute the Ed25519-style key derivation step when doing signing and verification.  The derivation is now done once and only once.  This breaks `sr25519.GenPrivKeyFromSecret` output compatibility. (@Yawning)
-  - [types] \#6627 Move `NodeKey` to types to make the type public.
-  - [config] \#6627 Extend `config` to contain methods `LoadNodeKeyID` and `LoadorGenNodeKeyID`
-  - [blocksync] \#6755 Rename `FastSync` and `Blockchain` package to `BlockSync`
-	(@cmwaters)
+
+  - [pubsub] \#7231 Remove unbuffered subscriptions and rework the Subscription interface. (@creachadair)
+  - [eventbus] \#7231 Move the EventBus type to the internal/eventbus package. (@creachadair)
+  - [blocksync] \#7046 Remove v2 implementation of the blocksync service and recactor, which was disabled in the previous release. (@tychoish)
+  - [p2p] \#7064 Remove WDRR queue implementation. (@tychoish)
+  - [config] \#7169 `WriteConfigFile` now returns an error. (@tychoish)
+  - [libs/service] \#7288 Remove SetLogger method on `service.Service` interface. (@tychosih)
+

 - Blockchain Protocol

- Data Storage
-  - [store/state/evidence/light] \#5771 Use an order-preserving varint key encoding (@cmwaters)
-  - [mempool] \#6396 Remove mempool's write ahead log (WAL), (previously unused by the tendermint code). (@tychoish)
-  - [state] \#6541 Move pruneBlocks from consensus/state to state/execution. (@JayT106)
-
- Tooling
-  - [tools] \#6498 Set OS home dir to instead of the hardcoded PATH. (@JayT106)
-  - [cli/indexer] \#6676 Reindex events command line tooling. (@JayT106)
-
 ### FEATURES

- [config] Add `--mode` flag and config variable. See [ADR-52](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-052-tendermint-mode.md) @dongsam
- [rpc] \#6329 Don't cap page size in unsafe mode (@gotjoshua, @cmwaters)
- [pex] \#6305 v2 pex reactor with backwards compatability. Introduces two new pex messages to
-  accomodate for the new p2p stack. Removes the notion of seeds and crawling. All peer
-  exchange reactors behave the same. (@cmwaters)
- [crypto] \#6376 Enable sr25519 as a validator key
- [mempool] \#6466 Introduction of a prioritized mempool. (@alexanderbez)
-  - `Priority` and `Sender` have been introduced into the `ResponseCheckTx` type, where the `priority` will determine the prioritization of
-  the transaction when a proposer reaps transactions for a block proposal. The `sender` field acts as an index.
-  - Operators may toggle between the legacy mempool reactor, `v0`, and the new prioritized reactor, `v1`, by setting the
-  `mempool.version` configuration, where `v1` is the default configuration.
-  - Applications that do not specify a priority, i.e. zero, will have transactions reaped by the order in which they are received by the node.
-  - Transactions are gossiped in FIFO order as they are in `v0`.
- [config/indexer] \#6411 Introduce support for custom event indexing data sources, specifically PostgreSQL. (@JayT106)
- [fastsync/event] \#6619 Emit fastsync status event when switching consensus/fastsync (@JayT106)
- [statesync/event] \#6700 Emit statesync status start/end event (@JayT106)
- [inspect] \#6785 Add a new `inspect` command for introspecting the state and block store of a crashed tendermint node. (@williambanfield)
+- [cli] [#7033](https://github.com/tendermint/tendermint/pull/7033) Add a `rollback` command to rollback to the previous tendermint state in the event of non-determinstic app hash or reverting an upgrade.
+- [mempool, rpc] \#7041  Add removeTx operation to the RPC layer. (@tychoish)

 ### IMPROVEMENTS

- [libs/log] Console log formatting changes as a result of \#6534 and \#6589. (@tychoish)
- [statesync] \#6566 Allow state sync fetchers and request timeout to be configurable. (@alexanderbez)
- [types] \#6478 Add `block_id` to `newblock` event (@jeebster)
- [crypto/ed25519] \#5632 Adopt zip215 `ed25519` verification. (@marbar3778)
- [crypto/ed25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `ed25519` signing and verification. (@Yawning)
- [crypto/sr25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `sr25519` signing and verification. (@Yawning)
- [privval] \#5603 Add `--key` to `init`, `gen_validator`, `testnet` & `unsafe_reset_priv_validator` for use in generating `secp256k1` keys.
- [privval] \#5725 Add gRPC support to private validator.
- [privval] \#5876 `tendermint show-validator` will query the remote signer if gRPC is being used (@marbar3778)
- [abci/client] \#5673 `Async` requests return an error if queue is full (@melekes)
- [mempool] \#5673 Cancel `CheckTx` requests if RPC client disconnects or times out (@melekes)
- [abci] \#5706 Added `AbciVersion` to `RequestInfo` allowing applications to check ABCI version when connecting to Tendermint. (@marbar3778)
- [blockchain/v1] \#5728 Remove in favor of v2 (@melekes)
- [blockchain/v0] \#5741 Relax termination conditions and increase sync timeout (@melekes)
- [cli] \#5772 `gen_node_key` output now contains node ID (`id` field) (@melekes)
- [blockchain/v2] \#5774 Send status request when new peer joins (@melekes)
- [consensus] \#5792 Deprecates the `time_iota_ms` consensus parameter, to reduce the bug surface. The parameter is no longer used. (@valardragon)
- [store] \#5888 store.SaveBlock saves using batches instead of transactions for now to improve ACID properties. This is a quick fix for underlying issues around tm-db and ACID guarantees. (@githubsands)
- [consensus] \#5987 Remove `time_iota_ms` from consensus params. Merge `tmproto.ConsensusParams` and `abci.ConsensusParams`. (@marbar3778)
- [types] \#5994 Reduce the use of protobuf types in core logic. (@marbar3778)
-  - `ConsensusParams`, `BlockParams`, `ValidatorParams`, `EvidenceParams`, `VersionParams`, `sm.Version` and `version.Consensus` have become native types. They still utilize protobuf when being sent over the wire or written to disk.
- [rpc/client/http] \#6163 Do not drop events even if the `out` channel is full (@melekes)
- [node] \#6059 Validate and complete genesis doc before saving to state store (@silasdavis)
- [state] \#6067 Batch save state data (@githubsands & @cmwaters)
- [crypto] \#6120 Implement batch verification interface for ed25519 and sr25519. (@marbar3778)
- [types] \#6120 use batch verification for verifying commits signatures.
-  - If the key type supports the batch verification API it will try to batch verify. If the verification fails we will single verify each signature.
- [privval/file] \#6185 Return error on `LoadFilePV`, `LoadFilePVEmptyState`. Allows for better programmatic control of Tendermint.
- [privval] \#6240 Add `context.Context` to privval interface.
- [rpc] \#6265 set cache control in http-rpc response header (@JayT106)
- [statesync] \#6378 Retry requests for snapshots and add a minimum discovery time (5s) for new snapshots.
- [node/state] \#6370 graceful shutdown in the consensus reactor (@JayT106)
- [crypto/merkle] \#6443 Improve HashAlternatives performance (@cuonglm)
- [crypto/merkle] \#6513 Optimize HashAlternatives (@marbar3778)
- [p2p/pex] \#6509 Improve addrBook.hash performance (@cuonglm)
- [consensus/metrics] \#6549 Change block_size gauge to a histogram for better observability over time (@marbar3778)
- [statesync] \#6587 Increase chunk priority and re-request chunks that don't arrive (@cmwaters)
- [state/privval] \#6578 No GetPubKey retry beyond the proposal/voting window (@JayT106)
- [rpc] \#6615 Add TotalGasUsed to block_results response (@crypto-facs)
- [cmd/tendermint/commands] \#6623 replace `$HOME/.some/test/dir` with `t.TempDir` (@tanyabouman)
-
 ### BUG FIXES

- [privval] \#5638 Increase read/write timeout to 5s and calculate ping interval based on it (@JoeKash)
- [blockchain/v1] [\#5701](https://github.com/tendermint/tendermint/pull/5701) Handle peers without blocks (@melekes)
- [blockchain/v1] \#5711 Fix deadlock (@melekes)
- [evidence] \#6375 Fix bug with inconsistent LightClientAttackEvidence hashing (cmwaters)
- [rpc] \#6507 Ensure RPC client can handle URLs without ports (@JayT106)
- [statesync] \#6463 Adds Reverse Sync feature to fetch historical light blocks after state sync in order to verify any evidence (@cmwaters)
- [fastsync] \#6590 Update the metrics during fast-sync (@JayT106)
- [gitignore] \#6668 Fix gitignore of abci-cli (@tanyabouman)
+- fix: assignment copies lock value in `BitArray.UnmarshalJSON()` (@lklimek)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -109,7 +109,7 @@ We use [Protocol Buffers](https://developers.google.com/protocol-buffers) along

 For linting, checking breaking changes and generating proto stubs, we use [buf](https://buf.build/). If you would like to run linting and check if the changes you have made are breaking then you will need to have docker running locally. Then the linting cmd will be `make proto-lint` and the breaking changes check will be `make proto-check-breaking`.

-We use [Docker](https://www.docker.com/) to generate the protobuf stubs. To generate the stubs yourself, make sure docker is running then run `make proto-gen`.
+We use [Docker](https://www.docker.com/) to generate the protobuf stubs. To generate the stubs yourself, make sure docker is running then run `make proto-gen`. This command uses the spec repo to get the necessary protobuf files for generating the go code. If you are modifying the proto files manually for changes in the core data structures, you will need to clone them into the go repo and comment out lines 22-37 of the file `./scripts/protocgen.sh`.

 ### Visual Studio Code

@@ -227,141 +227,6 @@ Fixes #nnnn

 Each PR should have one commit once it lands on `master`; this can be accomplished by using the "squash and merge" button on Github. Be sure to edit your commit message, though!

-### Release procedure
-
-#### A note about backport branches
-Tendermint's `master` branch is under active development.
-Releases are specified using tags and are built from long-lived "backport" branches.
-Each release "line" (e.g. 0.34 or 0.33) has its own long-lived backport branch,
-and the backport branches have names like `v0.34.x` or `v0.33.x`
-(literally, `x`; it is not a placeholder in this case).
-
-As non-breaking changes land on `master`, they should also be backported (cherry-picked)
-to these backport branches.
-
-We use Mergify's [backport feature](https://mergify.io/features/backports) to automatically backport
-to the needed branch. There should be a label for any backport branch that you'll be targeting.
-To notify the bot to backport a pull request, mark the pull request with
-the label `S:backport-to-<backport_branch>`.
-Once the original pull request is merged, the bot will try to cherry-pick the pull request
-to the backport branch. If the bot fails to backport, it will open a pull request.
-The author of the original pull request is responsible for solving the conflicts and
-merging the pull request.
-
-#### Creating a backport branch
-If this is the first release candidate for a major release, you get to have the honor of creating
-the backport branch!
-
-Note that, after creating the backport branch, you'll also need to update the tags on `master`
-so that `go mod` is able to order the branches correctly. You should tag `master` with a "dev" tag
-that is "greater than" the backport branches tags. See #6072 for more context.
-
-In the following example, we'll assume that we're making a backport branch for
-the 0.35.x line.
-
-1. Start on `master`
-2. Create the backport branch:
-   `git checkout -b v0.35.x`
-3. Go back to master and tag it as the dev branch for the _next_ major release and push it back up:
-   `git tag -a v0.36.0-dev; git push v0.36.0-dev`
-4. Create a new workflow to run the e2e nightlies for this backport branch.
-   (See https://github.com/tendermint/tendermint/blob/master/.github/workflows/e2e-nightly-34x.yml
-   for an example.)
-
-#### Release candidates
-
-Before creating an official release, especially a major release, we may want to create a
-release candidate (RC) for our friends and partners to test out. We use git tags to
-create RCs, and we build them off of backport branches.
-
-Tags for RCs should follow the "standard" release naming conventions, with `-rcX` at the end
-(for example, `v0.35.0-rc0`).
-
-(Note that branches and tags _cannot_ have the same names, so it's important that these branches
-have distinct names from the tags/release names.)
-
-If this is the first RC for a major release, you'll have to make a new backport branch (see above).
-Otherwise:
-
-1. Start from the backport branch (e.g. `v0.35.x`).
-1. Run the integration tests and the e2e nightlies
-   (which can be triggered from the Github UI;
-   e.g., https://github.com/tendermint/tendermint/actions/workflows/e2e-nightly-34x.yml).
-1. Prepare the changelog:
-   - Move the changes included in `CHANGELOG_PENDING.md` into `CHANGELOG.md`.
-   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
-     all PRs
-   - Ensure that UPGRADING.md is up-to-date and includes notes on any breaking changes
-      or other upgrading flows.
-   - Bump TMVersionDefault version in  `version.go`
-   - Bump P2P and block protocol versions in  `version.go`, if necessary
-   - Bump ABCI protocol version in `version.go`, if necessary
-1. Open a PR with these changes against the backport branch.
-1. Once these changes have landed on the backport branch, be sure to pull them back down locally.
-2. Once you have the changes locally, create the new tag, specifying a name and a tag "message":
-   `git tag -a v0.35.0-rc0 -m "Release Candidate v0.35.0-rc0`
-3. Push the tag back up to origin:
-   `git push origin v0.35.0-rc0`
-   Now the tag should be available on the repo's releases page.
-4. Future RCs will continue to be built off of this branch.
-
-Note that this process should only be used for "true" RCs--
-release candidates that, if successful, will be the next release.
-For more experimental "RCs," create a new, short-lived branch and tag that instead.
-
-#### Major release
-
-This major release process assumes that this release was preceded by release candidates.
-If there were no release candidates, begin by creating a backport branch, as described above.
-
-1. Start on the backport branch (e.g. `v0.35.x`)
-2. Run integration tests and the e2e nightlies.
-3. Prepare the release:
-   - "Squash" changes from the changelog entries for the RCs into a single entry,
-      and add all changes included in `CHANGELOG_PENDING.md`.
-      (Squashing includes both combining all entries, as well as removing or simplifying
-      any intra-RC changes. It may also help to alphabetize the entries by package name.)
-   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
-     all PRs
-   - Ensure that UPGRADING.md is up-to-date and includes notes on any breaking changes
-      or other upgrading flows.
-   - Bump TMVersionDefault version in  `version.go`
-   - Bump P2P and block protocol versions in  `version.go`, if necessary
-   - Bump ABCI protocol version in `version.go`, if necessary
-4. Open a PR with these changes against the backport branch.
-5. Once these changes are on the backport branch, push a tag with prepared release details.
-   This will trigger the actual release `v0.35.0`.
-   - `git tag -a v0.35.0 -m 'Release v0.35.0'`
-   - `git push origin v0.35.0`
-7. Make sure that `master` is updated with the latest `CHANGELOG.md`, `CHANGELOG_PENDING.md`, and `UPGRADING.md`.
-
-#### Minor release (point releases)
-
-Minor releases are done differently from major releases: They are built off of long-lived backport branches, rather than from master.
-As non-breaking changes land on `master`, they should also be backported (cherry-picked) to these backport branches.
-
-Minor releases don't have release candidates by default, although any tricky changes may merit a release candidate.
-
-To create a minor release:
-
-1. Checkout the long-lived backport branch: `git checkout v0.35.x`
-2. Run integration tests (`make test_integrations`) and the nightlies.
-3. Check out a new branch and prepare the release:
-   - Copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
-   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for all issues
-   - Run `bash ./scripts/authors.sh` to get a list of authors since the latest release, and add the GitHub aliases of external contributors to the top of the CHANGELOG. To lookup an alias from an email, try `bash ./scripts/authors.sh <email>`
-   - Reset the `CHANGELOG_PENDING.md`
-   - Bump the ABCI version number, if necessary.
-     (Note that ABCI follows semver, and that ABCI versions are the only versions
-     which can change during minor releases, and only field additions are valid minor changes.)
-4. Open a PR with these changes that will land them back on `v0.35.x`
-5. Once this change has landed on the backport branch, make sure to pull it locally, then push a tag.
-   - `git tag -a v0.35.1 -m 'Release v0.35.1'`
-   - `git push origin v0.35.1`
-6. Create a pull request back to master with the CHANGELOG & version changes from the latest release.
-   - Remove all `R:minor` labels from the pull requests that were included in the release.
-   - Do not merge the backport branch into master.
-
 ## Testing

 ### Unit tests
--- a/33
+++ b/33
@@ -14,8 +14,8 @@ endif

 LD_FLAGS = -X github.com/tendermint/tendermint/version.TMVersion=$(VERSION)
 BUILD_FLAGS = -mod=readonly -ldflags "$(LD_FLAGS)"
-HTTPS_GIT := https://github.com/tendermint/tendermint.git
-DOCKER_BUF := docker run -v $(shell pwd):/workspace --workdir /workspace bufbuild/buf
+BUILD_IMAGE := ghcr.io/tendermint/docker-build-proto
+DOCKER_PROTO_BUILDER := docker run -v $(shell pwd):/workspace --workdir /workspace $(BUILD_IMAGE)
 CGO_ENABLED ?= 0

 # handle nostrip
@@ -79,32 +79,17 @@ $(BUILDDIR)/:
 ###                                Protobuf                                 ###
 ###############################################################################

-proto-all: proto-gen proto-lint proto-check-breaking
-.PHONY: proto-all
-
 proto-gen:
 	@docker pull -q tendermintdev/docker-build-proto
 	@echo "Generating Protobuf files"
-	@docker run -v $(shell pwd):/workspace --workdir /workspace tendermintdev/docker-build-proto sh ./scripts/protocgen.sh
+	@$(DOCKER_PROTO_BUILDER) sh ./scripts/protocgen.sh
 .PHONY: proto-gen

-proto-lint:
-	@$(DOCKER_BUF) check lint --error-format=json
-.PHONY: proto-lint
-
 proto-format:
 	@echo "Formatting Protobuf files"
-	docker run -v $(shell pwd):/workspace --workdir /workspace tendermintdev/docker-build-proto find ./ -not -path "./third_party/*" -name *.proto -exec clang-format -i {} \;
+	@$(DOCKER_PROTO_BUILDER) find ./ -not -path "./third_party/*" -name *.proto -exec clang-format -i {} \;
 .PHONY: proto-format

-proto-check-breaking:
-	@$(DOCKER_BUF) check breaking --against-input .git#branch=master
-.PHONY: proto-check-breaking
-
-proto-check-breaking-ci:
-	@$(DOCKER_BUF) check breaking --against-input $(HTTPS_GIT)#branch=master
-.PHONY: proto-check-breaking-ci
-
 ###############################################################################
 ###                              Build ABCI                                 ###
 ###############################################################################
@@ -131,11 +116,11 @@ generate_test_cert:
 	# generate server cerificate
 	@certstrap request-cert -cn server -ip 127.0.0.1
 	# self-sign server cerificate with rootCA
-	@certstrap sign server --CA "root CA" 
+	@certstrap sign server --CA "root CA"
 	# generate client cerificate
 	@certstrap request-cert -cn client -ip 127.0.0.1
 	# self-sign client cerificate with rootCA
-	@certstrap sign client --CA "root CA" 
+	@certstrap sign client --CA "root CA"
 .PHONY: generate_test_cert

 ###############################################################################
@@ -214,7 +199,7 @@ DESTINATION = ./index.html.md
 build-docs:
 	@cd docs && \
 	while read -r branch path_prefix; do \
-		(git checkout $${branch} && npm install && VUEPRESS_BASE="/$${path_prefix}/" npm run build) ; \
+		(git checkout $${branch} && npm ci && VUEPRESS_BASE="/$${path_prefix}/" npm run build) ; \
 		mkdir -p ~/output/$${path_prefix} ; \
 		cp -r .vuepress/dist/* ~/output/$${path_prefix}/ ; \
 		cp ~/output/$${path_prefix}/index.html ~/output ; \
@@ -227,13 +212,13 @@ build-docs:

 build-docker: build-linux
 	cp $(BUILDDIR)/tendermint DOCKER/tendermint
-	docker build --label=tendermint --tag="tendermint/tendermint" DOCKER
+	docker build --label=tendermint --tag="tendermint/tendermint" -f DOCKER/Dockerfile .
 	rm -rf DOCKER/tendermint
 .PHONY: build-docker


 ###############################################################################
-###                       Mocks 											###
+###                                Mocks                                    ###
 ###############################################################################

 mockery:
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ Or [Blockchain](<https://en.wikipedia.org/wiki/Blockchain_(database)>), for shor
 [![version](https://img.shields.io/github/tag/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/releases/latest)
 [![API Reference](https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667)](https://pkg.go.dev/github.com/tendermint/tendermint)
 [![Go version](https://img.shields.io/badge/go-1.16-blue.svg)](https://github.com/moovweb/gvm)
-[![Discord chat](https://img.shields.io/discord/669268347736686612.svg)](https://discord.gg/vcExX9T)
+[![Discord chat](https://img.shields.io/discord/669268347736686612.svg)](https://discord.gg/cosmosnetwork)
 [![license](https://img.shields.io/github/license/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/blob/master/LICENSE)
 [![tendermint/tendermint](https://tokei.rs/b1/github/tendermint/tendermint?category=lines)](https://github.com/tendermint/tendermint)
 [![Sourcegraph](https://sourcegraph.com/github.com/tendermint/tendermint/-/badge.svg)](https://sourcegraph.com/github.com/tendermint/tendermint?badge)
@@ -33,12 +33,14 @@ Tendermint has been in the production of private and public environments, most n
 See below for more details about [versioning](#versioning).

 In any case, if you intend to run Tendermint in production, we're happy to help. You can
-contact us [over email](mailto:hello@interchain.berlin) or [join the chat](https://discord.gg/vcExX9T).
+contact us [over email](mailto:hello@interchain.berlin) or [join the chat](https://discord.gg/cosmosnetwork).
+
+More on how releases are conducted can be found [here](./RELEASES.md).

 ## Security

 To report a security vulnerability, see our [bug bounty
-program](https://hackerone.com/tendermint). 
+program](https://hackerone.com/cosmos). 
 For examples of the kinds of bugs we're looking for, see [our security policy](SECURITY.md).

 We also maintain a dedicated mailing list for security updates. We will only ever use this mailing list
@@ -82,32 +84,12 @@ and familiarize yourself with our
 Tendermint uses [Semantic Versioning](http://semver.org/) to determine when and how the version changes.
 According to SemVer, anything in the public API can change at any time before version 1.0.0

-To provide some stability to Tendermint users in these 0.X.X days, the MINOR version is used
-to signal breaking changes across a subset of the total public API. This subset includes all
-interfaces exposed to other processes (cli, rpc, p2p, etc.), but does not
-include the Go APIs.
+To provide some stability to users of 0.X.X versions of Tendermint, the MINOR version is used
+to signal breaking changes across Tendermint's API. This API includes all
+publicly exposed types, functions, and methods in non-internal Go packages as well as
+the types and methods accessible via the Tendermint RPC interface.

-That said, breaking changes in the following packages will be documented in the
-CHANGELOG even if they don't lead to MINOR version bumps:
-
- crypto
- config
- libs
-    - bits
-    - bytes
-    - json
-    - log
-    - math
-    - net
-    - os
-    - protoio
-    - rand
-    - sync
-    - strings
-    - service
- node
- rpc/client
- types
+Breaking changes to these public APIs will be documented in the CHANGELOG.

 ### Upgrades

@@ -132,6 +114,8 @@ in [UPGRADING.md](./UPGRADING.md).

 ### Tendermint Core

+We keep a public up-to-date version of our roadmap [here](./docs/roadmap/roadmap.md)
+
 For details about the blockchain data structures and the p2p protocols, see the
 [Tendermint specification](https://docs.tendermint.com/master/spec/).

--- a/RELEASES.md
+++ b/RELEASES.md
@@ -0,0 +1,180 @@
+# Releases
+
+Tendermint uses [semantic versioning](https://semver.org/) with each release following
+a `vX.Y.Z` format. The `master` branch is used for active development and thus it's
+advisable not to build against it.
+
+The latest changes are always initially merged into `master`.
+Releases are specified using tags and are built from long-lived "backport" branches
+that are cut from `master` when the release process begins.
+Each release "line" (e.g. 0.34 or 0.33) has its own long-lived backport branch,
+and the backport branches have names like `v0.34.x` or `v0.33.x`
+(literally, `x`; it is not a placeholder in this case). Tendermint only
+maintains the last two releases at a time (the oldest release is predominantly
+just security patches).
+
+## Backporting
+
+As non-breaking changes land on `master`, they should also be backported
+to these backport branches.
+
+We use Mergify's [backport feature](https://mergify.io/features/backports) to automatically backport
+to the needed branch. There should be a label for any backport branch that you'll be targeting.
+To notify the bot to backport a pull request, mark the pull request with the label corresponding
+to the correct backport branch. For example, to backport to v0.35.x, add the label `S:backport-to-v0.35.x`.
+Once the original pull request is merged, the bot will try to cherry-pick the pull request
+to the backport branch. If the bot fails to backport, it will open a pull request.
+The author of the original pull request is responsible for solving the conflicts and
+merging the pull request.
+
+### Creating a backport branch
+
+If this is the first release candidate for a major release, you get to have the
+honor of creating the backport branch!
+
+Note that, after creating the backport branch, you'll also need to update the
+tags on `master` so that `go mod` is able to order the branches correctly. You
+should tag `master` with a "dev" tag that is "greater than" the backport
+branches tags. See [#6072](https://github.com/tendermint/tendermint/pull/6072)
+for more context.
+
+In the following example, we'll assume that we're making a backport branch for
+the 0.35.x line.
+
+1. Start on `master`
+2. Create and push the backport branch:
+   ```sh
+   git checkout -b v0.35.x
+   git push origin v0.35.x
+   ```
+
+After doing these steps, go back to `master` and do the following:
+
+1. Tag `master` as the dev branch for the _next_ major release and push it back up.
+   For example:
+   ```sh
+   git tag -a v0.36.0-dev -m "Development base for Tendermint v0.36."
+   git push origin v0.36.0-dev
+   ```
+
+2. Create a new workflow to run e2e nightlies for the new backport branch.
+   (See [e2e-nightly-master.yml][e2e] for an example.)
+
+3. Add a new section to the Mergify config (`.github/mergify.yml`) to enable the
+   backport bot to work on this branch, and add a corresponding `S:backport-to-v0.35.x`
+   [label](https://github.com/tendermint/tendermint/labels) so the bot can be triggered.
+
+4. Add a new section to the Dependabot config (`.github/dependabot.yml`) to
+   enable automatic update of Go dependencies on this branch. Copy and edit one
+   of the existing branch configurations to set the correct `target-branch`.
+
+[e2e]: https://github.com/tendermint/tendermint/blob/master/.github/workflows/e2e-nightly-master.yml
+
+## Release candidates
+
+Before creating an official release, especially a major release, we may want to create a
+release candidate (RC) for our friends and partners to test out. We use git tags to
+create RCs, and we build them off of backport branches.
+
+Tags for RCs should follow the "standard" release naming conventions, with `-rcX` at the end
+(for example, `v0.35.0-rc0`).
+
+(Note that branches and tags _cannot_ have the same names, so it's important that these branches
+have distinct names from the tags/release names.)
+
+If this is the first RC for a major release, you'll have to make a new backport branch (see above).
+Otherwise:
+
+1. Start from the backport branch (e.g. `v0.35.x`).
+2. Run the integration tests and the e2e nightlies
+   (which can be triggered from the Github UI;
+   e.g., https://github.com/tendermint/tendermint/actions/workflows/e2e-nightly-34x.yml).
+3. Prepare the changelog:
+   - Move the changes included in `CHANGELOG_PENDING.md` into `CHANGELOG.md`. Each RC should have
+     it's own changelog section. These will be squashed when the final candidate is released.
+   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
+     all PRs
+   - Ensure that `UPGRADING.md` is up-to-date and includes notes on any breaking changes
+      or other upgrading flows.
+   - Bump TMVersionDefault version in  `version.go`
+   - Bump P2P and block protocol versions in  `version.go`, if necessary.
+     Check the changelog for breaking changes in these components.
+   - Bump ABCI protocol version in `version.go`, if necessary
+4. Open a PR with these changes against the backport branch.
+5. Once these changes have landed on the backport branch, be sure to pull them back down locally.
+6. Once you have the changes locally, create the new tag, specifying a name and a tag "message":
+   `git tag -a v0.35.0-rc0 -m "Release Candidate v0.35.0-rc0`
+7. Push the tag back up to origin:
+   `git push origin v0.35.0-rc0`
+   Now the tag should be available on the repo's releases page.
+8. Future RCs will continue to be built off of this branch.
+
+Note that this process should only be used for "true" RCs--
+release candidates that, if successful, will be the next release.
+For more experimental "RCs," create a new, short-lived branch and tag that instead.
+
+## Major release
+
+This major release process assumes that this release was preceded by release candidates.
+If there were no release candidates, begin by creating a backport branch, as described above.
+
+1. Start on the backport branch (e.g. `v0.35.x`)
+2. Run integration tests (`make test_integrations`) and the e2e nightlies.
+3. Prepare the release:
+   - "Squash" changes from the changelog entries for the RCs into a single entry,
+      and add all changes included in `CHANGELOG_PENDING.md`.
+      (Squashing includes both combining all entries, as well as removing or simplifying
+      any intra-RC changes. It may also help to alphabetize the entries by package name.)
+   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
+     all PRs
+   - Ensure that `UPGRADING.md` is up-to-date and includes notes on any breaking changes
+      or other upgrading flows.
+   - Bump TMVersionDefault version in  `version.go`
+   - Bump P2P and block protocol versions in  `version.go`, if necessary
+   - Bump ABCI protocol version in `version.go`, if necessary
+4. Open a PR with these changes against the backport branch.
+5. Once these changes are on the backport branch, push a tag with prepared release details.
+   This will trigger the actual release `v0.35.0`.
+   - `git tag -a v0.35.0 -m 'Release v0.35.0'`
+   - `git push origin v0.35.0`
+6. Make sure that `master` is updated with the latest `CHANGELOG.md`, `CHANGELOG_PENDING.md`, and `UPGRADING.md`.
+7. Add the release to the documentation site generator config (see
+   [DOCS_README.md](./docs/DOCS_README.md) for more details). In summary:
+   - Start on branch `master`.
+   - Add a new line at the bottom of [`docs/versions`](./docs/versions) to
+     ensure the newest release is the default for the landing page.
+   - Add a new entry to `themeConfig.versions` in
+     [`docs/.vuepress/config.js`](./docs/.vuepress/config.js) to include the
+	 release in the dropdown versions menu.
+   - Commit these changes to `master` and backport them into the backport
+     branch for this release.
+
+## Minor release (point releases)
+
+Minor releases are done differently from major releases: They are built off of
+long-lived backport branches, rather than from master.  As non-breaking changes
+land on `master`, they should also be backported into these backport branches.
+
+Minor releases don't have release candidates by default, although any tricky
+changes may merit a release candidate.
+
+To create a minor release:
+
+1. Checkout the long-lived backport branch: `git checkout v0.35.x`
+2. Run integration tests (`make test_integrations`) and the nightlies.
+3. Check out a new branch and prepare the release:
+   - Copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
+   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for all issues
+   - Run `bash ./scripts/authors.sh` to get a list of authors since the latest release, and add the GitHub aliases of external contributors to the top of the CHANGELOG. To lookup an alias from an email, try `bash ./scripts/authors.sh <email>`
+   - Reset the `CHANGELOG_PENDING.md`
+   - Bump the TMDefaultVersion in `version.go`
+   - Bump the ABCI version number, if necessary.
+     (Note that ABCI follows semver, and that ABCI versions are the only versions
+     which can change during minor releases, and only field additions are valid minor changes.)
+4. Open a PR with these changes that will land them back on `v0.35.x`
+5. Once this change has landed on the backport branch, make sure to pull it locally, then push a tag.
+   - `git tag -a v0.35.1 -m 'Release v0.35.1'`
+   - `git push origin v0.35.1`
+6. Create a pull request back to master with the CHANGELOG & version changes from the latest release.
+   - Remove all `R:minor` labels from the pull requests that were included in the release.
+   - Do not merge the backport branch into master.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@

 As part of our [Coordinated Vulnerability Disclosure
 Policy](https://tendermint.com/security), we operate a [bug
-bounty](https://hackerone.com/tendermint).
+bounty](https://hackerone.com/cosmos).
 See the policy for more details on submissions and rewards, and see "Example Vulnerabilities" (below) for examples of the kinds of bugs we're most interested in.

 ### Guidelines
@@ -86,7 +86,7 @@ If you are running older versions of Tendermint Core, we encourage you to upgrad

 ## Scope

-The full scope of our bug bounty program is outlined on our [Hacker One program page](https://hackerone.com/tendermint). Please also note that, in the interest of the safety of our users and staff, a few things are explicitly excluded from scope:
+The full scope of our bug bounty program is outlined on our [Hacker One program page](https://hackerone.com/cosmos). Please also note that, in the interest of the safety of our users and staff, a few things are explicitly excluded from scope:

 * Any third-party services
 * Findings from physical testing, such as office access
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -2,7 +2,7 @@

 This guide provides instructions for upgrading to specific versions of Tendermint Core.

-## Unreleased
+## v0.35

 ### ABCI Changes

@@ -17,7 +17,16 @@ This guide provides instructions for upgrading to specific versions of Tendermin

 ### Config Changes

-* `fast_sync = "v1"` and `fast_sync = "v2"` are no longer supported. Please use `v0` instead.
+* The configuration file field `[fastsync]` has been renamed to `[blocksync]`.
+
+* The top level configuration file field `fast-sync` has moved under the new `[blocksync]`
+  field as `blocksync.enable`.
+
+* `blocksync.version = "v1"` and `blocksync.version = "v2"` (previously `fastsync`)
+  are no longer supported. Please use `v0` instead. During the v0.35 release cycle, `v0` was
+  determined to suit the existing needs and the cost of maintaining the `v1` and `v2` modules
+  was determined to be greater than necessary.
+

 * All config parameters are now hyphen-case (also known as kebab-case) instead of snake_case. Before restarting the node make sure
  you have updated all the variables in your `config.toml` file.
@@ -35,7 +44,7 @@ This guide provides instructions for upgrading to specific versions of Tendermin
 * The fast sync process as well as the blockchain package and service has all
  been renamed to block sync

-### Key Format Changes
+### Database Key Format Changes

 The format of all tendermint on-disk database keys changes in
 0.35. Upgrading nodes must either re-sync all data or run a migration
@@ -60,6 +69,8 @@ if needed.

 * You must now specify the node mode (validator|full|seed) in `tendermint init [mode]`

+* The `--fast-sync` command line option has been renamed to `--blocksync.enable`
+
 * If you had previously used `tendermint gen_node_key` to generate a new node
  key, keep in mind that it no longer saves the output to a file. You can use
  `tendermint init validator` or pipe the output of `tendermint gen_node_key` to
@@ -74,8 +85,8 @@ if needed.

 ### API Changes

-The p2p layer was reimplemented as part of the 0.35 release cycle, and
-all reactors were refactored. As part of that work these
+The p2p layer was reimplemented as part of the 0.35 release cycle and
+all reactors were refactored to accomodate the change. As part of that work these
 implementations moved into the `internal` package and are no longer
 considered part of the public Go API of tendermint. These packages
 are:
@@ -87,7 +98,7 @@ are:
 - `blockchain`
 - `evidence`

-Accordingly, the `node` package was changed to reduce access to
+Accordingly, the `node` package changed to reduce access to
 tendermint internals: applications that use tendermint as a library
 will need to change to accommodate these changes. Most notably:

@@ -98,13 +109,25 @@ will need to change to accommodate these changes. Most notably:
  longer exported and have been replaced with `node.New` and
  `node.NewDefault` which provide more functional interfaces.

-### RPC changes
+To access any of the functionality previously available via the
+`node.Node` type, use the `*local.Local` "RPC" client, that exposes
+the full RPC interface provided as direct function calls. Import the
+`github.com/tendermint/tendermint/rpc/client/local` package and pass
+the node service as in the following: 

-#### gRPC Support
+```go
+    node := node.NewDefault() //construct the node object
+    // start and set up the node service 
+
+    client := local.New(node.(local.NodeService))
+    // use client object to interact with the node
+```
+
+### gRPC Support

 Mark gRPC in the RPC layer as deprecated and to be removed in 0.36.

-#### Peer Management Interface
+### Peer Management Interface

 When running with the new P2P Layer, the methods `UnsafeDialSeeds` and
 `UnsafeDialPeers` RPC methods will always return an error. They are
@@ -116,6 +139,58 @@ method changes in this release to accommodate the different way that
 the new stack tracks data about peers. This change affects users of
 both stacks.

+### Using the updated p2p library
+
+The P2P library was reimplemented in this release. The new implementation is
+enabled by default in this version of Tendermint. The legacy implementation is still
+included in this version of Tendermint as a backstop to work around unforeseen
+production issues. The new and legacy version are interoperable. If necessary, 
+you can enable the legacy implementation in the server configuration file.
+
+To make use of the legacy P2P implemementation add or update the following field of 
+your server's configuration file under the `[p2p]` section:
+
+```toml
+[p2p]
+...
+use-legacy = true
+...
+```
+
+If you need to do this, please consider filing an issue in the Tendermint repository
+to let us know why. We plan to remove the legacy P2P code in the next (v0.36) release.
+
+#### New p2p queue types
+
+The new p2p implementation enables selection of the queue type to be used for
+passing messages between peers.
+
+The following values may be used when selecting which queue type to use:
+
+* `fifo`: (**default**) An unbuffered and lossless queue that passes messages through
+in the order in which they were received.
+
+* `priority`: A priority queue of messages.
+
+* `wdrr`: A queue implementing the Weighted Deficit Round Robin algorithm. A 
+weighted deficit round robin queue is created per peer. Each queue contains a 
+separate 'flow' for each of the channels of communication that exist between any two
+peers. Tendermint maintains a channel per message type between peers. Each WDRR
+queue maintains a shared buffered with a fixed capacity through which messages on different
+flows are passed.
+For more information on WDRR scheduling, see: https://en.wikipedia.org/wiki/Deficit_round_robin
+
+To select a queue type, add or update the following field under the `[p2p]`
+section of your server's configuration file.
+
+```toml
+[p2p]
+...
+queue-type = wdrr
+...
+```
+
+
 ### Support for Custom Reactor and Mempool Implementations

 The changes to p2p layer removed existing support for custom
--- a/abci/README.md
+++ b/abci/README.md
@@ -20,7 +20,7 @@ To get up and running quickly, see the [getting started guide](../docs/app-dev/g
 A detailed description of the ABCI methods and message types is contained in:

 - [The main spec](https://github.com/tendermint/spec/blob/master/spec/abci/abci.md)
- [A protobuf file](../proto/tendermint/abci/types.proto)
+- [A protobuf file](https://github.com/tendermint/spec/blob/master/proto/tendermint/abci/types.proto)
 - [A Go interface](./types/application.go)

 ## Protocol Buffers
--- a/abci/client/client.go
+++ b/abci/client/client.go
@@ -1,4 +1,4 @@
-package abcicli
+package abciclient

 import (
 	"context"
@@ -7,6 +7,7 @@ import (

 	"github.com/tendermint/tendermint/abci/types"
 	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
+	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/libs/service"
 )

@@ -68,12 +69,12 @@ type Client interface {

 // NewClient returns a new ABCI client of the specified transport type.
 // It returns an error if the transport is not "socket" or "grpc"
-func NewClient(addr, transport string, mustConnect bool) (client Client, err error) {
+func NewClient(logger log.Logger, addr, transport string, mustConnect bool) (client Client, err error) {
 	switch transport {
 	case "socket":
-		client = NewSocketClient(addr, mustConnect)
+		client = NewSocketClient(logger, addr, mustConnect)
 	case "grpc":
-		client = NewGRPCClient(addr, mustConnect)
+		client = NewGRPCClient(logger, addr, mustConnect)
 	default:
 		err = fmt.Errorf("unknown abci transport %s", transport)
 	}
@@ -87,7 +88,7 @@ type ReqRes struct {
 	*sync.WaitGroup
 	*types.Response // Not set atomically, so be sure to use WaitGroup.

-	mtx  tmsync.RWMutex
+	mtx  tmsync.Mutex
 	done bool                  // Gets set to true once *after* WaitGroup.Done().
 	cb   func(*types.Response) // A single callback that may be set.
 }
@@ -137,16 +138,16 @@ func (r *ReqRes) InvokeCallback() {
 //
 // ref: https://github.com/tendermint/tendermint/issues/5439
 func (r *ReqRes) GetCallback() func(*types.Response) {
-	r.mtx.RLock()
-	defer r.mtx.RUnlock()
+	r.mtx.Lock()
+	defer r.mtx.Unlock()
 	return r.cb
 }

 // SetDone marks the ReqRes object as done.
 func (r *ReqRes) SetDone() {
 	r.mtx.Lock()
-	defer r.mtx.Unlock()
 	r.done = true
+	r.mtx.Unlock()
 }

 func waitGroup1() (wg *sync.WaitGroup) {
--- a/abci/client/creators.go
+++ b/abci/client/creators.go
@@ -0,0 +1,36 @@
+package abciclient
+
+import (
+	"fmt"
+
+	"github.com/tendermint/tendermint/abci/types"
+	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
+	"github.com/tendermint/tendermint/libs/log"
+)
+
+// Creator creates new ABCI clients.
+type Creator func(log.Logger) (Client, error)
+
+// NewLocalCreator returns a Creator for the given app,
+// which will be running locally.
+func NewLocalCreator(app types.Application) Creator {
+	mtx := new(tmsync.Mutex)
+
+	return func(_ log.Logger) (Client, error) {
+		return NewLocalClient(mtx, app), nil
+	}
+}
+
+// NewRemoteCreator returns a Creator for the given address (e.g.
+// "192.168.0.1") and transport (e.g. "tcp"). Set mustConnect to true if you
+// want the client to connect before reporting success.
+func NewRemoteCreator(logger log.Logger, addr, transport string, mustConnect bool) Creator {
+	return func(log.Logger) (Client, error) {
+		remoteApp, err := NewClient(logger, addr, transport, mustConnect)
+		if err != nil {
+			return nil, fmt.Errorf("failed to connect to proxy: %w", err)
+		}
+
+		return remoteApp, nil
+	}
+}
--- a/abci/client/doc.go
+++ b/abci/client/doc.go
@@ -1,4 +1,4 @@
-// Package abcicli provides an ABCI implementation in Go.
+// Package abciclient provides an ABCI implementation in Go.
 //
 // There are 3 clients available:
 //		1. socket (unix or TCP)
@@ -26,4 +26,4 @@
 //
 // sync: waits for all Async calls to complete (essentially what Flush does in
 // the socket client) and calls Sync method.
-package abcicli
+package abciclient
--- a/abci/client/grpc_client.go
+++ b/abci/client/grpc_client.go
@@ -1,4 +1,4 @@
-package abcicli
+package abciclient

 import (
 	"context"
@@ -11,6 +11,7 @@ import (

 	"github.com/tendermint/tendermint/abci/types"
 	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
+	"github.com/tendermint/tendermint/libs/log"
 	tmnet "github.com/tendermint/tendermint/libs/net"
 	"github.com/tendermint/tendermint/libs/service"
 )
@@ -24,7 +25,7 @@ type grpcClient struct {
 	conn     *grpc.ClientConn
 	chReqRes chan *ReqRes // dispatches "async" responses to callbacks *in order*, needed by mempool

-	mtx   tmsync.RWMutex
+	mtx   tmsync.Mutex
 	addr  string
 	err   error
 	resCb func(*types.Request, *types.Response) // listens to all callbacks
@@ -42,7 +43,7 @@ var _ Client = (*grpcClient)(nil)
 // which is expensive, but easy - if you want something better, use the socket
 // protocol! maybe one day, if people really want it, we use grpc streams, but
 // hopefully not :D
-func NewGRPCClient(addr string, mustConnect bool) Client {
+func NewGRPCClient(logger log.Logger, addr string, mustConnect bool) Client {
 	cli := &grpcClient{
 		addr:        addr,
 		mustConnect: mustConnect,
@@ -54,7 +55,7 @@ func NewGRPCClient(addr string, mustConnect bool) Client {
 		// gRPC calls while processing a slow callback at the channel head.
 		chReqRes: make(chan *ReqRes, 64),
 	}
-	cli.BaseService = *service.NewBaseService(nil, "grpcClient", cli)
+	cli.BaseService = *service.NewBaseService(logger, "grpcClient", cli)
 	return cli
 }

@@ -62,7 +63,7 @@ func dialerFunc(ctx context.Context, addr string) (net.Conn, error) {
 	return tmnet.Connect(addr)
 }

-func (cli *grpcClient) OnStart() error {
+func (cli *grpcClient) OnStart(ctx context.Context) error {
 	// This processes asynchronous request/response messages and dispatches
 	// them to callbacks.
 	go func() {
@@ -149,8 +150,8 @@ func (cli *grpcClient) StopForError(err error) {
 }

 func (cli *grpcClient) Error() error {
-	cli.mtx.RLock()
-	defer cli.mtx.RUnlock()
+	cli.mtx.Lock()
+	defer cli.mtx.Unlock()
 	return cli.err
 }

@@ -158,8 +159,8 @@ func (cli *grpcClient) Error() error {
 // NOTE: callback may get internally generated flush responses.
 func (cli *grpcClient) SetResponseCallback(resCb Callback) {
 	cli.mtx.Lock()
-	defer cli.mtx.Unlock()
 	cli.resCb = resCb
+	cli.mtx.Unlock()
 }

 //----------------------------------------
--- a/abci/client/local_client.go
+++ b/abci/client/local_client.go
@@ -1,4 +1,4 @@
-package abcicli
+package abciclient

 import (
 	"context"
@@ -15,7 +15,7 @@ import (
 type localClient struct {
 	service.BaseService

-	mtx *tmsync.RWMutex
+	mtx *tmsync.Mutex
 	types.Application
 	Callback
 }
@@ -26,24 +26,22 @@ var _ Client = (*localClient)(nil)
 // methods of the given app.
 //
 // Both Async and Sync methods ignore the given context.Context parameter.
-func NewLocalClient(mtx *tmsync.RWMutex, app types.Application) Client {
+func NewLocalClient(mtx *tmsync.Mutex, app types.Application) Client {
 	if mtx == nil {
-		mtx = &tmsync.RWMutex{}
+		mtx = new(tmsync.Mutex)
 	}
-
 	cli := &localClient{
 		mtx:         mtx,
 		Application: app,
 	}
-
 	cli.BaseService = *service.NewBaseService(nil, "localClient", cli)
 	return cli
 }

 func (app *localClient) SetResponseCallback(cb Callback) {
 	app.mtx.Lock()
-	defer app.mtx.Unlock()
 	app.Callback = cb
+	app.mtx.Unlock()
 }

 // TODO: change types.Application to include Error()?
@@ -67,8 +65,8 @@ func (app *localClient) EchoAsync(ctx context.Context, msg string) (*ReqRes, err
 }

 func (app *localClient) InfoAsync(ctx context.Context, req types.RequestInfo) (*ReqRes, error) {
-	app.mtx.RLock()
-	defer app.mtx.RUnlock()
+	app.mtx.Lock()
+	defer app.mtx.Unlock()

 	res := app.Application.Info(req)
 	return app.callback(
@@ -100,8 +98,8 @@ func (app *localClient) CheckTxAsync(ctx context.Context, req types.RequestCheck
 }

 func (app *localClient) QueryAsync(ctx context.Context, req types.RequestQuery) (*ReqRes, error) {
-	app.mtx.RLock()
-	defer app.mtx.RUnlock()
+	app.mtx.Lock()
+	defer app.mtx.Unlock()

 	res := app.Application.Query(req)
 	return app.callback(
@@ -215,8 +213,8 @@ func (app *localClient) EchoSync(ctx context.Context, msg string) (*types.Respon
 }

 func (app *localClient) InfoSync(ctx context.Context, req types.RequestInfo) (*types.ResponseInfo, error) {
-	app.mtx.RLock()
-	defer app.mtx.RUnlock()
+	app.mtx.Lock()
+	defer app.mtx.Unlock()

 	res := app.Application.Info(req)
 	return &res, nil
@@ -249,8 +247,8 @@ func (app *localClient) QuerySync(
 	ctx context.Context,
 	req types.RequestQuery,
 ) (*types.ResponseQuery, error) {
-	app.mtx.RLock()
-	defer app.mtx.RUnlock()
+	app.mtx.Lock()
+	defer app.mtx.Unlock()

 	res := app.Application.Query(req)
 	return &res, nil
--- a/abci/client/mocks/client.go
+++ b/abci/client/mocks/client.go
@@ -5,9 +5,7 @@ package mocks
 import (
 	context "context"

-	abcicli "github.com/tendermint/tendermint/abci/client"
-
-	log "github.com/tendermint/tendermint/libs/log"
+	abciclient "github.com/tendermint/tendermint/abci/client"

 	mock "github.com/stretchr/testify/mock"

@@ -20,15 +18,15 @@ type Client struct {
 }

 // ApplySnapshotChunkAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) ApplySnapshotChunkAsync(_a0 context.Context, _a1 types.RequestApplySnapshotChunk) (*abcicli.ReqRes, error) {
+func (_m *Client) ApplySnapshotChunkAsync(_a0 context.Context, _a1 types.RequestApplySnapshotChunk) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestApplySnapshotChunk) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestApplySnapshotChunk) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -66,15 +64,15 @@ func (_m *Client) ApplySnapshotChunkSync(_a0 context.Context, _a1 types.RequestA
 }

 // BeginBlockAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) BeginBlockAsync(_a0 context.Context, _a1 types.RequestBeginBlock) (*abcicli.ReqRes, error) {
+func (_m *Client) BeginBlockAsync(_a0 context.Context, _a1 types.RequestBeginBlock) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestBeginBlock) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestBeginBlock) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -112,15 +110,15 @@ func (_m *Client) BeginBlockSync(_a0 context.Context, _a1 types.RequestBeginBloc
 }

 // CheckTxAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) CheckTxAsync(_a0 context.Context, _a1 types.RequestCheckTx) (*abcicli.ReqRes, error) {
+func (_m *Client) CheckTxAsync(_a0 context.Context, _a1 types.RequestCheckTx) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestCheckTx) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestCheckTx) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -158,15 +156,15 @@ func (_m *Client) CheckTxSync(_a0 context.Context, _a1 types.RequestCheckTx) (*t
 }

 // CommitAsync provides a mock function with given fields: _a0
-func (_m *Client) CommitAsync(_a0 context.Context) (*abcicli.ReqRes, error) {
+func (_m *Client) CommitAsync(_a0 context.Context) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context) *abciclient.ReqRes); ok {
 		r0 = rf(_a0)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -204,15 +202,15 @@ func (_m *Client) CommitSync(_a0 context.Context) (*types.ResponseCommit, error)
 }

 // DeliverTxAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) DeliverTxAsync(_a0 context.Context, _a1 types.RequestDeliverTx) (*abcicli.ReqRes, error) {
+func (_m *Client) DeliverTxAsync(_a0 context.Context, _a1 types.RequestDeliverTx) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestDeliverTx) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestDeliverTx) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -250,15 +248,15 @@ func (_m *Client) DeliverTxSync(_a0 context.Context, _a1 types.RequestDeliverTx)
 }

 // EchoAsync provides a mock function with given fields: ctx, msg
-func (_m *Client) EchoAsync(ctx context.Context, msg string) (*abcicli.ReqRes, error) {
+func (_m *Client) EchoAsync(ctx context.Context, msg string) (*abciclient.ReqRes, error) {
 	ret := _m.Called(ctx, msg)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, string) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, string) *abciclient.ReqRes); ok {
 		r0 = rf(ctx, msg)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -296,15 +294,15 @@ func (_m *Client) EchoSync(ctx context.Context, msg string) (*types.ResponseEcho
 }

 // EndBlockAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) EndBlockAsync(_a0 context.Context, _a1 types.RequestEndBlock) (*abcicli.ReqRes, error) {
+func (_m *Client) EndBlockAsync(_a0 context.Context, _a1 types.RequestEndBlock) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestEndBlock) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestEndBlock) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -356,15 +354,15 @@ func (_m *Client) Error() error {
 }

 // FlushAsync provides a mock function with given fields: _a0
-func (_m *Client) FlushAsync(_a0 context.Context) (*abcicli.ReqRes, error) {
+func (_m *Client) FlushAsync(_a0 context.Context) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context) *abciclient.ReqRes); ok {
 		r0 = rf(_a0)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -393,15 +391,15 @@ func (_m *Client) FlushSync(_a0 context.Context) error {
 }

 // InfoAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) InfoAsync(_a0 context.Context, _a1 types.RequestInfo) (*abcicli.ReqRes, error) {
+func (_m *Client) InfoAsync(_a0 context.Context, _a1 types.RequestInfo) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestInfo) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestInfo) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -439,15 +437,15 @@ func (_m *Client) InfoSync(_a0 context.Context, _a1 types.RequestInfo) (*types.R
 }

 // InitChainAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) InitChainAsync(_a0 context.Context, _a1 types.RequestInitChain) (*abcicli.ReqRes, error) {
+func (_m *Client) InitChainAsync(_a0 context.Context, _a1 types.RequestInitChain) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestInitChain) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestInitChain) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -499,15 +497,15 @@ func (_m *Client) IsRunning() bool {
 }

 // ListSnapshotsAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) ListSnapshotsAsync(_a0 context.Context, _a1 types.RequestListSnapshots) (*abcicli.ReqRes, error) {
+func (_m *Client) ListSnapshotsAsync(_a0 context.Context, _a1 types.RequestListSnapshots) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestListSnapshots) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestListSnapshots) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -545,15 +543,15 @@ func (_m *Client) ListSnapshotsSync(_a0 context.Context, _a1 types.RequestListSn
 }

 // LoadSnapshotChunkAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) LoadSnapshotChunkAsync(_a0 context.Context, _a1 types.RequestLoadSnapshotChunk) (*abcicli.ReqRes, error) {
+func (_m *Client) LoadSnapshotChunkAsync(_a0 context.Context, _a1 types.RequestLoadSnapshotChunk) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestLoadSnapshotChunk) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestLoadSnapshotChunk) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -591,15 +589,15 @@ func (_m *Client) LoadSnapshotChunkSync(_a0 context.Context, _a1 types.RequestLo
 }

 // OfferSnapshotAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) OfferSnapshotAsync(_a0 context.Context, _a1 types.RequestOfferSnapshot) (*abcicli.ReqRes, error) {
+func (_m *Client) OfferSnapshotAsync(_a0 context.Context, _a1 types.RequestOfferSnapshot) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestOfferSnapshot) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestOfferSnapshot) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -636,49 +634,16 @@ func (_m *Client) OfferSnapshotSync(_a0 context.Context, _a1 types.RequestOfferS
 	return r0, r1
 }

-// OnReset provides a mock function with given fields:
-func (_m *Client) OnReset() error {
-	ret := _m.Called()
-
-	var r0 error
-	if rf, ok := ret.Get(0).(func() error); ok {
-		r0 = rf()
-	} else {
-		r0 = ret.Error(0)
-	}
-
-	return r0
-}
-
-// OnStart provides a mock function with given fields:
-func (_m *Client) OnStart() error {
-	ret := _m.Called()
-
-	var r0 error
-	if rf, ok := ret.Get(0).(func() error); ok {
-		r0 = rf()
-	} else {
-		r0 = ret.Error(0)
-	}
-
-	return r0
-}
-
-// OnStop provides a mock function with given fields:
-func (_m *Client) OnStop() {
-	_m.Called()
-}
-
 // QueryAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) QueryAsync(_a0 context.Context, _a1 types.RequestQuery) (*abcicli.ReqRes, error) {
+func (_m *Client) QueryAsync(_a0 context.Context, _a1 types.RequestQuery) (*abciclient.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)

-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestQuery) *abcicli.ReqRes); ok {
+	var r0 *abciclient.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestQuery) *abciclient.ReqRes); ok {
 		r0 = rf(_a0, _a1)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
+			r0 = ret.Get(0).(*abciclient.ReqRes)
 		}
 	}

@@ -731,51 +696,18 @@ func (_m *Client) Quit() <-chan struct{} {
 	return r0
 }

-// Reset provides a mock function with given fields:
-func (_m *Client) Reset() error {
-	ret := _m.Called()
-
-	var r0 error
-	if rf, ok := ret.Get(0).(func() error); ok {
-		r0 = rf()
-	} else {
-		r0 = ret.Error(0)
-	}
-
-	return r0
-}
-
-// SetLogger provides a mock function with given fields: _a0
-func (_m *Client) SetLogger(_a0 log.Logger) {
-	_m.Called(_a0)
-}
-
 // SetResponseCallback provides a mock function with given fields: _a0
-func (_m *Client) SetResponseCallback(_a0 abcicli.Callback) {
+func (_m *Client) SetResponseCallback(_a0 abciclient.Callback) {
 	_m.Called(_a0)
 }

-// Start provides a mock function with given fields:
-func (_m *Client) Start() error {
-	ret := _m.Called()
+// Start provides a mock function with given fields: _a0
+func (_m *Client) Start(_a0 context.Context) error {
+	ret := _m.Called(_a0)

 	var r0 error
-	if rf, ok := ret.Get(0).(func() error); ok {
-		r0 = rf()
-	} else {
-		r0 = ret.Error(0)
-	}
-
-	return r0
-}
-
-// Stop provides a mock function with given fields:
-func (_m *Client) Stop() error {
-	ret := _m.Called()
-
-	var r0 error
-	if rf, ok := ret.Get(0).(func() error); ok {
-		r0 = rf()
+	if rf, ok := ret.Get(0).(func(context.Context) error); ok {
+		r0 = rf(_a0)
 	} else {
 		r0 = ret.Error(0)
 	}
--- a/abci/client/socket_client.go
+++ b/abci/client/socket_client.go
@@ -1,4 +1,4 @@
-package abcicli
+package abciclient

 import (
 	"bufio"
@@ -13,7 +13,7 @@ import (

 	"github.com/tendermint/tendermint/abci/types"
 	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
-	"github.com/tendermint/tendermint/internal/libs/timer"
+	"github.com/tendermint/tendermint/libs/log"
 	tmnet "github.com/tendermint/tendermint/libs/net"
 	"github.com/tendermint/tendermint/libs/service"
 )
@@ -22,8 +22,6 @@ const (
 	// reqQueueSize is the max number of queued async requests.
 	// (memory: 256MB max assuming 1MB transactions)
 	reqQueueSize = 256
-	// Don't wait longer than...
-	flushThrottleMS = 20
 )

 type reqResWithContext struct {
@@ -40,10 +38,9 @@ type socketClient struct {
 	mustConnect bool
 	conn        net.Conn

-	reqQueue   chan *reqResWithContext
-	flushTimer *timer.ThrottleTimer
+	reqQueue chan *reqResWithContext

-	mtx     tmsync.RWMutex
+	mtx     tmsync.Mutex
 	err     error
 	reqSent *list.List                            // list of requests sent, waiting for response
 	resCb   func(*types.Request, *types.Response) // called on all requests, if set.
@@ -54,23 +51,22 @@ var _ Client = (*socketClient)(nil)
 // NewSocketClient creates a new socket client, which connects to a given
 // address. If mustConnect is true, the client will return an error upon start
 // if it fails to connect.
-func NewSocketClient(addr string, mustConnect bool) Client {
+func NewSocketClient(logger log.Logger, addr string, mustConnect bool) Client {
 	cli := &socketClient{
 		reqQueue:    make(chan *reqResWithContext, reqQueueSize),
-		flushTimer:  timer.NewThrottleTimer("socketClient", flushThrottleMS),
 		mustConnect: mustConnect,

 		addr:    addr,
 		reqSent: list.New(),
 		resCb:   nil,
 	}
-	cli.BaseService = *service.NewBaseService(nil, "socketClient", cli)
+	cli.BaseService = *service.NewBaseService(logger, "socketClient", cli)
 	return cli
 }

 // OnStart implements Service by connecting to the server and spawning reading
 // and writing goroutines.
-func (cli *socketClient) OnStart() error {
+func (cli *socketClient) OnStart(ctx context.Context) error {
 	var (
 		err  error
 		conn net.Conn
@@ -89,8 +85,8 @@ func (cli *socketClient) OnStart() error {
 		}
 		cli.conn = conn

-		go cli.sendRequestsRoutine(conn)
-		go cli.recvResponseRoutine(conn)
+		go cli.sendRequestsRoutine(ctx, conn)
+		go cli.recvResponseRoutine(ctx, conn)

 		return nil
 	}
@@ -102,14 +98,13 @@ func (cli *socketClient) OnStop() {
 		cli.conn.Close()
 	}

-	cli.flushQueue()
-	cli.flushTimer.Stop()
+	cli.drainQueue()
 }

 // Error returns an error if the client was stopped abruptly.
 func (cli *socketClient) Error() error {
-	cli.mtx.RLock()
-	defer cli.mtx.RUnlock()
+	cli.mtx.Lock()
+	defer cli.mtx.Unlock()
 	return cli.err
 }

@@ -125,48 +120,43 @@ func (cli *socketClient) SetResponseCallback(resCb Callback) {

 //----------------------------------------

-func (cli *socketClient) sendRequestsRoutine(conn io.Writer) {
-	w := bufio.NewWriter(conn)
+func (cli *socketClient) sendRequestsRoutine(ctx context.Context, conn io.Writer) {
+	bw := bufio.NewWriter(conn)
 	for {
 		select {
+		case <-ctx.Done():
+			return
+		case <-cli.Quit():
+			return
 		case reqres := <-cli.reqQueue:
-			// cli.Logger.Debug("Sent request", "requestType", reflect.TypeOf(reqres.Request), "request", reqres.Request)
+			if ctx.Err() != nil {
+				return
+			}

 			if reqres.C.Err() != nil {
 				cli.Logger.Debug("Request's context is done", "req", reqres.R, "err", reqres.C.Err())
 				continue
 			}
-
 			cli.willSendReq(reqres.R)
-			err := types.WriteMessage(reqres.R.Request, w)
-			if err != nil {
+
+			if err := types.WriteMessage(reqres.R.Request, bw); err != nil {
 				cli.stopForError(fmt.Errorf("write to buffer: %w", err))
 				return
 			}
-
-			// If it's a flush request, flush the current buffer.
-			if _, ok := reqres.R.Request.Value.(*types.Request_Flush); ok {
-				err = w.Flush()
-				if err != nil {
-					cli.stopForError(fmt.Errorf("flush buffer: %w", err))
-					return
-				}
+			if err := bw.Flush(); err != nil {
+				cli.stopForError(fmt.Errorf("flush buffer: %w", err))
+				return
 			}
-		case <-cli.flushTimer.Ch: // flush queue
-			select {
-			case cli.reqQueue <- &reqResWithContext{R: NewReqRes(types.ToRequestFlush()), C: context.Background()}:
-			default:
-				// Probably will fill the buffer, or retry later.
-			}
-		case <-cli.Quit():
-			return
 		}
 	}
 }

-func (cli *socketClient) recvResponseRoutine(conn io.Reader) {
+func (cli *socketClient) recvResponseRoutine(ctx context.Context, conn io.Reader) {
 	r := bufio.NewReader(conn)
 	for {
+		if ctx.Err() != nil {
+			return
+		}
 		var res = &types.Response{}
 		err := types.ReadMessage(r, res)
 		if err != nil {
@@ -492,14 +482,6 @@ func (cli *socketClient) queueRequest(ctx context.Context, req *types.Request, s
 		}
 	}

-	// Maybe auto-flush, or unset auto-flush
-	switch req.Value.(type) {
-	case *types.Request_Flush:
-		cli.flushTimer.Unset()
-	default:
-		cli.flushTimer.Set()
-	}
-
 	return reqres, nil
 }

@@ -537,7 +519,9 @@ func queueErr(e error) error {
 	return fmt.Errorf("can't queue req: %w", e)
 }

-func (cli *socketClient) flushQueue() {
+// drainQueue marks as complete and discards all remaining pending requests
+// from the queue.
+func (cli *socketClient) drainQueue() {
 	cli.mtx.Lock()
 	defer cli.mtx.Unlock()

@@ -547,14 +531,17 @@ func (cli *socketClient) flushQueue() {
 		reqres.Done()
 	}

-	// mark all queued messages as resolved
-LOOP:
+	// Mark all queued messages as resolved.
+	//
+	// TODO(creachadair): We can't simply range the channel, because it is never
+	// closed, and the writer continues to add work.
+	// See https://github.com/tendermint/tendermint/issues/6996.
 	for {
 		select {
 		case reqres := <-cli.reqQueue:
 			reqres.R.Done()
 		default:
-			break LOOP
+			return
 		}
 	}
 }
--- a/abci/client/socket_client_test.go
+++ b/abci/client/socket_client_test.go
@@ -1,4 +1,4 @@
-package abcicli_test
+package abciclient_test

 import (
 	"context"
@@ -11,35 +11,28 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	abcicli "github.com/tendermint/tendermint/abci/client"
+	abciclient "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/server"
 	"github.com/tendermint/tendermint/abci/types"
+	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/libs/service"
 )

-var ctx = context.Background()
-
 func TestProperSyncCalls(t *testing.T) {
-	app := slowApp{}
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()

-	s, c := setupClientServer(t, app)
-	t.Cleanup(func() {
-		if err := s.Stop(); err != nil {
-			t.Error(err)
-		}
-	})
-	t.Cleanup(func() {
-		if err := c.Stop(); err != nil {
-			t.Error(err)
-		}
-	})
+	app := slowApp{}
+	logger := log.TestingLogger()
+
+	_, c := setupClientServer(ctx, t, logger, app)

 	resp := make(chan error, 1)
 	go func() {
 		// This is BeginBlockSync unrolled....
 		reqres, err := c.BeginBlockAsync(ctx, types.RequestBeginBlock{})
 		assert.NoError(t, err)
-		err = c.FlushSync(context.Background())
+		err = c.FlushSync(ctx)
 		assert.NoError(t, err)
 		res := reqres.Response.GetBeginBlock()
 		assert.NotNil(t, res)
@@ -55,64 +48,29 @@ func TestProperSyncCalls(t *testing.T) {
 	}
 }

-func TestHangingSyncCalls(t *testing.T) {
-	app := slowApp{}
+func setupClientServer(
+	ctx context.Context,
+	t *testing.T,
+	logger log.Logger,
+	app types.Application,
+) (service.Service, abciclient.Client) {
+	t.Helper()

-	s, c := setupClientServer(t, app)
-	t.Cleanup(func() {
-		if err := s.Stop(); err != nil {
-			t.Log(err)
-		}
-	})
-	t.Cleanup(func() {
-		if err := c.Stop(); err != nil {
-			t.Log(err)
-		}
-	})
-
-	resp := make(chan error, 1)
-	go func() {
-		// Start BeginBlock and flush it
-		reqres, err := c.BeginBlockAsync(ctx, types.RequestBeginBlock{})
-		assert.NoError(t, err)
-		flush, err := c.FlushAsync(ctx)
-		assert.NoError(t, err)
-		// wait 20 ms for all events to travel socket, but
-		// no response yet from server
-		time.Sleep(20 * time.Millisecond)
-		// kill the server, so the connections break
-		err = s.Stop()
-		assert.NoError(t, err)
-
-		// wait for the response from BeginBlock
-		reqres.Wait()
-		flush.Wait()
-		resp <- c.Error()
-	}()
-
-	select {
-	case <-time.After(time.Second):
-		require.Fail(t, "No response arrived")
-	case err, ok := <-resp:
-		require.True(t, ok, "Must not close channel")
-		assert.Error(t, err, "We should get EOF error")
-	}
-}
-
-func setupClientServer(t *testing.T, app types.Application) (
-	service.Service, abcicli.Client) {
 	// some port between 20k and 30k
 	port := 20000 + rand.Int31()%10000
 	addr := fmt.Sprintf("localhost:%d", port)

-	s, err := server.NewServer(addr, "socket", app)
-	require.NoError(t, err)
-	err = s.Start()
+	s, err := server.NewServer(logger, addr, "socket", app)
 	require.NoError(t, err)
+	require.NoError(t, s.Start(ctx))
+	t.Cleanup(s.Wait)

-	c := abcicli.NewSocketClient(addr, true)
-	err = c.Start()
-	require.NoError(t, err)
+	c := abciclient.NewSocketClient(logger, addr, true)
+	require.NoError(t, c.Start(ctx))
+	t.Cleanup(c.Wait)
+
+	require.True(t, s.IsRunning())
+	require.True(t, c.IsRunning())

 	return s, c
 }
--- a/abci/cmd/abci-cli/abci-cli.go
+++ b/abci/cmd/abci-cli/abci-cli.go
@@ -2,20 +2,20 @@ package main

 import (
 	"bufio"
-	"context"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
 	"os"
+	"os/signal"
 	"strings"
+	"syscall"

 	"github.com/spf13/cobra"

 	"github.com/tendermint/tendermint/libs/log"
-	tmos "github.com/tendermint/tendermint/libs/os"

-	abcicli "github.com/tendermint/tendermint/abci/client"
+	abciclient "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/example/code"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	"github.com/tendermint/tendermint/abci/server"
@@ -27,10 +27,8 @@ import (

 // client is a global variable so it can be reused by the console
 var (
-	client abcicli.Client
+	client abciclient.Client
 	logger log.Logger
-
-	ctx = context.Background()
 )

 // flags
@@ -67,12 +65,12 @@ var RootCmd = &cobra.Command{

 		if client == nil {
 			var err error
-			client, err = abcicli.NewClient(flagAddress, flagAbci, false)
+			client, err = abciclient.NewClient(logger.With("module", "abci-client"), flagAddress, flagAbci, false)
 			if err != nil {
 				return err
 			}
-			client.SetLogger(logger.With("module", "abci-client"))
-			if err := client.Start(); err != nil {
+
+			if err := client.Start(cmd.Context()); err != nil {
 				return err
 			}
 		}
@@ -292,23 +290,24 @@ func compose(fs []func() error) error {
 }

 func cmdTest(cmd *cobra.Command, args []string) error {
+	ctx := cmd.Context()
 	return compose(
 		[]func() error{
-			func() error { return servertest.InitChain(client) },
-			func() error { return servertest.Commit(client, nil) },
-			func() error { return servertest.DeliverTx(client, []byte("abc"), code.CodeTypeBadNonce, nil) },
-			func() error { return servertest.Commit(client, nil) },
-			func() error { return servertest.DeliverTx(client, []byte{0x00}, code.CodeTypeOK, nil) },
-			func() error { return servertest.Commit(client, []byte{0, 0, 0, 0, 0, 0, 0, 1}) },
-			func() error { return servertest.DeliverTx(client, []byte{0x00}, code.CodeTypeBadNonce, nil) },
-			func() error { return servertest.DeliverTx(client, []byte{0x01}, code.CodeTypeOK, nil) },
-			func() error { return servertest.DeliverTx(client, []byte{0x00, 0x02}, code.CodeTypeOK, nil) },
-			func() error { return servertest.DeliverTx(client, []byte{0x00, 0x03}, code.CodeTypeOK, nil) },
-			func() error { return servertest.DeliverTx(client, []byte{0x00, 0x00, 0x04}, code.CodeTypeOK, nil) },
+			func() error { return servertest.InitChain(ctx, client) },
+			func() error { return servertest.Commit(ctx, client, nil) },
+			func() error { return servertest.DeliverTx(ctx, client, []byte("abc"), code.CodeTypeBadNonce, nil) },
+			func() error { return servertest.Commit(ctx, client, nil) },
+			func() error { return servertest.DeliverTx(ctx, client, []byte{0x00}, code.CodeTypeOK, nil) },
+			func() error { return servertest.Commit(ctx, client, []byte{0, 0, 0, 0, 0, 0, 0, 1}) },
+			func() error { return servertest.DeliverTx(ctx, client, []byte{0x00}, code.CodeTypeBadNonce, nil) },
+			func() error { return servertest.DeliverTx(ctx, client, []byte{0x01}, code.CodeTypeOK, nil) },
+			func() error { return servertest.DeliverTx(ctx, client, []byte{0x00, 0x02}, code.CodeTypeOK, nil) },
+			func() error { return servertest.DeliverTx(ctx, client, []byte{0x00, 0x03}, code.CodeTypeOK, nil) },
+			func() error { return servertest.DeliverTx(ctx, client, []byte{0x00, 0x00, 0x04}, code.CodeTypeOK, nil) },
 			func() error {
-				return servertest.DeliverTx(client, []byte{0x00, 0x00, 0x06}, code.CodeTypeBadNonce, nil)
+				return servertest.DeliverTx(ctx, client, []byte{0x00, 0x00, 0x06}, code.CodeTypeBadNonce, nil)
 			},
-			func() error { return servertest.Commit(client, []byte{0, 0, 0, 0, 0, 0, 0, 5}) },
+			func() error { return servertest.Commit(ctx, client, []byte{0, 0, 0, 0, 0, 0, 0, 5}) },
 		})
 }

@@ -443,13 +442,15 @@ func cmdEcho(cmd *cobra.Command, args []string) error {
 	if len(args) > 0 {
 		msg = args[0]
 	}
-	res, err := client.EchoSync(ctx, msg)
+	res, err := client.EchoSync(cmd.Context(), msg)
 	if err != nil {
 		return err
 	}
+
 	printResponse(cmd, args, response{
 		Data: []byte(res.Message),
 	})
+
 	return nil
 }

@@ -459,7 +460,7 @@ func cmdInfo(cmd *cobra.Command, args []string) error {
 	if len(args) == 1 {
 		version = args[0]
 	}
-	res, err := client.InfoSync(ctx, types.RequestInfo{Version: version})
+	res, err := client.InfoSync(cmd.Context(), types.RequestInfo{Version: version})
 	if err != nil {
 		return err
 	}
@@ -484,7 +485,7 @@ func cmdDeliverTx(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	res, err := client.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: txBytes})
+	res, err := client.DeliverTxSync(cmd.Context(), types.RequestDeliverTx{Tx: txBytes})
 	if err != nil {
 		return err
 	}
@@ -510,7 +511,7 @@ func cmdCheckTx(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	res, err := client.CheckTxSync(ctx, types.RequestCheckTx{Tx: txBytes})
+	res, err := client.CheckTxSync(cmd.Context(), types.RequestCheckTx{Tx: txBytes})
 	if err != nil {
 		return err
 	}
@@ -525,7 +526,7 @@ func cmdCheckTx(cmd *cobra.Command, args []string) error {

 // Get application Merkle root hash
 func cmdCommit(cmd *cobra.Command, args []string) error {
-	res, err := client.CommitSync(ctx)
+	res, err := client.CommitSync(cmd.Context())
 	if err != nil {
 		return err
 	}
@@ -550,7 +551,7 @@ func cmdQuery(cmd *cobra.Command, args []string) error {
 		return err
 	}

-	resQuery, err := client.QuerySync(ctx, types.RequestQuery{
+	resQuery, err := client.QuerySync(cmd.Context(), types.RequestQuery{
 		Data:   queryBytes,
 		Path:   flagPath,
 		Height: int64(flagHeight),
@@ -586,25 +587,21 @@ func cmdKVStore(cmd *cobra.Command, args []string) error {
 	}

 	// Start the listener
-	srv, err := server.NewServer(flagAddress, flagAbci, app)
+	srv, err := server.NewServer(logger.With("module", "abci-server"), flagAddress, flagAbci, app)
 	if err != nil {
 		return err
 	}
-	srv.SetLogger(logger.With("module", "abci-server"))
-	if err := srv.Start(); err != nil {
+
+	ctx, cancel := signal.NotifyContext(cmd.Context(), syscall.SIGTERM)
+	defer cancel()
+
+	if err := srv.Start(ctx); err != nil {
 		return err
 	}

-	// Stop upon receiving SIGTERM or CTRL-C.
-	tmos.TrapSignal(logger, func() {
-		// Cleanup
-		if err := srv.Stop(); err != nil {
-			logger.Error("Error while stopping server", "err", err)
-		}
-	})
-
 	// Run forever.
-	select {}
+	<-ctx.Done()
+	return nil
 }

 //--------------------------------------------------------------------------------
--- a/abci/example/example_test.go
+++ b/abci/example/example_test.go
@@ -17,7 +17,7 @@ import (
 	"github.com/tendermint/tendermint/libs/log"
 	tmnet "github.com/tendermint/tendermint/libs/net"

-	abcicli "github.com/tendermint/tendermint/abci/client"
+	abciclient "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/example/code"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abciserver "github.com/tendermint/tendermint/abci/server"
@@ -29,47 +29,48 @@ func init() {
 }

 func TestKVStore(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
 	fmt.Println("### Testing KVStore")
-	testStream(t, kvstore.NewApplication())
+	testStream(ctx, t, kvstore.NewApplication())
 }

 func TestBaseApp(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	fmt.Println("### Testing BaseApp")
-	testStream(t, types.NewBaseApplication())
+	testStream(ctx, t, types.NewBaseApplication())
 }

 func TestGRPC(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
 	fmt.Println("### Testing GRPC")
-	testGRPCSync(t, types.NewGRPCApplication(types.NewBaseApplication()))
+	testGRPCSync(ctx, t, types.NewGRPCApplication(types.NewBaseApplication()))
 }

-func testStream(t *testing.T, app types.Application) {
+func testStream(ctx context.Context, t *testing.T, app types.Application) {
+	t.Helper()
+
 	const numDeliverTxs = 20000
 	socketFile := fmt.Sprintf("test-%08x.sock", rand.Int31n(1<<30))
 	defer os.Remove(socketFile)
 	socket := fmt.Sprintf("unix://%v", socketFile)
-
+	logger := log.TestingLogger()
 	// Start the listener
-	server := abciserver.NewSocketServer(socket, app)
-	server.SetLogger(log.TestingLogger().With("module", "abci-server"))
-	err := server.Start()
+	server := abciserver.NewSocketServer(logger.With("module", "abci-server"), socket, app)
+	t.Cleanup(server.Wait)
+	err := server.Start(ctx)
 	require.NoError(t, err)
-	t.Cleanup(func() {
-		if err := server.Stop(); err != nil {
-			t.Error(err)
-		}
-	})

 	// Connect to the socket
-	client := abcicli.NewSocketClient(socket, false)
-	client.SetLogger(log.TestingLogger().With("module", "abci-client"))
-	err = client.Start()
+	client := abciclient.NewSocketClient(log.TestingLogger().With("module", "abci-client"), socket, false)
+	t.Cleanup(client.Wait)
+
+	err = client.Start(ctx)
 	require.NoError(t, err)
-	t.Cleanup(func() {
-		if err := client.Stop(); err != nil {
-			t.Error(err)
-		}
-	})

 	done := make(chan struct{})
 	counter := 0
@@ -98,8 +99,6 @@ func testStream(t *testing.T, app types.Application) {
 		}
 	})

-	ctx := context.Background()
-
 	// Write requests
 	for counter := 0; counter < numDeliverTxs; counter++ {
 		// Send request
@@ -127,24 +126,20 @@ func dialerFunc(ctx context.Context, addr string) (net.Conn, error) {
 	return tmnet.Connect(addr)
 }

-func testGRPCSync(t *testing.T, app types.ABCIApplicationServer) {
+func testGRPCSync(ctx context.Context, t *testing.T, app types.ABCIApplicationServer) {
 	numDeliverTxs := 2000
-	socketFile := fmt.Sprintf("test-%08x.sock", rand.Int31n(1<<30))
+	socketFile := fmt.Sprintf("/tmp/test-%08x.sock", rand.Int31n(1<<30))
 	defer os.Remove(socketFile)
 	socket := fmt.Sprintf("unix://%v", socketFile)
-
+	logger := log.TestingLogger()
 	// Start the listener
-	server := abciserver.NewGRPCServer(socket, app)
-	server.SetLogger(log.TestingLogger().With("module", "abci-server"))
-	if err := server.Start(); err != nil {
+	server := abciserver.NewGRPCServer(logger.With("module", "abci-server"), socket, app)
+
+	if err := server.Start(ctx); err != nil {
 		t.Fatalf("Error starting GRPC server: %v", err.Error())
 	}

-	t.Cleanup(func() {
-		if err := server.Stop(); err != nil {
-			t.Error(err)
-		}
-	})
+	t.Cleanup(func() { server.Wait() })

 	// Connect to the socket
 	conn, err := grpc.Dial(socket, grpc.WithInsecure(), grpc.WithContextDialer(dialerFunc))
--- a/abci/example/kvstore/kvstore_test.go
+++ b/abci/example/kvstore/kvstore_test.go
@@ -3,7 +3,7 @@ package kvstore
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"sort"
 	"testing"

@@ -12,7 +12,7 @@ import (
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/libs/service"

-	abcicli "github.com/tendermint/tendermint/abci/client"
+	abciclient "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/example/code"
 	abciserver "github.com/tendermint/tendermint/abci/server"
 	"github.com/tendermint/tendermint/abci/types"
@@ -24,8 +24,6 @@ const (
 	testValue = "def"
 )

-var ctx = context.Background()
-
 func testKVStore(t *testing.T, app types.Application, tx []byte, key, value string) {
 	req := types.RequestDeliverTx{Tx: tx}
 	ar := app.DeliverTx(req)
@@ -74,7 +72,7 @@ func TestKVStoreKV(t *testing.T) {
 }

 func TestPersistentKVStoreKV(t *testing.T) {
-	dir, err := ioutil.TempDir("/tmp", "abci-kvstore-test") // TODO
+	dir, err := os.MkdirTemp("/tmp", "abci-kvstore-test") // TODO
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -90,7 +88,7 @@ func TestPersistentKVStoreKV(t *testing.T) {
 }

 func TestPersistentKVStoreInfo(t *testing.T) {
-	dir, err := ioutil.TempDir("/tmp", "abci-kvstore-test") // TODO
+	dir, err := os.MkdirTemp("/tmp", "abci-kvstore-test") // TODO
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -122,7 +120,7 @@ func TestPersistentKVStoreInfo(t *testing.T) {

 // add a validator, remove a validator, update a validator
 func TestValUpdates(t *testing.T) {
-	dir, err := ioutil.TempDir("/tmp", "abci-kvstore-test") // TODO
+	dir, err := os.MkdirTemp("/tmp", "abci-kvstore-test") // TODO
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -229,103 +227,103 @@ func valsEqual(t *testing.T, vals1, vals2 []types.ValidatorUpdate) {
 	}
 }

-func makeSocketClientServer(app types.Application, name string) (abcicli.Client, service.Service, error) {
+func makeSocketClientServer(
+	ctx context.Context,
+	t *testing.T,
+	logger log.Logger,
+	app types.Application,
+	name string,
+) (abciclient.Client, service.Service, error) {
+
+	ctx, cancel := context.WithCancel(ctx)
+	t.Cleanup(cancel)
+
 	// Start the listener
 	socket := fmt.Sprintf("unix://%s.sock", name)
-	logger := log.TestingLogger()

-	server := abciserver.NewSocketServer(socket, app)
-	server.SetLogger(logger.With("module", "abci-server"))
-	if err := server.Start(); err != nil {
+	server := abciserver.NewSocketServer(logger.With("module", "abci-server"), socket, app)
+	if err := server.Start(ctx); err != nil {
+		cancel()
 		return nil, nil, err
 	}

 	// Connect to the socket
-	client := abcicli.NewSocketClient(socket, false)
-	client.SetLogger(logger.With("module", "abci-client"))
-	if err := client.Start(); err != nil {
-		if err = server.Stop(); err != nil {
-			return nil, nil, err
-		}
+	client := abciclient.NewSocketClient(logger.With("module", "abci-client"), socket, false)
+	if err := client.Start(ctx); err != nil {
+		cancel()
 		return nil, nil, err
 	}

 	return client, server, nil
 }

-func makeGRPCClientServer(app types.Application, name string) (abcicli.Client, service.Service, error) {
+func makeGRPCClientServer(
+	ctx context.Context,
+	t *testing.T,
+	logger log.Logger,
+	app types.Application,
+	name string,
+) (abciclient.Client, service.Service, error) {
+	ctx, cancel := context.WithCancel(ctx)
+	t.Cleanup(cancel)
 	// Start the listener
 	socket := fmt.Sprintf("unix://%s.sock", name)
-	logger := log.TestingLogger()

 	gapp := types.NewGRPCApplication(app)
-	server := abciserver.NewGRPCServer(socket, gapp)
-	server.SetLogger(logger.With("module", "abci-server"))
-	if err := server.Start(); err != nil {
+	server := abciserver.NewGRPCServer(logger.With("module", "abci-server"), socket, gapp)
+
+	if err := server.Start(ctx); err != nil {
+		cancel()
 		return nil, nil, err
 	}

-	client := abcicli.NewGRPCClient(socket, true)
-	client.SetLogger(logger.With("module", "abci-client"))
-	if err := client.Start(); err != nil {
-		if err := server.Stop(); err != nil {
-			return nil, nil, err
-		}
+	client := abciclient.NewGRPCClient(logger.With("module", "abci-client"), socket, true)
+
+	if err := client.Start(ctx); err != nil {
+		cancel()
 		return nil, nil, err
 	}
 	return client, server, nil
 }

 func TestClientServer(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	logger := log.TestingLogger()
+
 	// set up socket app
 	kvstore := NewApplication()
-	client, server, err := makeSocketClientServer(kvstore, "kvstore-socket")
+	client, server, err := makeSocketClientServer(ctx, t, logger, kvstore, "kvstore-socket")
 	require.NoError(t, err)
-	t.Cleanup(func() {
-		if err := server.Stop(); err != nil {
-			t.Error(err)
-		}
-	})
-	t.Cleanup(func() {
-		if err := client.Stop(); err != nil {
-			t.Error(err)
-		}
-	})
+	t.Cleanup(func() { cancel(); server.Wait() })
+	t.Cleanup(func() { cancel(); client.Wait() })

-	runClientTests(t, client)
+	runClientTests(ctx, t, client)

 	// set up grpc app
 	kvstore = NewApplication()
-	gclient, gserver, err := makeGRPCClientServer(kvstore, "kvstore-grpc")
+	gclient, gserver, err := makeGRPCClientServer(ctx, t, logger, kvstore, "/tmp/kvstore-grpc")
 	require.NoError(t, err)

-	t.Cleanup(func() {
-		if err := gserver.Stop(); err != nil {
-			t.Error(err)
-		}
-	})
-	t.Cleanup(func() {
-		if err := gclient.Stop(); err != nil {
-			t.Error(err)
-		}
-	})
+	t.Cleanup(func() { cancel(); gserver.Wait() })
+	t.Cleanup(func() { cancel(); gclient.Wait() })

-	runClientTests(t, gclient)
+	runClientTests(ctx, t, gclient)
 }

-func runClientTests(t *testing.T, client abcicli.Client) {
+func runClientTests(ctx context.Context, t *testing.T, client abciclient.Client) {
 	// run some tests....
 	key := testKey
 	value := key
 	tx := []byte(key)
-	testClient(t, client, tx, key, value)
+	testClient(ctx, t, client, tx, key, value)

 	value = testValue
 	tx = []byte(key + "=" + value)
-	testClient(t, client, tx, key, value)
+	testClient(ctx, t, client, tx, key, value)
 }

-func testClient(t *testing.T, app abcicli.Client, tx []byte, key, value string) {
+func testClient(ctx context.Context, t *testing.T, app abciclient.Client, tx []byte, key, value string) {
 	ar, err := app.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: tx})
 	require.NoError(t, err)
 	require.False(t, ar.IsErr(), ar)
--- a/abci/example/kvstore/persistent_kvstore.go
+++ b/abci/example/kvstore/persistent_kvstore.go
@@ -11,9 +11,9 @@ import (

 	"github.com/tendermint/tendermint/abci/example/code"
 	"github.com/tendermint/tendermint/abci/types"
-	cryptoenc "github.com/tendermint/tendermint/crypto/encoding"
+	"github.com/tendermint/tendermint/crypto/encoding"
 	"github.com/tendermint/tendermint/libs/log"
-	pc "github.com/tendermint/tendermint/proto/tendermint/crypto"
+	cryptoproto "github.com/tendermint/tendermint/proto/tendermint/crypto"
 )

 const (
@@ -30,7 +30,7 @@ type PersistentKVStoreApplication struct {
 	// validator set
 	ValUpdates []types.ValidatorUpdate

-	valAddrToPubKeyMap map[string]pc.PublicKey
+	valAddrToPubKeyMap map[string]cryptoproto.PublicKey

 	logger log.Logger
 }
@@ -46,7 +46,7 @@ func NewPersistentKVStoreApplication(dbDir string) *PersistentKVStoreApplication

 	return &PersistentKVStoreApplication{
 		app:                &Application{state: state},
-		valAddrToPubKeyMap: make(map[string]pc.PublicKey),
+		valAddrToPubKeyMap: make(map[string]cryptoproto.PublicKey),
 		logger:             log.NewNopLogger(),
 	}
 }
@@ -194,8 +194,8 @@ func (app *PersistentKVStoreApplication) Validators() (validators []types.Valida
 	return
 }

-func MakeValSetChangeTx(pubkey pc.PublicKey, power int64) []byte {
-	pk, err := cryptoenc.PubKeyFromProto(pubkey)
+func MakeValSetChangeTx(pubkey cryptoproto.PublicKey, power int64) []byte {
+	pk, err := encoding.PubKeyFromProto(pubkey)
 	if err != nil {
 		panic(err)
 	}
@@ -243,7 +243,7 @@ func (app *PersistentKVStoreApplication) execValidatorTx(tx []byte) types.Respon

 // add, update, or remove a validator
 func (app *PersistentKVStoreApplication) updateValidator(v types.ValidatorUpdate) types.ResponseDeliverTx {
-	pubkey, err := cryptoenc.PubKeyFromProto(v.PubKey)
+	pubkey, err := encoding.PubKeyFromProto(v.PubKey)
 	if err != nil {
 		panic(fmt.Errorf("can't decode public key: %w", err))
 	}
--- a/abci/server/grpc_server.go
+++ b/abci/server/grpc_server.go
@@ -1,11 +1,13 @@
 package server

 import (
+	"context"
 	"net"

 	"google.golang.org/grpc"

 	"github.com/tendermint/tendermint/abci/types"
+	"github.com/tendermint/tendermint/libs/log"
 	tmnet "github.com/tendermint/tendermint/libs/net"
 	"github.com/tendermint/tendermint/libs/service"
 )
@@ -22,7 +24,7 @@ type GRPCServer struct {
 }

 // NewGRPCServer returns a new gRPC ABCI server
-func NewGRPCServer(protoAddr string, app types.ABCIApplicationServer) service.Service {
+func NewGRPCServer(logger log.Logger, protoAddr string, app types.ABCIApplicationServer) service.Service {
 	proto, addr := tmnet.ProtocolAndAddress(protoAddr)
 	s := &GRPCServer{
 		proto:    proto,
@@ -30,12 +32,12 @@ func NewGRPCServer(protoAddr string, app types.ABCIApplicationServer) service.Se
 		listener: nil,
 		app:      app,
 	}
-	s.BaseService = *service.NewBaseService(nil, "ABCIServer", s)
+	s.BaseService = *service.NewBaseService(logger, "ABCIServer", s)
 	return s
 }

 // OnStart starts the gRPC service.
-func (s *GRPCServer) OnStart() error {
+func (s *GRPCServer) OnStart(ctx context.Context) error {

 	ln, err := net.Listen(s.proto, s.addr)
 	if err != nil {
--- a/abci/server/server.go
+++ b/abci/server/server.go
@@ -12,17 +12,18 @@ import (
 	"fmt"

 	"github.com/tendermint/tendermint/abci/types"
+	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/libs/service"
 )

-func NewServer(protoAddr, transport string, app types.Application) (service.Service, error) {
+func NewServer(logger log.Logger, protoAddr, transport string, app types.Application) (service.Service, error) {
 	var s service.Service
 	var err error
 	switch transport {
 	case "socket":
-		s = NewSocketServer(protoAddr, app)
+		s = NewSocketServer(logger, protoAddr, app)
 	case "grpc":
-		s = NewGRPCServer(protoAddr, types.NewGRPCApplication(app))
+		s = NewGRPCServer(logger, protoAddr, types.NewGRPCApplication(app))
 	default:
 		err = fmt.Errorf("unknown server type %s", transport)
 	}
--- a/abci/server/socket_server.go
+++ b/abci/server/socket_server.go
@@ -2,10 +2,10 @@ package server

 import (
 	"bufio"
+	"context"
 	"fmt"
 	"io"
 	"net"
-	"os"
 	"runtime"

 	"github.com/tendermint/tendermint/abci/types"
@@ -19,7 +19,6 @@ import (

 type SocketServer struct {
 	service.BaseService
-	isLoggerSet bool

 	proto    string
 	addr     string
@@ -33,7 +32,7 @@ type SocketServer struct {
 	app    types.Application
 }

-func NewSocketServer(protoAddr string, app types.Application) service.Service {
+func NewSocketServer(logger tmlog.Logger, protoAddr string, app types.Application) service.Service {
 	proto, addr := tmnet.ProtocolAndAddress(protoAddr)
 	s := &SocketServer{
 		proto:    proto,
@@ -42,23 +41,18 @@ func NewSocketServer(protoAddr string, app types.Application) service.Service {
 		app:      app,
 		conns:    make(map[int]net.Conn),
 	}
-	s.BaseService = *service.NewBaseService(nil, "ABCIServer", s)
+	s.BaseService = *service.NewBaseService(logger, "ABCIServer", s)
 	return s
 }

-func (s *SocketServer) SetLogger(l tmlog.Logger) {
-	s.BaseService.SetLogger(l)
-	s.isLoggerSet = true
-}
-
-func (s *SocketServer) OnStart() error {
+func (s *SocketServer) OnStart(ctx context.Context) error {
 	ln, err := net.Listen(s.proto, s.addr)
 	if err != nil {
 		return err
 	}

 	s.listener = ln
-	go s.acceptConnectionsRoutine()
+	go s.acceptConnectionsRoutine(ctx)

 	return nil
 }
@@ -70,6 +64,7 @@ func (s *SocketServer) OnStop() {

 	s.connsMtx.Lock()
 	defer s.connsMtx.Unlock()
+
 	for id, conn := range s.conns {
 		delete(s.conns, id)
 		if err := conn.Close(); err != nil {
@@ -103,8 +98,13 @@ func (s *SocketServer) rmConn(connID int) error {
 	return conn.Close()
 }

-func (s *SocketServer) acceptConnectionsRoutine() {
+func (s *SocketServer) acceptConnectionsRoutine(ctx context.Context) {
 	for {
+		if ctx.Err() != nil {
+			return
+
+		}
+
 		// Accept a connection
 		s.Logger.Info("Waiting for new connection...")
 		conn, err := s.listener.Accept()
@@ -124,35 +124,46 @@ func (s *SocketServer) acceptConnectionsRoutine() {
 		responses := make(chan *types.Response, 1000) // A channel to buffer responses

 		// Read requests from conn and deal with them
-		go s.handleRequests(closeConn, conn, responses)
+		go s.handleRequests(ctx, closeConn, conn, responses)
 		// Pull responses from 'responses' and write them to conn.
-		go s.handleResponses(closeConn, conn, responses)
+		go s.handleResponses(ctx, closeConn, conn, responses)

 		// Wait until signal to close connection
-		go s.waitForClose(closeConn, connID)
+		go s.waitForClose(ctx, closeConn, connID)
 	}
 }

-func (s *SocketServer) waitForClose(closeConn chan error, connID int) {
-	err := <-closeConn
-	switch {
-	case err == io.EOF:
-		s.Logger.Error("Connection was closed by client")
-	case err != nil:
-		s.Logger.Error("Connection error", "err", err)
-	default:
-		// never happens
-		s.Logger.Error("Connection was closed")
-	}
+func (s *SocketServer) waitForClose(ctx context.Context, closeConn chan error, connID int) {
+	defer func() {
+		// Close the connection
+		if err := s.rmConn(connID); err != nil {
+			s.Logger.Error("Error closing connection", "err", err)
+		}
+	}()

-	// Close the connection
-	if err := s.rmConn(connID); err != nil {
-		s.Logger.Error("Error closing connection", "err", err)
+	select {
+	case <-ctx.Done():
+		return
+	case err := <-closeConn:
+		switch {
+		case err == io.EOF:
+			s.Logger.Error("Connection was closed by client")
+		case err != nil:
+			s.Logger.Error("Connection error", "err", err)
+		default:
+			// never happens
+			s.Logger.Error("Connection was closed")
+		}
 	}
 }

 // Read requests from conn and deal with them
-func (s *SocketServer) handleRequests(closeConn chan error, conn io.Reader, responses chan<- *types.Response) {
+func (s *SocketServer) handleRequests(
+	ctx context.Context,
+	closeConn chan error,
+	conn io.Reader,
+	responses chan<- *types.Response,
+) {
 	var count int
 	var bufReader = bufio.NewReader(conn)

@@ -164,15 +175,15 @@ func (s *SocketServer) handleRequests(closeConn chan error, conn io.Reader, resp
 			buf := make([]byte, size)
 			buf = buf[:runtime.Stack(buf, false)]
 			err := fmt.Errorf("recovered from panic: %v\n%s", r, buf)
-			if !s.isLoggerSet {
-				fmt.Fprintln(os.Stderr, err)
-			}
 			closeConn <- err
 			s.appMtx.Unlock()
 		}
 	}()

 	for {
+		if ctx.Err() != nil {
+			return
+		}

 		var req = &types.Request{}
 		err := types.ReadMessage(bufReader, req)
@@ -239,23 +250,21 @@ func (s *SocketServer) handleRequest(req *types.Request, responses chan<- *types
 }

 // Pull responses from 'responses' and write them to conn.
-func (s *SocketServer) handleResponses(closeConn chan error, conn io.Writer, responses <-chan *types.Response) {
-	var count int
-	var bufWriter = bufio.NewWriter(conn)
-	for {
-		var res = <-responses
-		err := types.WriteMessage(res, bufWriter)
-		if err != nil {
+func (s *SocketServer) handleResponses(
+	ctx context.Context,
+	closeConn chan error,
+	conn io.Writer,
+	responses <-chan *types.Response,
+) {
+	bw := bufio.NewWriter(conn)
+	for res := range responses {
+		if err := types.WriteMessage(res, bw); err != nil {
 			closeConn <- fmt.Errorf("error writing message: %w", err)
 			return
 		}
-		if _, ok := res.Value.(*types.Response_Flush); ok {
-			err = bufWriter.Flush()
-			if err != nil {
-				closeConn <- fmt.Errorf("error flushing write buffer: %w", err)
-				return
-			}
+		if err := bw.Flush(); err != nil {
+			closeConn <- fmt.Errorf("error flushing write buffer: %w", err)
+			return
 		}
-		count++
 	}
 }
--- a/abci/tests/client_server_test.go
+++ b/abci/tests/client_server_test.go
@@ -1,27 +1,35 @@
 package tests

 import (
+	"context"
 	"testing"

 	"github.com/stretchr/testify/assert"

-	abciclient "github.com/tendermint/tendermint/abci/client"
+	abciclientent "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abciserver "github.com/tendermint/tendermint/abci/server"
+	"github.com/tendermint/tendermint/libs/log"
 )

 func TestClientServerNoAddrPrefix(t *testing.T) {
-	addr := "localhost:26658"
-	transport := "socket"
-	app := kvstore.NewApplication()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()

-	server, err := abciserver.NewServer(addr, transport, app)
+	const (
+		addr      = "localhost:26658"
+		transport = "socket"
+	)
+	app := kvstore.NewApplication()
+	logger := log.TestingLogger()
+
+	server, err := abciserver.NewServer(logger, addr, transport, app)
 	assert.NoError(t, err, "expected no error on NewServer")
-	err = server.Start()
+	err = server.Start(ctx)
 	assert.NoError(t, err, "expected no error on server.Start")

-	client, err := abciclient.NewClient(addr, transport, true)
+	client, err := abciclientent.NewClient(logger, addr, transport, true)
 	assert.NoError(t, err, "expected no error on NewClient")
-	err = client.Start()
+	err = client.Start(ctx)
 	assert.NoError(t, err, "expected no error on client.Start")
 }
--- a/abci/tests/server/client.go
+++ b/abci/tests/server/client.go
@@ -7,14 +7,12 @@ import (
 	"fmt"
 	mrand "math/rand"

-	abcicli "github.com/tendermint/tendermint/abci/client"
+	abciclient "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/types"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
 )

-var ctx = context.Background()
-
-func InitChain(client abcicli.Client) error {
+func InitChain(ctx context.Context, client abciclient.Client) error {
 	total := 10
 	vals := make([]types.ValidatorUpdate, total)
 	for i := 0; i < total; i++ {
@@ -34,7 +32,7 @@ func InitChain(client abcicli.Client) error {
 	return nil
 }

-func Commit(client abcicli.Client, hashExp []byte) error {
+func Commit(ctx context.Context, client abciclient.Client, hashExp []byte) error {
 	res, err := client.CommitSync(ctx)
 	data := res.Data
 	if err != nil {
@@ -51,7 +49,7 @@ func Commit(client abcicli.Client, hashExp []byte) error {
 	return nil
 }

-func DeliverTx(client abcicli.Client, txBytes []byte, codeExp uint32, dataExp []byte) error {
+func DeliverTx(ctx context.Context, client abciclient.Client, txBytes []byte, codeExp uint32, dataExp []byte) error {
 	res, _ := client.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: txBytes})
 	code, data, log := res.Code, res.Data, res.Log
 	if code != codeExp {
@@ -70,7 +68,7 @@ func DeliverTx(client abcicli.Client, txBytes []byte, codeExp uint32, dataExp []
 	return nil
 }

-func CheckTx(client abcicli.Client, txBytes []byte, codeExp uint32, dataExp []byte) error {
+func CheckTx(ctx context.Context, client abciclient.Client, txBytes []byte, codeExp uint32, dataExp []byte) error {
 	res, _ := client.CheckTxSync(ctx, types.RequestCheckTx{Tx: txBytes})
 	code, data, log := res.Code, res.Data, res.Log
 	if code != codeExp {
--- a/abci/types/client.go
+++ b/abci/types/client.go
@@ -0,0 +1 @@
+package types
--- a/abci/types/pubkey.go
+++ b/abci/types/pubkey.go
@@ -4,7 +4,7 @@ import (
 	fmt "fmt"

 	"github.com/tendermint/tendermint/crypto/ed25519"
-	cryptoenc "github.com/tendermint/tendermint/crypto/encoding"
+	"github.com/tendermint/tendermint/crypto/encoding"
 	"github.com/tendermint/tendermint/crypto/secp256k1"
 	"github.com/tendermint/tendermint/crypto/sr25519"
 )
@@ -12,7 +12,7 @@ import (
 func Ed25519ValidatorUpdate(pk []byte, power int64) ValidatorUpdate {
 	pke := ed25519.PubKey(pk)

-	pkp, err := cryptoenc.PubKeyToProto(pke)
+	pkp, err := encoding.PubKeyToProto(pke)
 	if err != nil {
 		panic(err)
 	}
@@ -29,7 +29,7 @@ func UpdateValidator(pk []byte, power int64, keyType string) ValidatorUpdate {
 		return Ed25519ValidatorUpdate(pk, power)
 	case secp256k1.KeyType:
 		pke := secp256k1.PubKey(pk)
-		pkp, err := cryptoenc.PubKeyToProto(pke)
+		pkp, err := encoding.PubKeyToProto(pke)
 		if err != nil {
 			panic(err)
 		}
@@ -39,7 +39,7 @@ func UpdateValidator(pk []byte, power int64, keyType string) ValidatorUpdate {
 		}
 	case sr25519.KeyType:
 		pke := sr25519.PubKey(pk)
-		pkp, err := cryptoenc.PubKeyToProto(pke)
+		pkp, err := encoding.PubKeyToProto(pke)
 		if err != nil {
 			panic(err)
 		}
--- a/abci/types/types.pb.go
+++ b/abci/types/types.pb.go
@@ -1838,7 +1838,7 @@ type ResponseCheckTx struct {
 	Sender    string  `protobuf:"bytes,9,opt,name=sender,proto3" json:"sender,omitempty"`
 	Priority  int64   `protobuf:"varint,10,opt,name=priority,proto3" json:"priority,omitempty"`
 	// mempool_error is set by Tendermint.
-	// ABCI applictions creating a ResponseCheckTX should not set mempool_error.
+	// ABCI applications creating a ResponseCheckTX should not set mempool_error.
 	MempoolError string `protobuf:"bytes,11,opt,name=mempool_error,json=mempoolError,proto3" json:"mempool_error,omitempty"`
 }

--- a/buf.gen.yaml
+++ b/buf.gen.yaml
@@ -1,13 +0,0 @@
-# The version of the generation template.
-# Required.
-# The only currently-valid value is v1beta1.
-version: v1beta1
-
-# The plugins to run.
-plugins:
-  # The name of the plugin.
-  - name: gogofaster
-    # The the relative output directory.
-    out: proto
-    # Any options to provide to the plugin.
-    opt: Mgoogle/protobuf/timestamp.proto=github.com/gogo/protobuf/types,Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration,plugins=grpc,paths=source_relative
--- a/buf.yaml
+++ b/buf.yaml
@@ -1,16 +0,0 @@
-version: v1beta1
-
-build:
-  roots:
-    - proto
-    - third_party/proto
-lint:
-  use:
-    - BASIC
-    - FILE_LOWER_SNAKE_CASE
-    - UNARY_RPC
-  ignore:
-    - gogoproto
-breaking:
-  use:
-    - FILE
--- a/cmd/priv_val_server/main.go
+++ b/cmd/priv_val_server/main.go
@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"flag"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
@@ -78,7 +77,7 @@ func main() {
 		}

 		certPool := x509.NewCertPool()
-		bs, err := ioutil.ReadFile(*rootCA)
+		bs, err := os.ReadFile(*rootCA)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "failed to read client ca cert: %s", err)
 			os.Exit(1)
--- a/cmd/tendermint/commands/debug/dump.go
+++ b/cmd/tendermint/commands/debug/dump.go
@@ -3,7 +3,6 @@ package debug
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"time"
@@ -11,7 +10,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"

-	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/libs/cli"
 	rpchttp "github.com/tendermint/tendermint/rpc/client/http"
 )
@@ -65,9 +64,9 @@ func dumpCmdHandler(_ *cobra.Command, args []string) error {
 	}

 	home := viper.GetString(cli.HomeFlag)
-	conf := cfg.DefaultConfig()
+	conf := config.DefaultConfig()
 	conf = conf.SetRoot(home)
-	cfg.EnsureRoot(conf.RootDir)
+	config.EnsureRoot(conf.RootDir)

 	dumpDebugData(outDir, conf, rpc)

@@ -79,10 +78,10 @@ func dumpCmdHandler(_ *cobra.Command, args []string) error {
 	return nil
 }

-func dumpDebugData(outDir string, conf *cfg.Config, rpc *rpchttp.HTTP) {
+func dumpDebugData(outDir string, conf *config.Config, rpc *rpchttp.HTTP) {
 	start := time.Now().UTC()

-	tmpDir, err := ioutil.TempDir(outDir, "tendermint_debug_tmp")
+	tmpDir, err := os.MkdirTemp(outDir, "tendermint_debug_tmp")
 	if err != nil {
 		logger.Error("failed to create temporary directory", "dir", tmpDir, "error", err)
 		return
--- a/cmd/tendermint/commands/debug/io.go
+++ b/cmd/tendermint/commands/debug/io.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -111,5 +110,5 @@ func writeStateJSONToFile(state interface{}, dir, filename string) error {
 		return fmt.Errorf("failed to encode state dump: %w", err)
 	}

-	return ioutil.WriteFile(path.Join(dir, filename), stateJSON, os.ModePerm)
+	return os.WriteFile(path.Join(dir, filename), stateJSON, os.ModePerm)
 }
--- a/cmd/tendermint/commands/debug/kill.go
+++ b/cmd/tendermint/commands/debug/kill.go
@@ -3,7 +3,6 @@ package debug
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -14,7 +13,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"

-	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/libs/cli"
 	rpchttp "github.com/tendermint/tendermint/rpc/client/http"
 )
@@ -34,7 +33,7 @@ $ tendermint debug kill 34255 /path/to/tm-debug.zip`,
 }

 func killCmdHandler(cmd *cobra.Command, args []string) error {
-	pid, err := strconv.ParseUint(args[0], 10, 64)
+	pid, err := strconv.ParseInt(args[0], 10, 64)
 	if err != nil {
 		return err
 	}
@@ -50,13 +49,13 @@ func killCmdHandler(cmd *cobra.Command, args []string) error {
 	}

 	home := viper.GetString(cli.HomeFlag)
-	conf := cfg.DefaultConfig()
+	conf := config.DefaultConfig()
 	conf = conf.SetRoot(home)
-	cfg.EnsureRoot(conf.RootDir)
+	config.EnsureRoot(conf.RootDir)

 	// Create a temporary directory which will contain all the state dumps and
 	// relevant files and directories that will be compressed into a file.
-	tmpDir, err := ioutil.TempDir(os.TempDir(), "tendermint_debug_tmp")
+	tmpDir, err := os.MkdirTemp(os.TempDir(), "tendermint_debug_tmp")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary directory: %w", err)
 	}
@@ -92,7 +91,7 @@ func killCmdHandler(cmd *cobra.Command, args []string) error {
 	}

 	logger.Info("killing Tendermint process")
-	if err := killProc(pid, tmpDir); err != nil {
+	if err := killProc(int(pid), tmpDir); err != nil {
 		return err
 	}

@@ -105,7 +104,7 @@ func killCmdHandler(cmd *cobra.Command, args []string) error {
 // is tailed and piped to a file under the directory dir. An error is returned
 // if the output file cannot be created or the tail command cannot be started.
 // An error is not returned if any subsequent syscall fails.
-func killProc(pid uint64, dir string) error {
+func killProc(pid int, dir string) error {
 	// pipe STDERR output from tailing the Tendermint process to a file
 	//
 	// NOTE: This will only work on UNIX systems.
@@ -128,7 +127,7 @@ func killProc(pid uint64, dir string) error {
 	go func() {
 		// Killing the Tendermint process with the '-ABRT|-6' signal will result in
 		// a goroutine stacktrace.
-		p, err := os.FindProcess(int(pid))
+		p, err := os.FindProcess(pid)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "failed to find PID to kill Tendermint process: %s", err)
 		} else if err = p.Signal(syscall.SIGABRT); err != nil {
--- a/cmd/tendermint/commands/debug/util.go
+++ b/cmd/tendermint/commands/debug/util.go
@@ -3,13 +3,13 @@ package debug
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"

-	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/config"
 	rpchttp "github.com/tendermint/tendermint/rpc/client/http"
 )

@@ -48,7 +48,7 @@ func dumpConsensusState(rpc *rpchttp.HTTP, dir, filename string) error {

 // copyWAL copies the Tendermint node's WAL file. It returns an error if the
 // WAL file cannot be read or copied.
-func copyWAL(conf *cfg.Config, dir string) error {
+func copyWAL(conf *config.Config, dir string) error {
 	walPath := conf.Consensus.WalFile()
 	walFile := filepath.Base(walPath)

@@ -73,10 +73,10 @@ func dumpProfile(dir, addr, profile string, debug int) error {
 	}
 	defer resp.Body.Close()

-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return fmt.Errorf("failed to read %s profile response body: %w", profile, err)
 	}

-	return ioutil.WriteFile(path.Join(dir, fmt.Sprintf("%s.out", profile)), body, os.ModePerm)
+	return os.WriteFile(path.Join(dir, fmt.Sprintf("%s.out", profile)), body, os.ModePerm)
 }
--- a/cmd/tendermint/commands/init.go
+++ b/cmd/tendermint/commands/init.go
@@ -121,7 +121,9 @@ func initFilesWithConfig(config *cfg.Config) error {
 	}

 	// write config file
-	cfg.WriteConfigFile(config.RootDir, config)
+	if err := cfg.WriteConfigFile(config.RootDir, config); err != nil {
+		return err
+	}
 	logger.Info("Generated config", "mode", config.Mode)

 	return nil
--- a/cmd/tendermint/commands/inspect.go
+++ b/cmd/tendermint/commands/inspect.go
@@ -8,12 +8,7 @@ import (

 	"github.com/spf13/cobra"

-	cfg "github.com/tendermint/tendermint/config"
-	"github.com/tendermint/tendermint/inspect"
-	"github.com/tendermint/tendermint/state"
-	"github.com/tendermint/tendermint/state/indexer/sink"
-	"github.com/tendermint/tendermint/store"
-	"github.com/tendermint/tendermint/types"
+	"github.com/tendermint/tendermint/internal/inspect"
 )

 // InspectCmd is the command for starting an inspect server.
@@ -55,29 +50,10 @@ func runInspect(cmd *cobra.Command, args []string) error {
 		cancel()
 	}()

-	blockStoreDB, err := cfg.DefaultDBProvider(&cfg.DBContext{ID: "blockstore", Config: config})
+	ins, err := inspect.NewFromConfig(logger, config)
 	if err != nil {
 		return err
 	}
-	blockStore := store.NewBlockStore(blockStoreDB)
-	stateDB, err := cfg.DefaultDBProvider(&cfg.DBContext{ID: "state", Config: config})
-	if err != nil {
-		if err := blockStoreDB.Close(); err != nil {
-			logger.Error("error closing block store db", "error", err)
-		}
-		return err
-	}
-	genDoc, err := types.GenesisDocFromFile(config.GenesisFile())
-	if err != nil {
-		return err
-	}
-	sinks, err := sink.EventSinksFromConfig(config, cfg.DefaultDBProvider, genDoc.ChainID)
-	if err != nil {
-		return err
-	}
-	stateStore := state.NewStore(stateDB)
-
-	ins := inspect.New(config.RPC, blockStore, stateStore, sinks, logger)

 	logger.Info("starting inspect server")
 	if err := ins.Run(ctx); err != nil {
--- a/cmd/tendermint/commands/light.go
+++ b/cmd/tendermint/commands/light.go
@@ -6,12 +6,13 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"os/signal"
 	"path/filepath"
 	"strings"
+	"syscall"
 	"time"

 	"github.com/spf13/cobra"
-
 	dbm "github.com/tendermint/tm-db"

 	"github.com/tendermint/tendermint/libs/log"
@@ -192,8 +193,12 @@ func runProxy(cmd *cobra.Command, args []string) error {
 		p.Listener.Close()
 	})

+	// this might be redundant to the above, eventually.
+	ctx, cancel := signal.NotifyContext(cmd.Context(), syscall.SIGTERM)
+	defer cancel()
+
 	logger.Info("Starting proxy...", "laddr", listenAddr)
-	if err := p.ListenAndServe(); err != http.ErrServerClosed {
+	if err := p.ListenAndServe(ctx); err != http.ErrServerClosed {
 		// Error starting or closing listener:
 		logger.Error("proxy ListenAndServe", "err", err)
 	}
--- a/cmd/tendermint/commands/reindex_event.go
+++ b/cmd/tendermint/commands/reindex_event.go
@@ -6,17 +6,17 @@ import (
 	"strings"

 	"github.com/spf13/cobra"
-	tmdb "github.com/tendermint/tm-db"
+	dbm "github.com/tendermint/tm-db"

 	abcitypes "github.com/tendermint/tendermint/abci/types"
 	tmcfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/internal/libs/progressbar"
-	ctypes "github.com/tendermint/tendermint/rpc/core/types"
-	"github.com/tendermint/tendermint/state"
-	"github.com/tendermint/tendermint/state/indexer"
-	"github.com/tendermint/tendermint/state/indexer/sink/kv"
-	"github.com/tendermint/tendermint/state/indexer/sink/psql"
-	"github.com/tendermint/tendermint/store"
+	"github.com/tendermint/tendermint/internal/state"
+	"github.com/tendermint/tendermint/internal/state/indexer"
+	"github.com/tendermint/tendermint/internal/state/indexer/sink/kv"
+	"github.com/tendermint/tendermint/internal/state/indexer/sink/psql"
+	"github.com/tendermint/tendermint/internal/store"
+	"github.com/tendermint/tendermint/rpc/coretypes"
 	"github.com/tendermint/tendermint/types"
 )

@@ -29,11 +29,12 @@ var ReIndexEventCmd = &cobra.Command{
 	Use:   "reindex-event",
 	Short: "reindex events to the event store backends",
 	Long: `
-	reindex-event is an offline tooling to re-index block and tx events to the eventsinks,
-	you can run this command when the event store backend dropped/disconnected or you want to replace the backend.
-	The default start-height is 0, meaning the tooling will start reindex from the base block height(inclusive); and the
-	default end-height is 0, meaning the tooling will reindex until the latest block height(inclusive). User can omits
-	either or both arguments.
+reindex-event is an offline tooling to re-index block and tx events to the eventsinks,
+you can run this command when the event store backend dropped/disconnected or you want to 
+replace the backend. The default start-height is 0, meaning the tooling will start 
+reindex from the base block height(inclusive); and the default end-height is 0, meaning 
+the tooling will reindex until the latest block height(inclusive). User can omit
+either or both arguments.
 	`,
 	Example: `
 	tendermint reindex-event
@@ -129,17 +130,17 @@ func loadEventSinks(cfg *tmcfg.Config) ([]indexer.EventSink, error) {
 }

 func loadStateAndBlockStore(cfg *tmcfg.Config) (*store.BlockStore, state.Store, error) {
-	dbType := tmdb.BackendType(cfg.DBBackend)
+	dbType := dbm.BackendType(cfg.DBBackend)

 	// Get BlockStore
-	blockStoreDB, err := tmdb.NewDB("blockstore", dbType, cfg.DBDir())
+	blockStoreDB, err := dbm.NewDB("blockstore", dbType, cfg.DBDir())
 	if err != nil {
 		return nil, nil, err
 	}
 	blockStore := store.NewBlockStore(blockStoreDB)

 	// Get StateStore
-	stateDB, err := tmdb.NewDB("state", dbType, cfg.DBDir())
+	stateDB, err := dbm.NewDB("state", dbType, cfg.DBDir())
 	if err != nil {
 		return nil, nil, err
 	}
@@ -221,14 +222,15 @@ func checkValidHeight(bs state.BlockStore) error {
 	}

 	if startHeight < base {
-		return fmt.Errorf("%s (requested start height: %d, base height: %d)", ctypes.ErrHeightNotAvailable, startHeight, base)
+		return fmt.Errorf("%s (requested start height: %d, base height: %d)",
+			coretypes.ErrHeightNotAvailable, startHeight, base)
 	}

 	height := bs.Height()

 	if startHeight > height {
 		return fmt.Errorf(
-			"%s (requested start height: %d, store height: %d)", ctypes.ErrHeightNotAvailable, startHeight, height)
+			"%s (requested start height: %d, store height: %d)", coretypes.ErrHeightNotAvailable, startHeight, height)
 	}

 	if endHeight == 0 || endHeight > height {
@@ -238,13 +240,13 @@ func checkValidHeight(bs state.BlockStore) error {

 	if endHeight < base {
 		return fmt.Errorf(
-			"%s (requested end height: %d, base height: %d)", ctypes.ErrHeightNotAvailable, endHeight, base)
+			"%s (requested end height: %d, base height: %d)", coretypes.ErrHeightNotAvailable, endHeight, base)
 	}

 	if endHeight < startHeight {
 		return fmt.Errorf(
 			"%s (requested the end height: %d is less than the start height: %d)",
-			ctypes.ErrInvalidRequest, startHeight, endHeight)
+			coretypes.ErrInvalidRequest, startHeight, endHeight)
 	}

 	return nil
--- a/cmd/tendermint/commands/reindex_event_test.go
+++ b/cmd/tendermint/commands/reindex_event_test.go
@@ -11,9 +11,9 @@ import (

 	abcitypes "github.com/tendermint/tendermint/abci/types"
 	tmcfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/internal/state/indexer"
+	"github.com/tendermint/tendermint/internal/state/mocks"
 	prototmstate "github.com/tendermint/tendermint/proto/tendermint/state"
-	"github.com/tendermint/tendermint/state/indexer"
-	"github.com/tendermint/tendermint/state/mocks"
 	"github.com/tendermint/tendermint/types"
 )

--- a/cmd/tendermint/commands/replay.go
+++ b/cmd/tendermint/commands/replay.go
@@ -9,8 +9,8 @@ import (
 var ReplayCmd = &cobra.Command{
 	Use:   "replay",
 	Short: "Replay messages from WAL",
-	Run: func(cmd *cobra.Command, args []string) {
-		consensus.RunReplayFile(config.BaseConfig, config.Consensus, false)
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return consensus.RunReplayFile(cmd.Context(), logger, config.BaseConfig, config.Consensus, false)
 	},
 }

@@ -19,7 +19,7 @@ var ReplayCmd = &cobra.Command{
 var ReplayConsoleCmd = &cobra.Command{
 	Use:   "replay-console",
 	Short: "Replay messages from WAL in a console",
-	Run: func(cmd *cobra.Command, args []string) {
-		consensus.RunReplayFile(config.BaseConfig, config.Consensus, true)
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return consensus.RunReplayFile(cmd.Context(), logger, config.BaseConfig, config.Consensus, true)
 	},
 }
--- a/cmd/tendermint/commands/reset_priv_validator.go
+++ b/cmd/tendermint/commands/reset_priv_validator.go
@@ -37,7 +37,7 @@ var ResetPrivValidatorCmd = &cobra.Command{
 // XXX: this is totally unsafe.
 // it's only suitable for testnets.
 func resetAll(cmd *cobra.Command, args []string) error {
-	return ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidator.KeyFile(),
+	return ResetAll(config.DBDir(), config.PrivValidator.KeyFile(),
 		config.PrivValidator.StateFile(), logger)
 }

@@ -49,12 +49,7 @@ func resetPrivValidator(cmd *cobra.Command, args []string) error {

 // ResetAll removes address book files plus all data, and resets the privValdiator data.
 // Exported so other CLI tools can use it.
-func ResetAll(dbDir, addrBookFile, privValKeyFile, privValStateFile string, logger log.Logger) error {
-	if keepAddrBook {
-		logger.Info("The address book remains intact")
-	} else {
-		removeAddrBook(addrBookFile, logger)
-	}
+func ResetAll(dbDir, privValKeyFile, privValStateFile string, logger log.Logger) error {
 	if err := os.RemoveAll(dbDir); err == nil {
 		logger.Info("Removed all blockchain history", "dir", dbDir)
 	} else {
@@ -87,11 +82,3 @@ func resetFilePV(privValKeyFile, privValStateFile string, logger log.Logger) err
 	}
 	return nil
 }
-
-func removeAddrBook(addrBookFile string, logger log.Logger) {
-	if err := os.Remove(addrBookFile); err == nil {
-		logger.Info("Removed existing address book", "file", addrBookFile)
-	} else if !os.IsNotExist(err) {
-		logger.Info("Error removing address book", "file", addrBookFile, "err", err)
-	}
-}
--- a/cmd/tendermint/commands/rollback.go
+++ b/cmd/tendermint/commands/rollback.go
@@ -0,0 +1,46 @@
+package commands
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+
+	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/internal/state"
+)
+
+var RollbackStateCmd = &cobra.Command{
+	Use:   "rollback",
+	Short: "rollback tendermint state by one height",
+	Long: `
+A state rollback is performed to recover from an incorrect application state transition,
+when Tendermint has persisted an incorrect app hash and is thus unable to make
+progress. Rollback overwrites a state at height n with the state at height n - 1.
+The application should also roll back to height n - 1. No blocks are removed, so upon
+restarting Tendermint the transactions in block n will be re-executed against the
+application.
+`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		height, hash, err := RollbackState(config)
+		if err != nil {
+			return fmt.Errorf("failed to rollback state: %w", err)
+		}
+
+		fmt.Printf("Rolled back state to height %d and hash %v", height, hash)
+		return nil
+	},
+}
+
+// RollbackState takes the state at the current height n and overwrites it with the state
+// at height n - 1. Note state here refers to tendermint state not application state.
+// Returns the latest state height and app hash alongside an error if there was one.
+func RollbackState(config *cfg.Config) (int64, []byte, error) {
+	// use the parsed config to load the block and state store
+	blockStore, stateStore, err := loadStateAndBlockStore(config)
+	if err != nil {
+		return -1, nil, err
+	}
+
+	// rollback the last state
+	return state.Rollback(blockStore, stateStore)
+}
--- a/cmd/tendermint/commands/root_test.go
+++ b/cmd/tendermint/commands/root_test.go
@@ -2,7 +2,6 @@ package commands

 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -167,5 +166,5 @@ func WriteConfigVals(dir string, vals map[string]string) error {
 		data += fmt.Sprintf("%s = \"%s\"\n", k, v)
 	}
 	cfile := filepath.Join(dir, "config.toml")
-	return ioutil.WriteFile(cfile, []byte(data), 0600)
+	return os.WriteFile(cfile, []byte(data), 0600)
 }
--- a/cmd/tendermint/commands/run_node.go
+++ b/cmd/tendermint/commands/run_node.go
@@ -6,11 +6,12 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"os/signal"
+	"syscall"

 	"github.com/spf13/cobra"

 	cfg "github.com/tendermint/tendermint/config"
-	tmos "github.com/tendermint/tendermint/libs/os"
 )

 var (
@@ -33,7 +34,7 @@ func AddNodeFlags(cmd *cobra.Command) {
 		"socket address to listen on for connections from external priv-validator process")

 	// node flags
-	cmd.Flags().Bool("fast-sync", config.FastSyncMode, "fast blockchain syncing")
+
 	cmd.Flags().BytesHexVar(
 		&genesisHash,
 		"genesis-hash",
@@ -48,15 +49,11 @@ func AddNodeFlags(cmd *cobra.Command) {
 		"proxy-app",
 		config.ProxyApp,
 		"proxy app address, or one of: 'kvstore',"+
-			" 'persistent_kvstore' or 'noop' for local testing.")
+			" 'persistent_kvstore', 'e2e' or 'noop' for local testing.")
 	cmd.Flags().String("abci", config.ABCI, "specify abci transport (socket | grpc)")

 	// rpc flags
 	cmd.Flags().String("rpc.laddr", config.RPC.ListenAddress, "RPC listen address. Port required")
-	cmd.Flags().String(
-		"rpc.grpc-laddr",
-		config.RPC.GRPCListenAddress,
-		"GRPC listen address (BroadcastTx only). Port required")
 	cmd.Flags().Bool("rpc.unsafe", config.RPC.Unsafe, "enabled unsafe rpc methods")
 	cmd.Flags().String("rpc.pprof-laddr", config.RPC.PprofListenAddress, "pprof listen address (https://golang.org/pkg/net/http/pprof)")

@@ -67,8 +64,6 @@ func AddNodeFlags(cmd *cobra.Command) {
 		"node listen address. (0.0.0.0:0 means any interface, any port)")
 	cmd.Flags().String("p2p.seeds", config.P2P.Seeds, "comma-delimited ID@host:port seed nodes")
 	cmd.Flags().String("p2p.persistent-peers", config.P2P.PersistentPeers, "comma-delimited ID@host:port persistent peers")
-	cmd.Flags().String("p2p.unconditional-peer-ids",
-		config.P2P.UnconditionalPeerIDs, "comma-delimited IDs of unconditional peers")
 	cmd.Flags().Bool("p2p.upnp", config.P2P.UPNP, "enable/disable UPNP port forwarding")
 	cmd.Flags().Bool("p2p.pex", config.P2P.PexReactor, "enable/disable Peer-Exchange")
 	cmd.Flags().String("p2p.private-peer-ids", config.P2P.PrivatePeerIDs, "comma-delimited private peer IDs")
@@ -109,28 +104,22 @@ func NewRunNodeCmd(nodeProvider cfg.ServiceProvider) *cobra.Command {
 				return err
 			}

-			n, err := nodeProvider(config, logger)
+			ctx, cancel := signal.NotifyContext(cmd.Context(), syscall.SIGTERM)
+			defer cancel()
+
+			n, err := nodeProvider(ctx, config, logger)
 			if err != nil {
 				return fmt.Errorf("failed to create node: %w", err)
 			}

-			if err := n.Start(); err != nil {
+			if err := n.Start(ctx); err != nil {
 				return fmt.Errorf("failed to start node: %w", err)
 			}

 			logger.Info("started node", "node", n.String())

-			// Stop upon receiving SIGTERM or CTRL-C.
-			tmos.TrapSignal(logger, func() {
-				if n.IsRunning() {
-					if err := n.Stop(); err != nil {
-						logger.Error("unable to stop the node", "error", err)
-					}
-				}
-			})
-
-			// Run forever.
-			select {}
+			<-ctx.Done()
+			return nil
 		},
 	}

@@ -158,7 +147,7 @@ func checkGenesisHash(config *cfg.Config) error {
 	// Compare with the flag.
 	if !bytes.Equal(genesisHash, actualHash) {
 		return fmt.Errorf(
-			"--genesis_hash=%X does not match %s hash: %X",
+			"--genesis-hash=%X does not match %s hash: %X",
 			genesisHash, config.GenesisFile(), actualHash)
 	}

--- a/cmd/tendermint/commands/testnet.go
+++ b/cmd/tendermint/commands/testnet.go
@@ -226,7 +226,6 @@ func testnetFiles(cmd *cobra.Command, args []string) error {
 	for i := 0; i < nValidators+nNonValidators; i++ {
 		nodeDir := filepath.Join(outputDir, fmt.Sprintf("%s%d", nodeDirPrefix, i))
 		config.SetRoot(nodeDir)
-		config.P2P.AddrBookStrict = false
 		config.P2P.AllowDuplicateIP = true
 		if populatePersistentPeers {
 			persistentPeersWithoutSelf := make([]string, 0)
@@ -240,7 +239,9 @@ func testnetFiles(cmd *cobra.Command, args []string) error {
 		}
 		config.Moniker = moniker(i)

-		cfg.WriteConfigFile(nodeDir, config)
+		if err := cfg.WriteConfigFile(nodeDir, config); err != nil {
+			return err
+		}
 	}

 	fmt.Printf("Successfully initialized %v node directories\n", nValidators+nNonValidators)
--- a/cmd/tendermint/main.go
+++ b/cmd/tendermint/main.go
@@ -6,9 +6,9 @@ import (

 	cmd "github.com/tendermint/tendermint/cmd/tendermint/commands"
 	"github.com/tendermint/tendermint/cmd/tendermint/commands/debug"
-	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/libs/cli"
-	nm "github.com/tendermint/tendermint/node"
+	"github.com/tendermint/tendermint/node"
 )

 func main() {
@@ -29,6 +29,7 @@ func main() {
 		cmd.GenNodeKeyCmd,
 		cmd.VersionCmd,
 		cmd.InspectCmd,
+		cmd.RollbackStateCmd,
 		cmd.MakeKeyMigrateCommand(),
 		debug.DebugCmd,
 		cli.NewCompletionCmd(rootCmd, true),
@@ -42,12 +43,12 @@ func main() {
 	//	* Provide their own DB implementation
 	// can copy this file and use something other than the
 	// node.NewDefault function
-	nodeFunc := nm.NewDefault
+	nodeFunc := node.NewDefault

 	// Create & start node
 	rootCmd.AddCommand(cmd.NewRunNodeCmd(nodeFunc))

-	cmd := cli.PrepareBaseCmd(rootCmd, "TM", os.ExpandEnv(filepath.Join("$HOME", cfg.DefaultTendermintDir)))
+	cmd := cli.PrepareBaseCmd(rootCmd, "TM", os.ExpandEnv(filepath.Join("$HOME", config.DefaultTendermintDir)))
 	if err := cmd.Execute(); err != nil {
 		panic(err)
 	}
--- a/config/config.go
+++ b/config/config.go
@@ -4,7 +4,6 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -28,12 +27,6 @@ const (
 	ModeFull      = "full"
 	ModeValidator = "validator"
 	ModeSeed      = "seed"
-
-	BlockSyncV0 = "v0"
-	BlockSyncV2 = "v2"
-
-	MempoolV0 = "v0"
-	MempoolV1 = "v1"
 )

 // NOTE: Most of the structs & relevant comments + the
@@ -54,16 +47,14 @@ var (
 	defaultPrivValKeyName   = "priv_validator_key.json"
 	defaultPrivValStateName = "priv_validator_state.json"

-	defaultNodeKeyName  = "node_key.json"
-	defaultAddrBookName = "addrbook.json"
+	defaultNodeKeyName = "node_key.json"

 	defaultConfigFilePath   = filepath.Join(defaultConfigDir, defaultConfigFileName)
 	defaultGenesisJSONPath  = filepath.Join(defaultConfigDir, defaultGenesisJSONName)
 	defaultPrivValKeyPath   = filepath.Join(defaultConfigDir, defaultPrivValKeyName)
 	defaultPrivValStatePath = filepath.Join(defaultDataDir, defaultPrivValStateName)

-	defaultNodeKeyPath  = filepath.Join(defaultConfigDir, defaultNodeKeyName)
-	defaultAddrBookPath = filepath.Join(defaultConfigDir, defaultAddrBookName)
+	defaultNodeKeyPath = filepath.Join(defaultConfigDir, defaultNodeKeyName)
 )

 // Config defines the top level configuration for a Tendermint node
@@ -76,7 +67,6 @@ type Config struct {
 	P2P             *P2PConfig             `mapstructure:"p2p"`
 	Mempool         *MempoolConfig         `mapstructure:"mempool"`
 	StateSync       *StateSyncConfig       `mapstructure:"statesync"`
-	BlockSync       *BlockSyncConfig       `mapstructure:"fastsync"`
 	Consensus       *ConsensusConfig       `mapstructure:"consensus"`
 	TxIndex         *TxIndexConfig         `mapstructure:"tx-index"`
 	Instrumentation *InstrumentationConfig `mapstructure:"instrumentation"`
@@ -91,7 +81,6 @@ func DefaultConfig() *Config {
 		P2P:             DefaultP2PConfig(),
 		Mempool:         DefaultMempoolConfig(),
 		StateSync:       DefaultStateSyncConfig(),
-		BlockSync:       DefaultBlockSyncConfig(),
 		Consensus:       DefaultConsensusConfig(),
 		TxIndex:         DefaultTxIndexConfig(),
 		Instrumentation: DefaultInstrumentationConfig(),
@@ -114,7 +103,6 @@ func TestConfig() *Config {
 		P2P:             TestP2PConfig(),
 		Mempool:         TestMempoolConfig(),
 		StateSync:       TestStateSyncConfig(),
-		BlockSync:       TestBlockSyncConfig(),
 		Consensus:       TestConsensusConfig(),
 		TxIndex:         TestTxIndexConfig(),
 		Instrumentation: TestInstrumentationConfig(),
@@ -142,18 +130,12 @@ func (cfg *Config) ValidateBasic() error {
 	if err := cfg.RPC.ValidateBasic(); err != nil {
 		return fmt.Errorf("error in [rpc] section: %w", err)
 	}
-	if err := cfg.P2P.ValidateBasic(); err != nil {
-		return fmt.Errorf("error in [p2p] section: %w", err)
-	}
 	if err := cfg.Mempool.ValidateBasic(); err != nil {
 		return fmt.Errorf("error in [mempool] section: %w", err)
 	}
 	if err := cfg.StateSync.ValidateBasic(); err != nil {
 		return fmt.Errorf("error in [statesync] section: %w", err)
 	}
-	if err := cfg.BlockSync.ValidateBasic(); err != nil {
-		return fmt.Errorf("error in [fastsync] section: %w", err)
-	}
 	if err := cfg.Consensus.ValidateBasic(); err != nil {
 		return fmt.Errorf("error in [consensus] section: %w", err)
 	}
@@ -194,12 +176,6 @@ type BaseConfig struct { //nolint: maligned
 	//   - No priv_validator_key.json, priv_validator_state.json
 	Mode string `mapstructure:"mode"`

-	// If this node is many blocks behind the tip of the chain, FastSync
-	// allows them to catchup quickly by downloading blocks in parallel
-	// and verifying their commits
-	// TODO: This should be moved to the blocksync config
-	FastSyncMode bool `mapstructure:"fast-sync"`
-
 	// Database backend: goleveldb | cleveldb | boltdb | rocksdb
 	// * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
 	//   - pure go
@@ -242,23 +218,24 @@ type BaseConfig struct { //nolint: maligned
 	// If true, query the ABCI app on connecting to a new peer
 	// so the app can decide if we should keep the connection or not
 	FilterPeers bool `mapstructure:"filter-peers"` // false
+
+	Other map[string]interface{} `mapstructure:",remain"`
 }

 // DefaultBaseConfig returns a default base configuration for a Tendermint node
 func DefaultBaseConfig() BaseConfig {
 	return BaseConfig{
-		Genesis:      defaultGenesisJSONPath,
-		NodeKey:      defaultNodeKeyPath,
-		Mode:         defaultMode,
-		Moniker:      defaultMoniker,
-		ProxyApp:     "tcp://127.0.0.1:26658",
-		ABCI:         "socket",
-		LogLevel:     DefaultLogLevel,
-		LogFormat:    log.LogFormatPlain,
-		FastSyncMode: true,
-		FilterPeers:  false,
-		DBBackend:    "goleveldb",
-		DBPath:       "data",
+		Genesis:     defaultGenesisJSONPath,
+		NodeKey:     defaultNodeKeyPath,
+		Mode:        defaultMode,
+		Moniker:     defaultMoniker,
+		ProxyApp:    "tcp://127.0.0.1:26658",
+		ABCI:        "socket",
+		LogLevel:    DefaultLogLevel,
+		LogFormat:   log.LogFormatPlain,
+		FilterPeers: false,
+		DBBackend:   "goleveldb",
+		DBPath:      "data",
 	}
 }

@@ -268,7 +245,6 @@ func TestBaseConfig() BaseConfig {
 	cfg.chainID = "tendermint_test"
 	cfg.Mode = ModeValidator
 	cfg.ProxyApp = "kvstore"
-	cfg.FastSyncMode = false
 	cfg.DBBackend = "memdb"
 	return cfg
 }
@@ -289,7 +265,7 @@ func (cfg BaseConfig) NodeKeyFile() string {

 // LoadNodeKey loads NodeKey located in filePath.
 func (cfg BaseConfig) LoadNodeKeyID() (types.NodeID, error) {
-	jsonBytes, err := ioutil.ReadFile(cfg.NodeKeyFile())
+	jsonBytes, err := os.ReadFile(cfg.NodeKeyFile())
 	if err != nil {
 		return "", err
 	}
@@ -445,24 +421,10 @@ type RPCConfig struct {
 	// A list of non simple headers the client is allowed to use with cross-domain requests.
 	CORSAllowedHeaders []string `mapstructure:"cors-allowed-headers"`

-	// TCP or UNIX socket address for the gRPC server to listen on
-	// NOTE: This server only supports /broadcast_tx_commit
-	// Deprecated: gRPC in the RPC layer of Tendermint will be removed in 0.36.
-	GRPCListenAddress string `mapstructure:"grpc-laddr"`
-
-	// Maximum number of simultaneous connections.
-	// Does not include RPC (HTTP&WebSocket) connections. See max-open-connections
-	// If you want to accept a larger number than the default, make sure
-	// you increase your OS limits.
-	// 0 - unlimited.
-	// Deprecated: gRPC in the RPC layer of Tendermint will be removed in 0.36.
-	GRPCMaxOpenConnections int `mapstructure:"grpc-max-open-connections"`
-
 	// Activate unsafe RPC commands like /dial-persistent-peers and /unsafe-flush-mempool
 	Unsafe bool `mapstructure:"unsafe"`

 	// Maximum number of simultaneous connections (including WebSocket).
-	// Does not include gRPC connections. See grpc-max-open-connections
 	// If you want to accept a larger number than the default, make sure
 	// you increase your OS limits.
 	// 0 - unlimited.
@@ -476,7 +438,7 @@ type RPCConfig struct {
 	MaxSubscriptionClients int `mapstructure:"max-subscription-clients"`

 	// Maximum number of unique queries a given client can /subscribe to
-	// If you're using GRPC (or Local RPC client) and /broadcast_tx_commit, set
+	// If you're using a Local RPC client and /broadcast_tx_commit, set this
 	// to the estimated maximum number of broadcast_tx_commit calls per block.
 	MaxSubscriptionsPerClient int `mapstructure:"max-subscriptions-per-client"`

@@ -517,12 +479,10 @@ type RPCConfig struct {
 // DefaultRPCConfig returns a default configuration for the RPC server
 func DefaultRPCConfig() *RPCConfig {
 	return &RPCConfig{
-		ListenAddress:          "tcp://127.0.0.1:26657",
-		CORSAllowedOrigins:     []string{},
-		CORSAllowedMethods:     []string{http.MethodHead, http.MethodGet, http.MethodPost},
-		CORSAllowedHeaders:     []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time"},
-		GRPCListenAddress:      "",
-		GRPCMaxOpenConnections: 900,
+		ListenAddress:      "tcp://127.0.0.1:26657",
+		CORSAllowedOrigins: []string{},
+		CORSAllowedMethods: []string{http.MethodHead, http.MethodGet, http.MethodPost},
+		CORSAllowedHeaders: []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time"},

 		Unsafe:             false,
 		MaxOpenConnections: 900,
@@ -543,7 +503,6 @@ func DefaultRPCConfig() *RPCConfig {
 func TestRPCConfig() *RPCConfig {
 	cfg := DefaultRPCConfig()
 	cfg.ListenAddress = "tcp://127.0.0.1:36657"
-	cfg.GRPCListenAddress = "tcp://127.0.0.1:36658"
 	cfg.Unsafe = true
 	return cfg
 }
@@ -551,9 +510,6 @@ func TestRPCConfig() *RPCConfig {
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg *RPCConfig) ValidateBasic() error {
-	if cfg.GRPCMaxOpenConnections < 0 {
-		return errors.New("grpc-max-open-connections can't be negative")
-	}
 	if cfg.MaxOpenConnections < 0 {
 		return errors.New("max-open-connections can't be negative")
 	}
@@ -631,25 +587,6 @@ type P2PConfig struct { //nolint: maligned
 	// UPNP port forwarding
 	UPNP bool `mapstructure:"upnp"`

-	// Path to address book
-	AddrBook string `mapstructure:"addr-book-file"`
-
-	// Set true for strict address routability rules
-	// Set false for private or local networks
-	AddrBookStrict bool `mapstructure:"addr-book-strict"`
-
-	// Maximum number of inbound peers
-	//
-	// TODO: Remove once p2p refactor is complete in favor of MaxConnections.
-	// ref: https://github.com/tendermint/tendermint/issues/5670
-	MaxNumInboundPeers int `mapstructure:"max-num-inbound-peers"`
-
-	// Maximum number of outbound peers to connect to, excluding persistent peers.
-	//
-	// TODO: Remove once p2p refactor is complete in favor of MaxConnections.
-	// ref: https://github.com/tendermint/tendermint/issues/5670
-	MaxNumOutboundPeers int `mapstructure:"max-num-outbound-peers"`
-
 	// MaxConnections defines the maximum number of connected peers (inbound and
 	// outbound).
 	MaxConnections uint16 `mapstructure:"max-connections"`
@@ -658,11 +595,15 @@ type P2PConfig struct { //nolint: maligned
 	// attempts per IP address.
 	MaxIncomingConnectionAttempts uint `mapstructure:"max-incoming-connection-attempts"`

-	// List of node IDs, to which a connection will be (re)established ignoring any existing limits
-	UnconditionalPeerIDs string `mapstructure:"unconditional-peer-ids"`
+	// Set true to enable the peer-exchange reactor
+	PexReactor bool `mapstructure:"pex"`

-	// Maximum pause when redialing a persistent peer (if zero, exponential backoff is used)
-	PersistentPeersMaxDialPeriod time.Duration `mapstructure:"persistent-peers-max-dial-period"`
+	// Comma separated list of peer IDs to keep private (will not be gossiped to
+	// other peers)
+	PrivatePeerIDs string `mapstructure:"private-peer-ids"`
+
+	// Toggle to disable guard against peers connecting from the same ip.
+	AllowDuplicateIP bool `mapstructure:"allow-duplicate-ip"`

 	// Time to wait before flushing messages out on the connection
 	FlushThrottleTimeout time.Duration `mapstructure:"flush-throttle-timeout"`
@@ -676,16 +617,6 @@ type P2PConfig struct { //nolint: maligned
 	// Rate at which packets can be received, in bytes/second
 	RecvRate int64 `mapstructure:"recv-rate"`

-	// Set true to enable the peer-exchange reactor
-	PexReactor bool `mapstructure:"pex"`
-
-	// Comma separated list of peer IDs to keep private (will not be gossiped to
-	// other peers)
-	PrivatePeerIDs string `mapstructure:"private-peer-ids"`
-
-	// Toggle to disable guard against peers connecting from the same ip.
-	AllowDuplicateIP bool `mapstructure:"allow-duplicate-ip"`
-
 	// Peer connection configuration.
 	HandshakeTimeout time.Duration `mapstructure:"handshake-timeout"`
 	DialTimeout      time.Duration `mapstructure:"dial-timeout"`
@@ -694,13 +625,8 @@ type P2PConfig struct { //nolint: maligned
 	// Force dial to fail
 	TestDialFail bool `mapstructure:"test-dial-fail"`

-	// UseLegacy enables the "legacy" P2P implementation and
-	// disables the newer default implementation. This flag will
-	// be removed in a future release.
-	UseLegacy bool `mapstructure:"use-legacy"`
-
 	// Makes it possible to configure which queue backend the p2p
-	// layer uses. Options are: "fifo", "priority" and "wdrr",
+	// layer uses. Options are: "fifo" and "priority",
 	// with the default being "priority".
 	QueueType string `mapstructure:"queue-type"`
 }
@@ -711,13 +637,8 @@ func DefaultP2PConfig() *P2PConfig {
 		ListenAddress:                 "tcp://0.0.0.0:26656",
 		ExternalAddress:               "",
 		UPNP:                          false,
-		AddrBook:                      defaultAddrBookPath,
-		AddrBookStrict:                true,
-		MaxNumInboundPeers:            40,
-		MaxNumOutboundPeers:           10,
 		MaxConnections:                64,
 		MaxIncomingConnectionAttempts: 100,
-		PersistentPeersMaxDialPeriod:  0 * time.Second,
 		FlushThrottleTimeout:          100 * time.Millisecond,
 		// The MTU (Maximum Transmission Unit) for Ethernet is 1500 bytes.
 		// The IP header and the TCP header take up 20 bytes each at least (unless
@@ -733,39 +654,15 @@ func DefaultP2PConfig() *P2PConfig {
 		DialTimeout:             3 * time.Second,
 		TestDialFail:            false,
 		QueueType:               "priority",
-		UseLegacy:               false,
 	}
 }

-// TestP2PConfig returns a configuration for testing the peer-to-peer layer
-func TestP2PConfig() *P2PConfig {
-	cfg := DefaultP2PConfig()
-	cfg.ListenAddress = "tcp://127.0.0.1:36656"
-	cfg.FlushThrottleTimeout = 10 * time.Millisecond
-	cfg.AllowDuplicateIP = true
-	return cfg
-}
-
-// AddrBookFile returns the full path to the address book
-func (cfg *P2PConfig) AddrBookFile() string {
-	return rootify(cfg.AddrBook, cfg.RootDir)
-}
-
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg *P2PConfig) ValidateBasic() error {
-	if cfg.MaxNumInboundPeers < 0 {
-		return errors.New("max-num-inbound-peers can't be negative")
-	}
-	if cfg.MaxNumOutboundPeers < 0 {
-		return errors.New("max-num-outbound-peers can't be negative")
-	}
 	if cfg.FlushThrottleTimeout < 0 {
 		return errors.New("flush-throttle-timeout can't be negative")
 	}
-	if cfg.PersistentPeersMaxDialPeriod < 0 {
-		return errors.New("persistent-peers-max-dial-period can't be negative")
-	}
 	if cfg.MaxPacketMsgPayloadSize < 0 {
 		return errors.New("max-packet-msg-payload-size can't be negative")
 	}
@@ -778,12 +675,21 @@ func (cfg *P2PConfig) ValidateBasic() error {
 	return nil
 }

+// TestP2PConfig returns a configuration for testing the peer-to-peer layer
+func TestP2PConfig() *P2PConfig {
+	cfg := DefaultP2PConfig()
+	cfg.ListenAddress = "tcp://127.0.0.1:36656"
+	cfg.AllowDuplicateIP = true
+	cfg.FlushThrottleTimeout = 10 * time.Millisecond
+
+	return cfg
+}
+
 //-----------------------------------------------------------------------------
 // MempoolConfig

 // MempoolConfig defines the configuration options for the Tendermint mempool.
 type MempoolConfig struct {
-	Version   string `mapstructure:"version"`
 	RootDir   string `mapstructure:"home"`
 	Recheck   bool   `mapstructure:"recheck"`
 	Broadcast bool   `mapstructure:"broadcast"`
@@ -833,7 +739,6 @@ type MempoolConfig struct {
 // DefaultMempoolConfig returns a default configuration for the Tendermint mempool.
 func DefaultMempoolConfig() *MempoolConfig {
 	return &MempoolConfig{
-		Version:   MempoolV1,
 		Recheck:   true,
 		Broadcast: true,
 		// Each signature verification takes .5ms, Size reduced until we implement
@@ -884,15 +789,46 @@ func (cfg *MempoolConfig) ValidateBasic() error {

 // StateSyncConfig defines the configuration for the Tendermint state sync service
 type StateSyncConfig struct {
-	Enable              bool          `mapstructure:"enable"`
-	TempDir             string        `mapstructure:"temp-dir"`
-	RPCServers          []string      `mapstructure:"rpc-servers"`
-	TrustPeriod         time.Duration `mapstructure:"trust-period"`
-	TrustHeight         int64         `mapstructure:"trust-height"`
-	TrustHash           string        `mapstructure:"trust-hash"`
-	DiscoveryTime       time.Duration `mapstructure:"discovery-time"`
+	// State sync rapidly bootstraps a new node by discovering, fetching, and restoring a
+	// state machine snapshot from peers instead of fetching and replaying historical
+	// blocks. Requires some peers in the network to take and serve state machine
+	// snapshots. State sync is not attempted if the node has any local state
+	// (LastBlockHeight > 0). The node will have a truncated block history, starting from
+	// the height of the snapshot.
+	Enable bool `mapstructure:"enable"`
+
+	// State sync uses light client verification to verify state. This can be done either
+	// through the P2P layer or the RPC layer. Set this to true to use the P2P layer. If
+	// false (default), the RPC layer will be used.
+	UseP2P bool `mapstructure:"use-p2p"`
+
+	// If using RPC, at least two addresses need to be provided. They should be compatible
+	// with net.Dial, for example: "host.example.com:2125".
+	RPCServers []string `mapstructure:"rpc-servers"`
+
+	// The hash and height of a trusted block. Must be within the trust-period.
+	TrustHeight int64  `mapstructure:"trust-height"`
+	TrustHash   string `mapstructure:"trust-hash"`
+
+	// The trust period should be set so that Tendermint can detect and gossip
+	// misbehavior before it is considered expired. For chains based on the Cosmos SDK,
+	// one day less than the unbonding period should suffice.
+	TrustPeriod time.Duration `mapstructure:"trust-period"`
+
+	// Time to spend discovering snapshots before initiating a restore.
+	DiscoveryTime time.Duration `mapstructure:"discovery-time"`
+
+	// Temporary directory for state sync snapshot chunks, defaults to os.TempDir().
+	// The synchronizer will create a new, randomly named directory within this directory
+	// and remove it when the sync is complete.
+	TempDir string `mapstructure:"temp-dir"`
+
+	// The timeout duration before re-requesting a chunk, possibly from a different
+	// peer (default: 15 seconds).
 	ChunkRequestTimeout time.Duration `mapstructure:"chunk-request-timeout"`
-	Fetchers            int32         `mapstructure:"fetchers"`
+
+	// The number of concurrent chunk and block fetchers to run (default: 4).
+	Fetchers int32 `mapstructure:"fetchers"`
 }

 func (cfg *StateSyncConfig) TrustHashBytes() []byte {
@@ -921,85 +857,56 @@ func TestStateSyncConfig() *StateSyncConfig {

 // ValidateBasic performs basic validation.
 func (cfg *StateSyncConfig) ValidateBasic() error {
-	if cfg.Enable {
-		if len(cfg.RPCServers) == 0 {
-			return errors.New("rpc-servers is required")
-		}
+	if !cfg.Enable {
+		return nil
+	}

+	// If we're not using the P2P stack then we need to validate the
+	// RPCServers
+	if !cfg.UseP2P {
 		if len(cfg.RPCServers) < 2 {
-			return errors.New("at least two rpc-servers entries is required")
+			return errors.New("at least two rpc-servers must be specified")
 		}

 		for _, server := range cfg.RPCServers {
-			if len(server) == 0 {
+			if server == "" {
 				return errors.New("found empty rpc-servers entry")
 			}
 		}
+	}

-		if cfg.DiscoveryTime != 0 && cfg.DiscoveryTime < 5*time.Second {
-			return errors.New("discovery time must be 0s or greater than five seconds")
-		}
+	if cfg.DiscoveryTime != 0 && cfg.DiscoveryTime < 5*time.Second {
+		return errors.New("discovery time must be 0s or greater than five seconds")
+	}

-		if cfg.TrustPeriod <= 0 {
-			return errors.New("trusted-period is required")
-		}
+	if cfg.TrustPeriod <= 0 {
+		return errors.New("trusted-period is required")
+	}

-		if cfg.TrustHeight <= 0 {
-			return errors.New("trusted-height is required")
-		}
+	if cfg.TrustHeight <= 0 {
+		return errors.New("trusted-height is required")
+	}

-		if len(cfg.TrustHash) == 0 {
-			return errors.New("trusted-hash is required")
-		}
+	if len(cfg.TrustHash) == 0 {
+		return errors.New("trusted-hash is required")
+	}

-		_, err := hex.DecodeString(cfg.TrustHash)
-		if err != nil {
-			return fmt.Errorf("invalid trusted-hash: %w", err)
-		}
+	_, err := hex.DecodeString(cfg.TrustHash)
+	if err != nil {
+		return fmt.Errorf("invalid trusted-hash: %w", err)
+	}

-		if cfg.ChunkRequestTimeout < 5*time.Second {
-			return errors.New("chunk-request-timeout must be at least 5 seconds")
-		}
+	if cfg.ChunkRequestTimeout < 5*time.Second {
+		return errors.New("chunk-request-timeout must be at least 5 seconds")
+	}

-		if cfg.Fetchers <= 0 {
-			return errors.New("fetchers is required")
-		}
+	if cfg.Fetchers <= 0 {
+		return errors.New("fetchers is required")
 	}

 	return nil
 }

-//-----------------------------------------------------------------------------
-
-// BlockSyncConfig (formerly known as FastSync) defines the configuration for the Tendermint block sync service
-type BlockSyncConfig struct {
-	Version string `mapstructure:"version"`
-}
-
-// DefaultBlockSyncConfig returns a default configuration for the block sync service
-func DefaultBlockSyncConfig() *BlockSyncConfig {
-	return &BlockSyncConfig{
-		Version: BlockSyncV0,
-	}
-}
-
-// TestBlockSyncConfig returns a default configuration for the block sync.
-func TestBlockSyncConfig() *BlockSyncConfig {
-	return DefaultBlockSyncConfig()
-}
-
-// ValidateBasic performs basic validation.
-func (cfg *BlockSyncConfig) ValidateBasic() error {
-	switch cfg.Version {
-	case BlockSyncV0:
-		return nil
-	case BlockSyncV2:
-		return errors.New("blocksync version v2 is no longer supported. Please use v0")
-	default:
-		return fmt.Errorf("unknown blocksync version %s", cfg.Version)
-	}
-}
-
 //-----------------------------------------------------------------------------
 // ConsensusConfig

--- a/config/config_test.go
+++ b/config/config_test.go
@@ -66,7 +66,6 @@ func TestRPCConfigValidateBasic(t *testing.T) {
 	assert.NoError(t, cfg.ValidateBasic())

 	fieldsToTest := []string{
-		"GRPCMaxOpenConnections",
 		"MaxOpenConnections",
 		"MaxSubscriptionClients",
 		"MaxSubscriptionsPerClient",
@@ -82,26 +81,6 @@ func TestRPCConfigValidateBasic(t *testing.T) {
 	}
 }

-func TestP2PConfigValidateBasic(t *testing.T) {
-	cfg := TestP2PConfig()
-	assert.NoError(t, cfg.ValidateBasic())
-
-	fieldsToTest := []string{
-		"MaxNumInboundPeers",
-		"MaxNumOutboundPeers",
-		"FlushThrottleTimeout",
-		"MaxPacketMsgPayloadSize",
-		"SendRate",
-		"RecvRate",
-	}
-
-	for _, fieldName := range fieldsToTest {
-		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
-		assert.Error(t, cfg.ValidateBasic())
-		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
-	}
-}
-
 func TestMempoolConfigValidateBasic(t *testing.T) {
 	cfg := TestMempoolConfig()
 	assert.NoError(t, cfg.ValidateBasic())
@@ -125,18 +104,6 @@ func TestStateSyncConfigValidateBasic(t *testing.T) {
 	require.NoError(t, cfg.ValidateBasic())
 }

-func TestBlockSyncConfigValidateBasic(t *testing.T) {
-	cfg := TestBlockSyncConfig()
-	assert.NoError(t, cfg.ValidateBasic())
-
-	// tamper with version
-	cfg.Version = "v2"
-	assert.Error(t, cfg.ValidateBasic())
-
-	cfg.Version = "invalid"
-	assert.Error(t, cfg.ValidateBasic())
-}
-
 func TestConsensusConfig_ValidateBasic(t *testing.T) {
 	// nolint: lll
 	testcases := map[string]struct {
@@ -187,3 +154,21 @@ func TestInstrumentationConfigValidateBasic(t *testing.T) {
 	cfg.MaxOpenConnections = -1
 	assert.Error(t, cfg.ValidateBasic())
 }
+
+func TestP2PConfigValidateBasic(t *testing.T) {
+	cfg := TestP2PConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"FlushThrottleTimeout",
+		"MaxPacketMsgPayloadSize",
+		"SendRate",
+		"RecvRate",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
--- a/config/db.go
+++ b/config/db.go
@@ -1,13 +1,16 @@
 package config

 import (
+	"context"
+
+	dbm "github.com/tendermint/tm-db"
+
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/libs/service"
-	db "github.com/tendermint/tm-db"
 )

 // ServiceProvider takes a config and a logger and returns a ready to go Node.
-type ServiceProvider func(*Config, log.Logger) (service.Service, error)
+type ServiceProvider func(context.Context, *Config, log.Logger) (service.Service, error)

 // DBContext specifies config information for loading a new DB.
 type DBContext struct {
@@ -16,11 +19,11 @@ type DBContext struct {
 }

 // DBProvider takes a DBContext and returns an instantiated DB.
-type DBProvider func(*DBContext) (db.DB, error)
+type DBProvider func(*DBContext) (dbm.DB, error)

 // DefaultDBProvider returns a database using the DBBackend and DBDir
 // specified in the Config.
-func DefaultDBProvider(ctx *DBContext) (db.DB, error) {
-	dbType := db.BackendType(ctx.Config.DBBackend)
-	return db.NewDB(ctx.ID, dbType, ctx.Config.DBDir())
+func DefaultDBProvider(ctx *DBContext) (dbm.DB, error) {
+	dbType := dbm.BackendType(ctx.Config.DBBackend)
+	return dbm.NewDB(ctx.ID, dbType, ctx.Config.DBDir())
 }
--- a/config/toml.go
+++ b/config/toml.go
@@ -3,7 +3,6 @@ package config
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -45,23 +44,29 @@ func EnsureRoot(rootDir string) {

 // WriteConfigFile renders config using the template and writes it to configFilePath.
 // This function is called by cmd/tendermint/commands/init.go
-func WriteConfigFile(rootDir string, config *Config) {
-	var buffer bytes.Buffer
-
-	if err := configTemplate.Execute(&buffer, config); err != nil {
-		panic(err)
-	}
-
-	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
-
-	mustWriteFile(configFilePath, buffer.Bytes(), 0644)
+func WriteConfigFile(rootDir string, config *Config) error {
+	return config.WriteToTemplate(filepath.Join(rootDir, defaultConfigFilePath))
 }

-func writeDefaultConfigFileIfNone(rootDir string) {
+// WriteToTemplate writes the config to the exact file specified by
+// the path, in the default toml template and does not mangle the path
+// or filename at all.
+func (cfg *Config) WriteToTemplate(path string) error {
+	var buffer bytes.Buffer
+
+	if err := configTemplate.Execute(&buffer, cfg); err != nil {
+		return err
+	}
+
+	return writeFile(path, buffer.Bytes(), 0644)
+}
+
+func writeDefaultConfigFileIfNone(rootDir string) error {
 	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
 	if !tmos.FileExists(configFilePath) {
-		WriteConfigFile(rootDir, DefaultConfig())
+		return WriteConfigFile(rootDir, DefaultConfig())
 	}
+	return nil
 }

 // Note: any changes to the comments/variables/mapstructure
@@ -97,11 +102,6 @@ moniker = "{{ .BaseConfig.Moniker }}"
 #   - No priv_validator_key.json, priv_validator_state.json
 mode = "{{ .BaseConfig.Mode }}"

-# If this node is many blocks behind the tip of the chain, FastSync
-# allows them to catchup quickly by downloading blocks in parallel
-# and verifying their commits
-fast-sync = {{ .BaseConfig.FastSyncMode }}
-
 # Database backend: goleveldb | cleveldb | boltdb | rocksdb | badgerdb
 # * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
 #   - pure go
@@ -164,15 +164,15 @@ state-file = "{{ js .PrivValidator.State }}"
 # when the listenAddr is prefixed with grpc instead of tcp it will use the gRPC Client
 laddr = "{{ .PrivValidator.ListenAddr }}"

-# Client certificate generated while creating needed files for secure connection.
+# Path to the client certificate generated while creating needed files for secure connection.
 # If a remote validator address is provided but no certificate, the connection will be insecure
 client-certificate-file = "{{ js .PrivValidator.ClientCertificate }}"

 # Client key generated while creating certificates for secure connection
-validator-client-key-file = "{{ js .PrivValidator.ClientKey }}"
+client-key-file = "{{ js .PrivValidator.ClientKey }}"

-# Path Root Certificate Authority used to sign both client and server certificates
-certificate-authority = "{{ js .PrivValidator.RootCA }}"
+# Path to the Root Certificate Authority used to sign both client and server certificates
+root-ca-file = "{{ js .PrivValidator.RootCA }}"


 #######################################################################
@@ -198,26 +198,10 @@ cors-allowed-methods = [{{ range .RPC.CORSAllowedMethods }}{{ printf "%q, " . }}
 # A list of non simple headers the client is allowed to use with cross-domain requests
 cors-allowed-headers = [{{ range .RPC.CORSAllowedHeaders }}{{ printf "%q, " . }}{{end}}]

-# TCP or UNIX socket address for the gRPC server to listen on
-# NOTE: This server only supports /broadcast_tx_commit
-# Deprecated gRPC  in the RPC layer of Tendermint will be deprecated in 0.36.
-grpc-laddr = "{{ .RPC.GRPCListenAddress }}"
-
-# Maximum number of simultaneous connections.
-# Does not include RPC (HTTP&WebSocket) connections. See max-open-connections
-# If you want to accept a larger number than the default, make sure
-# you increase your OS limits.
-# 0 - unlimited.
-# Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files}
-# 1024 - 40 - 10 - 50 = 924 = ~900
-# Deprecated gRPC  in the RPC layer of Tendermint will be deprecated in 0.36.
-grpc-max-open-connections = {{ .RPC.GRPCMaxOpenConnections }}
-
 # Activate unsafe RPC commands like /dial-seeds and /unsafe-flush-mempool
 unsafe = {{ .RPC.Unsafe }}

 # Maximum number of simultaneous connections (including WebSocket).
-# Does not include gRPC connections. See grpc-max-open-connections
 # If you want to accept a larger number than the default, make sure
 # you increase your OS limits.
 # 0 - unlimited.
@@ -231,8 +215,8 @@ max-open-connections = {{ .RPC.MaxOpenConnections }}
 max-subscription-clients = {{ .RPC.MaxSubscriptionClients }}

 # Maximum number of unique queries a given client can /subscribe to
-# If you're using GRPC (or Local RPC client) and /broadcast_tx_commit, set to
-# the estimated # maximum number of broadcast_tx_commit calls per block.
+# If you're using a Local RPC client and /broadcast_tx_commit, set this
+# to the estimated maximum number of broadcast_tx_commit calls per block.
 max-subscriptions-per-client = {{ .RPC.MaxSubscriptionsPerClient }}

 # How long to wait for a tx to be committed during /broadcast_tx_commit.
@@ -270,9 +254,6 @@ pprof-laddr = "{{ .RPC.PprofListenAddress }}"
 #######################################################
 [p2p]

-# Enable the new p2p layer.
-use-legacy = {{ .P2P.UseLegacy }}
-
 # Select the p2p internal queue
 queue-type = "{{ .P2P.QueueType }}"

@@ -304,49 +285,12 @@ persistent-peers = "{{ .P2P.PersistentPeers }}"
 # UPNP port forwarding
 upnp = {{ .P2P.UPNP }}

-# Path to address book
-addr-book-file = "{{ js .P2P.AddrBook }}"
-
-# Set true for strict address routability rules
-# Set false for private or local networks
-addr-book-strict = {{ .P2P.AddrBookStrict }}
-
-# Maximum number of inbound peers
-#
-# TODO: Remove once p2p refactor is complete in favor of MaxConnections.
-# ref: https://github.com/tendermint/tendermint/issues/5670
-max-num-inbound-peers = {{ .P2P.MaxNumInboundPeers }}
-
-# Maximum number of outbound peers to connect to, excluding persistent peers
-#
-# TODO: Remove once p2p refactor is complete in favor of MaxConnections.
-# ref: https://github.com/tendermint/tendermint/issues/5670
-max-num-outbound-peers = {{ .P2P.MaxNumOutboundPeers }}
-
 # Maximum number of connections (inbound and outbound).
 max-connections = {{ .P2P.MaxConnections }}

 # Rate limits the number of incoming connection attempts per IP address.
 max-incoming-connection-attempts = {{ .P2P.MaxIncomingConnectionAttempts }}

-# List of node IDs, to which a connection will be (re)established ignoring any existing limits
-unconditional-peer-ids = "{{ .P2P.UnconditionalPeerIDs }}"
-
-# Maximum pause when redialing a persistent peer (if zero, exponential backoff is used)
-persistent-peers-max-dial-period = "{{ .P2P.PersistentPeersMaxDialPeriod }}"
-
-# Time to wait before flushing messages out on the connection
-flush-throttle-timeout = "{{ .P2P.FlushThrottleTimeout }}"
-
-# Maximum size of a message packet payload, in bytes
-max-packet-msg-payload-size = {{ .P2P.MaxPacketMsgPayloadSize }}
-
-# Rate at which packets can be sent, in bytes/second
-send-rate = {{ .P2P.SendRate }}
-
-# Rate at which packets can be received, in bytes/second
-recv-rate = {{ .P2P.RecvRate }}
-
 # Set true to enable the peer-exchange reactor
 pex = {{ .P2P.PexReactor }}

@@ -361,16 +305,28 @@ allow-duplicate-ip = {{ .P2P.AllowDuplicateIP }}
 handshake-timeout = "{{ .P2P.HandshakeTimeout }}"
 dial-timeout = "{{ .P2P.DialTimeout }}"

+# Time to wait before flushing messages out on the connection
+# TODO: Remove once MConnConnection is removed.
+flush-throttle-timeout = "{{ .P2P.FlushThrottleTimeout }}"
+
+# Maximum size of a message packet payload, in bytes
+# TODO: Remove once MConnConnection is removed.
+max-packet-msg-payload-size = {{ .P2P.MaxPacketMsgPayloadSize }}
+
+# Rate at which packets can be sent, in bytes/second
+# TODO: Remove once MConnConnection is removed.
+send-rate = {{ .P2P.SendRate }}
+
+# Rate at which packets can be received, in bytes/second
+# TODO: Remove once MConnConnection is removed.
+recv-rate = {{ .P2P.RecvRate }}
+
+
 #######################################################
 ###          Mempool Configuration Option          ###
 #######################################################
 [mempool]

-# Mempool version to use:
-#   1) "v0" - The legacy non-prioritized mempool reactor.
-#   2) "v1" (default) - The prioritized mempool reactor.
-version = "{{ .Mempool.Version }}"
-
 recheck = {{ .Mempool.Recheck }}
 broadcast = {{ .Mempool.Broadcast }}

@@ -426,22 +382,30 @@ ttl-num-blocks = {{ .Mempool.TTLNumBlocks }}
 # starting from the height of the snapshot.
 enable = {{ .StateSync.Enable }}

-# RPC servers (comma-separated) for light client verification of the synced state machine and
-# retrieval of state data for node bootstrapping. Also needs a trusted height and corresponding
-# header hash obtained from a trusted source, and a period during which validators can be trusted.
-#
-# For Cosmos SDK-based chains, trust-period should usually be about 2/3 of the unbonding time (~2
-# weeks) during which they can be financially punished (slashed) for misbehavior.
+# State sync uses light client verification to verify state. This can be done either through the
+# P2P layer or RPC layer. Set this to true to use the P2P layer. If false (default), RPC layer
+# will be used.
+use-p2p = {{ .StateSync.UseP2P }}
+
+# If using RPC, at least two addresses need to be provided. They should be compatible with net.Dial,
+# for example: "host.example.com:2125"
 rpc-servers = "{{ StringsJoin .StateSync.RPCServers "," }}"
+
+# The hash and height of a trusted block. Must be within the trust-period.
 trust-height = {{ .StateSync.TrustHeight }}
 trust-hash = "{{ .StateSync.TrustHash }}"
+
+# The trust period should be set so that Tendermint can detect and gossip misbehavior before
+# it is considered expired. For chains based on the Cosmos SDK, one day less than the unbonding
+# period should suffice.
 trust-period = "{{ .StateSync.TrustPeriod }}"

 # Time to spend discovering snapshots before initiating a restore.
 discovery-time = "{{ .StateSync.DiscoveryTime }}"

-# Temporary directory for state sync snapshot chunks, defaults to the OS tempdir (typically /tmp).
-# Will create a new, randomly named directory within, and remove it when done.
+# Temporary directory for state sync snapshot chunks, defaults to os.TempDir().
+# The synchronizer will create a new, randomly named directory within this directory
+# and remove it when the sync is complete.
 temp-dir = "{{ .StateSync.TempDir }}"

 # The timeout duration before re-requesting a chunk, possibly from a different
@@ -451,16 +415,6 @@ chunk-request-timeout = "{{ .StateSync.ChunkRequestTimeout }}"
 # The number of concurrent chunk and block fetchers to run (default: 4).
 fetchers = "{{ .StateSync.Fetchers }}"

-#######################################################
-###       Block Sync Configuration Connections       ###
-#######################################################
-[fastsync]
-
-# Block Sync version to use:
-#   1) "v0" (default) - the legacy block sync implementation
-#   2) "v2" - DEPRECATED, please use v0
-version = "{{ .BlockSync.Version }}"
-
 #######################################################
 ###         Consensus Configuration Options         ###
 #######################################################
@@ -508,7 +462,7 @@ peer-query-maj23-sleep-duration = "{{ .Consensus.PeerQueryMaj23SleepDuration }}"
 [tx-index]

 # The backend database list to back the indexer.
-# If list contains null, meaning no indexer service will be used.
+# If list contains "null" or "", meaning no indexer service will be used.
 #
 # The application will set which txs to index. In some cases a node operator will be able
 # to decide which txs to index based on configuration set in the application.
@@ -516,8 +470,8 @@ peer-query-maj23-sleep-duration = "{{ .Consensus.PeerQueryMaj23SleepDuration }}"
 # Options:
 #   1) "null"
 #   2) "kv" (default) - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend).
-# 		- When "kv" is chosen "tx.height" and "tx.hash" will always be indexed.
 #   3) "psql" - the indexer services backed by PostgreSQL.
+# When "kv" or "psql" is chosen "tx.height" and "tx.hash" will always be indexed.
 indexer = [{{ range $i, $e := .TxIndex.Indexer }}{{if $i}}, {{end}}{{ printf "%q" $e}}{{end}}]

 # The PostgreSQL connection configuration, the connection format:
@@ -549,22 +503,22 @@ namespace = "{{ .Instrumentation.Namespace }}"

 /****** these are for test settings ***********/

-func ResetTestRoot(testName string) *Config {
+func ResetTestRoot(testName string) (*Config, error) {
 	return ResetTestRootWithChainID(testName, "")
 }

-func ResetTestRootWithChainID(testName string, chainID string) *Config {
+func ResetTestRootWithChainID(testName string, chainID string) (*Config, error) {
 	// create a unique, concurrency-safe test directory under os.TempDir()
-	rootDir, err := ioutil.TempDir("", fmt.Sprintf("%s-%s_", chainID, testName))
+	rootDir, err := os.MkdirTemp("", fmt.Sprintf("%s-%s_", chainID, testName))
 	if err != nil {
-		panic(err)
+		return nil, err
 	}
 	// ensure config and data subdirs are created
 	if err := tmos.EnsureDir(filepath.Join(rootDir, defaultConfigDir), DefaultDirPerm); err != nil {
-		panic(err)
+		return nil, err
 	}
 	if err := tmos.EnsureDir(filepath.Join(rootDir, defaultDataDir), DefaultDirPerm); err != nil {
-		panic(err)
+		return nil, err
 	}

 	conf := DefaultConfig()
@@ -573,26 +527,36 @@ func ResetTestRootWithChainID(testName string, chainID string) *Config {
 	privStateFilePath := filepath.Join(rootDir, conf.PrivValidator.State)

 	// Write default config file if missing.
-	writeDefaultConfigFileIfNone(rootDir)
+	if err := writeDefaultConfigFileIfNone(rootDir); err != nil {
+		return nil, err
+	}
+
 	if !tmos.FileExists(genesisFilePath) {
 		if chainID == "" {
 			chainID = "tendermint_test"
 		}
 		testGenesis := fmt.Sprintf(testGenesisFmt, chainID)
-		mustWriteFile(genesisFilePath, []byte(testGenesis), 0644)
+		if err := writeFile(genesisFilePath, []byte(testGenesis), 0644); err != nil {
+			return nil, err
+		}
 	}
 	// we always overwrite the priv val
-	mustWriteFile(privKeyFilePath, []byte(testPrivValidatorKey), 0644)
-	mustWriteFile(privStateFilePath, []byte(testPrivValidatorState), 0644)
+	if err := writeFile(privKeyFilePath, []byte(testPrivValidatorKey), 0644); err != nil {
+		return nil, err
+	}
+	if err := writeFile(privStateFilePath, []byte(testPrivValidatorState), 0644); err != nil {
+		return nil, err
+	}

 	config := TestConfig().SetRoot(rootDir)
-	return config
+	return config, nil
 }

-func mustWriteFile(filePath string, contents []byte, mode os.FileMode) {
-	if err := ioutil.WriteFile(filePath, contents, mode); err != nil {
-		tmos.Exit(fmt.Sprintf("failed to write file: %v", err))
+func writeFile(filePath string, contents []byte, mode os.FileMode) error {
+	if err := os.WriteFile(filePath, contents, mode); err != nil {
+		return fmt.Errorf("failed to write file: %w", err)
 	}
+	return nil
 }

 var testGenesisFmt = `{
--- a/config/toml_test.go
+++ b/config/toml_test.go
@@ -1,7 +1,6 @@
 package config

 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -23,22 +22,20 @@ func TestEnsureRoot(t *testing.T) {
 	require := require.New(t)

 	// setup temp dir for test
-	tmpDir, err := ioutil.TempDir("", "config-test")
-	require.Nil(err)
+	tmpDir, err := os.MkdirTemp("", "config-test")
+	require.NoError(err)
 	defer os.RemoveAll(tmpDir)

 	// create root dir
 	EnsureRoot(tmpDir)

-	WriteConfigFile(tmpDir, DefaultConfig())
+	require.NoError(WriteConfigFile(tmpDir, DefaultConfig()))

 	// make sure config is set properly
-	data, err := ioutil.ReadFile(filepath.Join(tmpDir, defaultConfigFilePath))
-	require.Nil(err)
+	data, err := os.ReadFile(filepath.Join(tmpDir, defaultConfigFilePath))
+	require.NoError(err)

-	if !checkConfig(string(data)) {
-		t.Fatalf("config file missing some information")
-	}
+	checkConfig(t, string(data))

 	ensureFiles(t, tmpDir, "data")
 }
@@ -49,17 +46,16 @@ func TestEnsureTestRoot(t *testing.T) {
 	testName := "ensureTestRoot"

 	// create root dir
-	cfg := ResetTestRoot(testName)
+	cfg, err := ResetTestRoot(testName)
+	require.NoError(err)
 	defer os.RemoveAll(cfg.RootDir)
 	rootDir := cfg.RootDir

 	// make sure config is set properly
-	data, err := ioutil.ReadFile(filepath.Join(rootDir, defaultConfigFilePath))
+	data, err := os.ReadFile(filepath.Join(rootDir, defaultConfigFilePath))
 	require.Nil(err)

-	if !checkConfig(string(data)) {
-		t.Fatalf("config file missing some information")
-	}
+	checkConfig(t, string(data))

 	// TODO: make sure the cfg returned and testconfig are the same!
 	baseConfig := DefaultBaseConfig()
@@ -67,16 +63,14 @@ func TestEnsureTestRoot(t *testing.T) {
 	ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, pvConfig.Key, pvConfig.State)
 }

-func checkConfig(configFile string) bool {
-	var valid bool
-
+func checkConfig(t *testing.T, configFile string) {
+	t.Helper()
 	// list of words we expect in the config
 	var elems = []string{
 		"moniker",
 		"seeds",
 		"proxy-app",
-		"fast_sync",
-		"create_empty_blocks",
+		"create-empty-blocks",
 		"peer",
 		"timeout",
 		"broadcast",
@@ -89,10 +83,7 @@ func checkConfig(configFile string) bool {
 	}
 	for _, e := range elems {
 		if !strings.Contains(configFile, e) {
-			valid = false
-		} else {
-			valid = true
+			t.Errorf("config file was expected to contain %s but did not", e)
 		}
 	}
-	return valid
 }
--- a/crypto/armor/armor.go
+++ b/crypto/armor/armor.go
@@ -1,39 +0,0 @@
-package armor
-
-import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-
-	"golang.org/x/crypto/openpgp/armor"
-)
-
-func EncodeArmor(blockType string, headers map[string]string, data []byte) string {
-	buf := new(bytes.Buffer)
-	w, err := armor.Encode(buf, blockType, headers)
-	if err != nil {
-		panic(fmt.Errorf("could not encode ascii armor: %s", err))
-	}
-	_, err = w.Write(data)
-	if err != nil {
-		panic(fmt.Errorf("could not encode ascii armor: %s", err))
-	}
-	err = w.Close()
-	if err != nil {
-		panic(fmt.Errorf("could not encode ascii armor: %s", err))
-	}
-	return buf.String()
-}
-
-func DecodeArmor(armorStr string) (blockType string, headers map[string]string, data []byte, err error) {
-	buf := bytes.NewBufferString(armorStr)
-	block, err := armor.Decode(buf)
-	if err != nil {
-		return "", nil, nil, err
-	}
-	data, err = ioutil.ReadAll(block.Body)
-	if err != nil {
-		return "", nil, nil, err
-	}
-	return block.Type, block.Header, data, nil
-}
--- a/crypto/armor/armor_test.go
+++ b/crypto/armor/armor_test.go
@@ -1,20 +0,0 @@
-package armor
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestArmor(t *testing.T) {
-	blockType := "MINT TEST"
-	data := []byte("somedata")
-	armorStr := EncodeArmor(blockType, nil, data)
-
-	// Decode armorStr and test for equivalence.
-	blockType2, _, data2, err := DecodeArmor(armorStr)
-	require.Nil(t, err, "%+v", err)
-	assert.Equal(t, blockType, blockType2)
-	assert.Equal(t, data, data2)
-}
--- a/crypto/encoding/codec.go
+++ b/crypto/encoding/codec.go
@@ -8,34 +8,34 @@ import (
 	"github.com/tendermint/tendermint/crypto/secp256k1"
 	"github.com/tendermint/tendermint/crypto/sr25519"
 	"github.com/tendermint/tendermint/libs/json"
-	pc "github.com/tendermint/tendermint/proto/tendermint/crypto"
+	cryptoproto "github.com/tendermint/tendermint/proto/tendermint/crypto"
 )

 func init() {
-	json.RegisterType((*pc.PublicKey)(nil), "tendermint.crypto.PublicKey")
-	json.RegisterType((*pc.PublicKey_Ed25519)(nil), "tendermint.crypto.PublicKey_Ed25519")
-	json.RegisterType((*pc.PublicKey_Secp256K1)(nil), "tendermint.crypto.PublicKey_Secp256K1")
+	json.RegisterType((*cryptoproto.PublicKey)(nil), "tendermint.crypto.PublicKey")
+	json.RegisterType((*cryptoproto.PublicKey_Ed25519)(nil), "tendermint.crypto.PublicKey_Ed25519")
+	json.RegisterType((*cryptoproto.PublicKey_Secp256K1)(nil), "tendermint.crypto.PublicKey_Secp256K1")
 }

 // PubKeyToProto takes crypto.PubKey and transforms it to a protobuf Pubkey
-func PubKeyToProto(k crypto.PubKey) (pc.PublicKey, error) {
-	var kp pc.PublicKey
+func PubKeyToProto(k crypto.PubKey) (cryptoproto.PublicKey, error) {
+	var kp cryptoproto.PublicKey
 	switch k := k.(type) {
 	case ed25519.PubKey:
-		kp = pc.PublicKey{
-			Sum: &pc.PublicKey_Ed25519{
+		kp = cryptoproto.PublicKey{
+			Sum: &cryptoproto.PublicKey_Ed25519{
 				Ed25519: k,
 			},
 		}
 	case secp256k1.PubKey:
-		kp = pc.PublicKey{
-			Sum: &pc.PublicKey_Secp256K1{
+		kp = cryptoproto.PublicKey{
+			Sum: &cryptoproto.PublicKey_Secp256K1{
 				Secp256K1: k,
 			},
 		}
 	case sr25519.PubKey:
-		kp = pc.PublicKey{
-			Sum: &pc.PublicKey_Sr25519{
+		kp = cryptoproto.PublicKey{
+			Sum: &cryptoproto.PublicKey_Sr25519{
 				Sr25519: k,
 			},
 		}
@@ -46,9 +46,9 @@ func PubKeyToProto(k crypto.PubKey) (pc.PublicKey, error) {
 }

 // PubKeyFromProto takes a protobuf Pubkey and transforms it to a crypto.Pubkey
-func PubKeyFromProto(k pc.PublicKey) (crypto.PubKey, error) {
+func PubKeyFromProto(k cryptoproto.PublicKey) (crypto.PubKey, error) {
 	switch k := k.Sum.(type) {
-	case *pc.PublicKey_Ed25519:
+	case *cryptoproto.PublicKey_Ed25519:
 		if len(k.Ed25519) != ed25519.PubKeySize {
 			return nil, fmt.Errorf("invalid size for PubKeyEd25519. Got %d, expected %d",
 				len(k.Ed25519), ed25519.PubKeySize)
@@ -56,7 +56,7 @@ func PubKeyFromProto(k pc.PublicKey) (crypto.PubKey, error) {
 		pk := make(ed25519.PubKey, ed25519.PubKeySize)
 		copy(pk, k.Ed25519)
 		return pk, nil
-	case *pc.PublicKey_Secp256K1:
+	case *cryptoproto.PublicKey_Secp256K1:
 		if len(k.Secp256K1) != secp256k1.PubKeySize {
 			return nil, fmt.Errorf("invalid size for PubKeySecp256k1. Got %d, expected %d",
 				len(k.Secp256K1), secp256k1.PubKeySize)
@@ -64,7 +64,7 @@ func PubKeyFromProto(k pc.PublicKey) (crypto.PubKey, error) {
 		pk := make(secp256k1.PubKey, secp256k1.PubKeySize)
 		copy(pk, k.Secp256K1)
 		return pk, nil
-	case *pc.PublicKey_Sr25519:
+	case *cryptoproto.PublicKey_Sr25519:
 		if len(k.Sr25519) != sr25519.PubKeySize {
 			return nil, fmt.Errorf("invalid size for PubKeySr25519. Got %d, expected %d",
 				len(k.Sr25519), sr25519.PubKeySize)
--- a/crypto/secp256k1/secp256k1_nocgo.go
+++ b/crypto/secp256k1/secp256k1_nocgo.go
@@ -1,3 +1,4 @@
+//go:build !libsecp256k1
 // +build !libsecp256k1

 package secp256k1
--- a/crypto/secp256k1/secp256k1_test.go
+++ b/crypto/secp256k1/secp256k1_test.go
@@ -5,14 +5,13 @@ import (
 	"math/big"
 	"testing"

+	underlyingSecp256k1 "github.com/btcsuite/btcd/btcec"
 	"github.com/btcsuite/btcutil/base58"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/secp256k1"
-
-	underlyingSecp256k1 "github.com/btcsuite/btcd/btcec"
 )

 type keyData struct {
@@ -36,8 +35,7 @@ func TestPubKeySecp256k1Address(t *testing.T) {
 		addrBbz, _, _ := base58.CheckDecode(d.addr)
 		addrB := crypto.Address(addrBbz)

-		var priv secp256k1.PrivKey = secp256k1.PrivKey(privB)
-
+		priv := secp256k1.PrivKey(privB)
 		pubKey := priv.PubKey()
 		pubT, _ := pubKey.(secp256k1.PubKey)
 		pub := pubT
--- a/crypto/xchacha20poly1305/xchachapoly_test.go
+++ b/crypto/xchacha20poly1305/xchachapoly_test.go
@@ -2,8 +2,8 @@ package xchacha20poly1305

 import (
 	"bytes"
-	cr "crypto/rand"
-	mr "math/rand"
+	crand "crypto/rand"
+	mrand "math/rand"
 	"testing"
 )

@@ -19,23 +19,23 @@ func TestRandom(t *testing.T) {
 		var nonce [24]byte
 		var key [32]byte

-		al := mr.Intn(128)
-		pl := mr.Intn(16384)
+		al := mrand.Intn(128)
+		pl := mrand.Intn(16384)
 		ad := make([]byte, al)
 		plaintext := make([]byte, pl)
-		_, err := cr.Read(key[:])
+		_, err := crand.Read(key[:])
 		if err != nil {
 			t.Errorf("error on read: %w", err)
 		}
-		_, err = cr.Read(nonce[:])
+		_, err = crand.Read(nonce[:])
 		if err != nil {
 			t.Errorf("error on read: %w", err)
 		}
-		_, err = cr.Read(ad)
+		_, err = crand.Read(ad)
 		if err != nil {
 			t.Errorf("error on read: %w", err)
 		}
-		_, err = cr.Read(plaintext)
+		_, err = crand.Read(plaintext)
 		if err != nil {
 			t.Errorf("error on read: %w", err)
 		}
@@ -59,7 +59,7 @@ func TestRandom(t *testing.T) {
 		}

 		if len(ad) > 0 {
-			alterAdIdx := mr.Intn(len(ad))
+			alterAdIdx := mrand.Intn(len(ad))
 			ad[alterAdIdx] ^= 0x80
 			if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
 				t.Errorf("random #%d: Open was successful after altering additional data", i)
@@ -67,14 +67,14 @@ func TestRandom(t *testing.T) {
 			ad[alterAdIdx] ^= 0x80
 		}

-		alterNonceIdx := mr.Intn(aead.NonceSize())
+		alterNonceIdx := mrand.Intn(aead.NonceSize())
 		nonce[alterNonceIdx] ^= 0x80
 		if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
 			t.Errorf("random #%d: Open was successful after altering nonce", i)
 		}
 		nonce[alterNonceIdx] ^= 0x80

-		alterCtIdx := mr.Intn(len(ct))
+		alterCtIdx := mrand.Intn(len(ct))
 		ct[alterCtIdx] ^= 0x80
 		if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
 			t.Errorf("random #%d: Open was successful after altering ciphertext", i)
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -34,6 +34,10 @@ module.exports = {
        "label": "v0.34",
        "key": "v0.34"
      },
+      {
+        "label": "v0.35",
+        "key": "v0.35"
+      },
      {
        "label": "master",
        "key": "master"
@@ -48,10 +52,6 @@ module.exports = {
        {
          title: 'Resources',
          children: [
-            {
-              title: 'Developer Sessions',
-              path: '/DEV_SESSIONS.html'
-            },
            {
              title: 'RPC',
              path: 'https://docs.tendermint.com/master/rpc/',
@@ -78,7 +78,7 @@ module.exports = {
    },
    footer: {
      question: {
-        text: 'Chat with Tendermint developers in <a href=\'https://discord.gg/vcExX9T\' target=\'_blank\'>Discord</a> or reach out on the <a href=\'https://forum.cosmos.network/c/tendermint\' target=\'_blank\'>Tendermint Forum</a> to learn more.'
+        text: 'Chat with Tendermint developers in <a href=\'https://discord.gg/cosmosnetwork\' target=\'_blank\'>Discord</a> or reach out on the <a href=\'https://forum.cosmos.network/c/tendermint\' target=\'_blank\'>Tendermint Forum</a> to learn more.'
      },
      logo: '/logo-bw.svg',
      textLink: {
--- a/docs/DOCS_README.md
+++ b/docs/DOCS_README.md
@@ -2,17 +2,27 @@

 The documentation for Tendermint Core is hosted at:

- <https://docs.tendermint.com/master/>
+- <https://docs.tendermint.com/>

-built from the files in this (`/docs`) directory for
-[master](https://github.com/tendermint/tendermint/tree/master/docs) respectively.
+built from the files in this [`docs` directory for `master`](https://github.com/tendermint/tendermint/tree/master/docs)
+and other supported release branches.

 ## How It Works

-There is a CircleCI job listening for changes in the `/docs` directory, on both
-the `master` branch. Any updates to files in this directory
-on those branches will automatically trigger a website deployment. Under the hood,
-the private website repository has a `make build-docs` target consumed by a CircleCI job in that repo.
+There is a [GitHub Actions workflow](https://github.com/tendermint/docs/actions/workflows/deployment.yml)
+in the `tendermint/docs` repository that clones and builds the documentation
+site from the contents of this `docs` directory, for `master` and for the
+backport branch of each supported release. Under the hood, this workflow runs
+`make build-docs` from the [Makefile](../Makefile#L214).
+
+The list of supported versions are defined in [`config.js`](./.vuepress/config.js),
+which defines the UI menu on the documentation site, and also in
+[`docs/versions`](./versions), which determines which branches are built.
+
+The last entry in the `docs/versions` file determines which version is linked
+by default from the generated `index.html`. This should generally be the most
+recent release, rather than `master`, so that new users are not confused by
+documentation for unreleased features.

 ## README

--- a/docs/app-dev/indexing-transactions.md
+++ b/docs/app-dev/indexing-transactions.md
@@ -62,7 +62,7 @@ be turned off regardless of other values provided.
 #### KV

 The `kv` indexer type is an embedded key-value store supported by the main
-underling Tendermint database. Using the `kv` indexer type allows you to query
+underlying Tendermint database. Using the `kv` indexer type allows you to query
 for block and transaction events directly against Tendermint's RPC. However, the
 query syntax is limited and so this indexer type might be deprecated or removed
 entirely in the future.
--- a/docs/app-dev/readme.md
+++ b/docs/app-dev/readme.md
@@ -1,7 +1,6 @@
 ---
 order: false
 parent:
+  title: "Building Applications"
  order: 3
---
-
-# Apps
+---
--- a/docs/architecture/adr-006-trust-metric.md
+++ b/docs/architecture/adr-006-trust-metric.md
@@ -178,7 +178,7 @@ type TrustMetricStore struct {
 }

 // OnStart implements Service
-func (tms *TrustMetricStore) OnStart() error {}
+func (tms *TrustMetricStore) OnStart(context.Context) error { return nil }

 // OnStop implements Service
 func (tms *TrustMetricStore) OnStop() {}
--- a/docs/architecture/adr-065-custom-event-indexing.md
+++ b/docs/architecture/adr-065-custom-event-indexing.md
@@ -25,6 +25,7 @@
 - April 28, 2021: Specify search capabilities are only supported through the KV indexer (@marbar3778)
 - May 19, 2021: Update the SQL schema and the eventsink interface (@jayt106)
 - Aug 30, 2021: Update the SQL schema and the psql implementation (@creachadair)
+- Oct 5, 2021: Clarify goals and implementation changes (@creachadair)

 ## Status

@@ -73,19 +74,38 @@ the database used.
 We will adopt a similar approach to that of the Cosmos SDK's `KVStore` state
 listening described in [ADR-038](https://github.com/cosmos/cosmos-sdk/blob/master/docs/architecture/adr-038-state-listening.md).

-Namely, we will perform the following:
+We will implement the following changes:

 - Introduce a new interface, `EventSink`, that all data sinks must implement.
 - Augment the existing `tx_index.indexer` configuration to now accept a series
-  of one or more indexer types, i.e sinks.
+  of one or more indexer types, i.e., sinks.
 - Combine the current `TxIndexer` and `BlockIndexer` into a single `KVEventSink`
  that implements the `EventSink` interface.
- Introduce an additional `EventSink` that is backed by [PostgreSQL](https://www.postgresql.org/).
-  - Implement the necessary schemas to support both block and transaction event
-  indexing.
+- Introduce an additional `EventSink` implementation that is backed by
+  [PostgreSQL](https://www.postgresql.org/).
+  - Implement the necessary schemas to support both block and transaction event indexing.
 - Update `IndexerService` to use a series of `EventSinks`.
- Proxy queries to the relevant sink's native query layer.
- Update all relevant RPC methods.
+
+In addition:
+
+- The Postgres indexer implementation will _not_ implement the proprietary `kv`
+  query language. Users wishing to write queries against the Postgres indexer
+  will connect to the underlying DBMS directly and use SQL queries based on the
+  indexing schema.
+
+  Future custom indexer implementations will not be required to support the
+  proprietary query language either.
+
+- For now, the existing `kv` indexer will be left in place with its current
+  query support, but will be marked as deprecated in a subsequent release, and
+  the documentation will be updated to encourage users who need to query the
+  event index to migrate to the Postgres indexer.
+
+- In the future we may remove the `kv` indexer entirely, or replace it with a
+  different implementation; that decision is deferred as future work.
+
+- In the future, we may remove the index query endpoints from the RPC service
+  entirely; that decision is deferred as future work, but recommended.


 ## Detailed Design
--- a/docs/architecture/adr-071-proposer-based-timestamps.md
+++ b/docs/architecture/adr-071-proposer-based-timestamps.md
@@ -1,45 +1,13 @@
 # ADR 71: Proposer-Based Timestamps

-* [Changelog](#changelog)
-* [Status](#status)
-* [Context](#context)
-* [Alternative Approaches](#alternative-approaches)
-	* [Remove timestamps altogether](#remove-timestamps-altogether)
-* [Decision](#decision)
-* [Detailed Design](#detailed-design)
-	* [Overview](#overview)
-	* [Proposal Timestamp and Block Timestamp](#proposal-timestamp-and-block-timestamp)
-	* [Saving the timestamp across heights](#saving-the-timestamp-across-heights)
-	* [Changes to `CommitSig`](#changes-to-commitsig)
-	* [Changes to `Commit`](#changes-to-commit)
-	* [Changes to `Vote` messages](#changes-to-vote-messages)
-	* [New consensus parameters](#new-consensus-parameters)
-	* [Changes to `Header`](#changes-to-header)
-	* [Changes to the block proposal step](#changes-to-the-block-proposal-step)
-		* [Proposer selects proposal timestamp](#proposer-selects-proposal-timestamp)
-		* [Proposer selects block timestamp](#proposer-selects-block-timestamp)
-		* [Proposer waits](#proposer-waits)
-		* [Changes to the propose step timeout](#changes-to-the-propose-step-timeout)
-	* [Changes to validation rules](#changes-to-validation-rules)
-		* [Proposal timestamp validation](#proposal-timestamp-validation)
-		* [Block timestamp validation](#block-timestamp-validation)
-	* [Changes to the prevote step](#changes-to-the-prevote-step)
-	* [Changes to the precommit step](#changes-to-the-precommit-step)
-	* [Changes to locking a block](#changes-to-locking-a-block)
-	* [Remove voteTime Completely](#remove-votetime-completely)
-* [Future Improvements](#future-improvements)
-* [Consequences](#consequences)
-	* [Positive](#positive)
-	* [Neutral](#neutral)
-	* [Negative](#negative)
-* [References](#references)
-
 ## Changelog

 - July 15 2021: Created by @williambanfield 
 - Aug 4 2021: Draft completed by @williambanfield
 - Aug 5 2021: Draft updated to include data structure changes by @williambanfield
 - Aug 20 2021: Language edits completed by @williambanfield
+ - Oct 25 2021: Update the ADR to match updated spec from @cason by @williambanfield
+ - Nov 10 2021: Additional language updates by @williambanfield per feedback from @cason

 ## Status

@@ -68,7 +36,7 @@ However, their currently known Unix time may be greatly divergent from the block
 The proposer-based timestamps specification suggests an alternative approach for producing block timestamps that remedies these issues.
 Proposer-based timestamps alter the current mechanism for producing block timestamps in two main ways:

-1. The block proposer is amended to offer up its currently known Unix time as the timestamp for the next block. 
+1. The block proposer is amended to offer up its currently known Unix time as the timestamp for the next block instead of the `BFTTime`.
 1. Correct validators only approve the proposed block timestamp if it is close enough to their own currently known Unix time. 

 The result of these changes is a more meaningful timestamp that cannot be controlled by `<= 2/3` of the validator voting power. 
@@ -111,45 +79,9 @@ Implementing proposer-based timestamps will require a few changes to Tendermint
 These changes will be to the following components:
 * The `internal/consensus/` package.
 * The `state/` package.
-* The `Vote`, `CommitSig`, `Commit` and `Header` types.
+* The `Vote`, `CommitSig` and `Header` types.
 * The consensus parameters.

-### Proposal Timestamp and Block Timestamp
-
-This design discusses two timestamps: (1) The timestamp in the block and (2) the timestamp in the proposal message.
-The existence and use of both of these timestamps can get a bit confusing, so some background is given here to clarify their uses.
-
-The [proposal message currently has a timestamp](https://github.com/tendermint/tendermint/blob/e5312942e30331e7c42b75426da2c6c9c00ae476/types/proposal.go#L31).
-This timestamp is the current Unix time known to the proposer when sending the `Proposal` message.
-This timestamp is not currently used as part of consensus.
-The changes in this ADR will begin using the proposal message timestamp as part of consensus.
-We will refer to this as the **proposal timestamp** throughout this design.
-
-The block has a timestamp field [in the header](https://github.com/tendermint/tendermint/blob/dc7c212c41a360bfe6eb38a6dd8c709bbc39aae7/types/block.go#L338).
-This timestamp is set currently as part of Tendermint’s `BFTtime` algorithm.
-It is set when a block is proposed and it is checked by the validators when they are deciding to prevote the block.
-This field will continue to be used but the logic for creating and validating this timestamp will change.
-We will refer to this as the **block timestamp** throughout this design.
-
-At a high level, the proposal timestamp from height `H` is used as the block timestamp at height `H+1`.
-The following image shows this relationship.
-The rest of this document describes the code changes that will make this possible.
-
-![](./img/pbts-message.png)
-
-### Saving the timestamp across heights
-
-Currently, `BFTtime` uses `LastCommit` to construct the block timestamp.
-The `LastCommit` is created at height `H-1` and is saved in the state store to be included in the block at height `H`.
-`BFTtime` takes the weighted median of the timestamps in `LastCommit.CommitSig` to build the timestamp for height `H`. 
-
-For proposer-based timestamps, the `LastCommit.CommitSig` timestamps will no longer be used to build the timestamps for height `H`.
-Instead, the proposal timestamp from height `H-1` will become the block timestamp for height `H`.
-To enable this, we will add a `Timestamp` field to the `Commit` struct.
-This field will be populated at each height with the proposal timestamp decided on at the previous height.
-This timestamp will also be saved with the rest of the commit in the state store [when the commit is finalized](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/internal/consensus/state.go#L1611) so that it can be recovered if Tendermint crashes.
-Changes to the `CommitSig` and `Commit` struct are detailed below. 
-
 ### Changes to `CommitSig`

 The [CommitSig](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/block.go#L604) struct currently contains a timestamp. 
@@ -167,32 +99,14 @@ type CommitSig struct {
 }
 ```

-### Changes to `Commit`
-
-The [Commit](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/block.go#L746) struct does not currently contain a timestamp. 
-The timestamps in the `Commit.CommitSig` entries are currently used to build the block timestamp.
-With these timestamps removed, the commit time will instead be stored in the `Commit` struct.
-
-`Commit` will be updated as follows. 
-
-```diff
-type Commit struct {
-	Height     int64       `json:"height"`
-	Round      int32       `json:"round"`
-++	Timestamp  time.Time  `json:"timestamp"` 
-	BlockID    BlockID     `json:"block_id"`
-	Signatures []CommitSig `json:"signatures"`
-}
-```
-
 ### Changes to `Vote` messages

 `Precommit` and `Prevote` messages use a common [Vote struct](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/vote.go#L50).
 This struct currently contains a timestamp.
 This timestamp is set using the [voteTime](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/internal/consensus/state.go#L2241) function and therefore vote times correspond to the current Unix time known to the validator.
 For precommits, this timestamp is used to construct the [CommitSig that is included in the block in the LastCommit](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/types/block.go#L754) field.
-For prevotes, this field is unused.
-Proposer-based timestamps will use the [RoundState.Proposal](https://github.com/tendermint/tendermint/blob/c3ae6f5b58e07b29c62bfdc5715b6bf8ae5ee951/internal/consensus/types/round_state.go#L76) timestamp to construct the `signedBytes` `CommitSig`.
+For prevotes, this field is currently unused.
+Proposer-based timestamps will use the timestamp that the proposer sets into the block and will therefore no longer require that a timestamp be included in the vote messages. 
 This timestamp is therefore no longer useful and will be dropped.

 `Vote` will be updated as follows:
@@ -250,58 +164,28 @@ type TimestampParams struct {
 }
 ```

-### Changes to `Header`
-
-The [Header](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/block.go#L338) struct currently contains a timestamp.
-This timestamp is set as the `BFTtime` derived from the block's `LastCommit.CommitSig` timestamps.
-This timestamp will no longer be derived from the `LastCommit.CommitSig` timestamps and will instead be included directly into the block's `LastCommit`.
-This timestamp will therfore be identical in both the `Header` and the `LastCommit`.
-To clarify that the timestamp in the header corresponds to the `LastCommit`'s time, we will rename this timestamp field to `last_timestamp`.
-
-`Header` will be updated as follows:
-
-```diff
-type Header struct {
-	// basic block info
-	Version       version.Consensus `json:"version"`
-	ChainID       string            `json:"chain_id"`
-	Height        int64             `json:"height"`
--	Time          time.Time         `json:"time"`
-++	LastTimestamp time.Time         `json:"last_timestamp"`
-
-	// prev block info
-	LastBlockID BlockID `json:"last_block_id"`
-
-	// hashes of block data
-	LastCommitHash tmbytes.HexBytes `json:"last_commit_hash"`
-	DataHash       tmbytes.HexBytes `json:"data_hash"`
-
-	// hashes from the app output from the prev block
-	ValidatorsHash     tmbytes.HexBytes `json:"validators_hash"`
-	NextValidatorsHash tmbytes.HexBytes `json:"next_validators_hash"`
-	ConsensusHash      tmbytes.HexBytes `json:"consensus_hash"`
-	AppHash            tmbytes.HexBytes `json:"app_hash"`
-
-	// root hash of all results from the txs from the previous block
-	LastResultsHash tmbytes.HexBytes `json:"last_results_hash"`
-
-	// consensus info
-	EvidenceHash    tmbytes.HexBytes `json:"evidence_hash"`
-	ProposerAddress Address          `json:"proposer_address"`
-}
-```
-
 ### Changes to the block proposal step

-#### Proposer selects proposal timestamp
-
-The proposal logic already [sets the Unix time known to the validator](https://github.com/tendermint/tendermint/blob/2abfe20114ee3bb3adfee817589033529a804e4d/types/proposal.go#L44) into the `Proposal` message.
-This satisfies the proposer-based timestamp specification and does not need to change. 
-
 #### Proposer selects block timestamp

-The proposal timestamp that was decided in height `H-1` will be stored in the `State` struct's in the `RoundState.LastCommit` field.
-The proposer will select this timestamp to use as the block timestamp at height `H`.
+Tendermint currently uses the `BFTTime` algorithm to produce the block's `Header.Timestamp`.
+The [proposal logic](https://github.com/tendermint/tendermint/blob/68ca65f5d79905abd55ea999536b1a3685f9f19d/internal/state/state.go#L269) sets the weighted median of the times in the `LastCommit.CommitSigs` as the proposed block's `Header.Timestamp`.
+
+In proposer-based timestamps, the proposer will still set a timestamp into the `Header.Timestamp`.
+The timestamp the proposer sets into the `Header` will change depending on if the block has previously received a [polka](https://github.com/tendermint/tendermint/blob/053651160f496bb44b107a434e3e6482530bb287/docs/introduction/what-is-tendermint.md#consensus-overview) or not.
+
+#### Proposal of a block that has not previously received a polka
+
+If a proposer is proposing a new block, then it will set the Unix time currently known to the proposer into the `Header.Timestamp` field.
+The proposer will also set this same timestamp into the `Timestamp` field of the `Proposal` message that it issues.
+
+#### Re-proposal of a block that has previously received a polka
+
+If a proposer is re-proposing a block that has previously received a polka on the network, then the proposer does not update the `Header.Timestamp` of that block.
+Instead, the proposer simply re-proposes the exact same block.
+This way, the proposed block has the exact same block ID as the previously proposed block and the validators that have already received that block do not need to attempt to receive it again. 
+
+The proposer will set the re-proposed block's `Header.Timestamp` as the `Proposal` message's `Timestamp`.

 #### Proposer waits

@@ -310,72 +194,94 @@ In `BFTTime`, if a validator’s clock was behind, the [validator added 1 millis
 A goal of adding proposer-based timestamps is to enforce some degree of clock synchronization, so having a mechanism that completely ignores the Unix time of the validator time no longer works.

 Validator clocks will not be perfectly in sync.
-Therefore, the proposer’s current known Unix time may be less than the `LastCommit.Timestamp`.
-If the proposer’s current known Unix time is less than the `LastCommit.Timestamp`, the proposer will sleep until its known Unix time exceeds `LastCommit.Timestamp`.
+Therefore, the proposer’s current known Unix time may be less than the previous block's `Header.Time`.
+If the proposer’s current known Unix time is less than the previous block's `Header.Time`, the proposer will sleep until its known Unix time exceeds it.

 This change will require amending the [defaultDecideProposal](https://github.com/tendermint/tendermint/blob/822893615564cb20b002dd5cf3b42b8d364cb7d9/internal/consensus/state.go#L1180) method.
-This method should now block until the proposer’s time is greater than `LastCommit.Timestamp`.
+This method should now schedule a timeout that fires when the proposer’s time is greater than the previous block's `Header.Time`.
+When the timeout fires, the proposer will finally issue the `Proposal` message. 

 #### Changes to the propose step timeout

 Currently, a validator waiting for a proposal will proceed past the propose step if the configured propose timeout is reached and no proposal is seen.
-Proposer-based timestamps requires changing this timeout logic. 
+Proposer-based timestamps requires changing this timeout logic.

-The proposer will now wait until its current known Unix time exceeds the `LastCommit.Timestamp` to propose a block.
+The proposer will now wait until its current known Unix time exceeds the previous block's `Header.Time` to propose a block.
 The validators must now take this and some other factors into account when deciding when to timeout the propose step.
 Specifically, the propose step timeout must also take into account potential inaccuracy in the validator’s clock and in the clock of the proposer.
 Additionally, there may be a delay communicating the proposal message from the proposer to the other validators. 

-Therefore, validators waiting for a proposal must wait until after the `LastCommit.Timestamp` before timing out.
-To account for possible inaccuracy in its own clock, inaccuracy in the proposer’s clock, and message delay, validators waiting for a proposal will wait until `LastCommit.Timesatmp + 2*ACCURACY + MSGDELAY`.
+Therefore, validators waiting for a proposal must wait until after the previous block's `Header.Time` before timing out.
+To account for possible inaccuracy in its own clock, inaccuracy in the proposer’s clock, and message delay, validators waiting for a proposal will wait until the previous block's `Header.Time + 2*ACCURACY + MSGDELAY`.
 The spec defines this as `waitingTime`.
 
 The [propose step’s timeout is set in enterPropose](https://github.com/tendermint/tendermint/blob/822893615564cb20b002dd5cf3b42b8d364cb7d9/internal/consensus/state.go#L1108) in `state.go`. 
 `enterPropose` will be changed to calculate waiting time using the new consensus parameters.
 The timeout in `enterPropose` will then be set as the maximum of `waitingTime` and the [configured proposal step timeout](https://github.com/tendermint/tendermint/blob/dc7c212c41a360bfe6eb38a6dd8c709bbc39aae7/config/config.go#L1013).

-### Changes to validation rules
+### Changes to proposal validation rules

-The rules for validating that a proposal is valid will need slight modification to implement proposer-based timestamps.
-Specifically, we will change the validation logic to ensure that the proposal timestamp is `timely` and we will modify the way the block timestamp is validated as well.
+The rules for validating a proposed block will be modification to implement proposer-based timestamps.
+We will change the validation logic to ensure that a proposal is `timely`.

-#### Proposal timestamp validation
+Per the proposer-based timestamps spec, `timely` only needs to be checked if a block has not received a +2/3 majority of `Prevotes` in a round.
+If a block previously received a +2/3 majority of prevotes in a previous round, then +2/3 of the voting power considered the block's timestamp near enough to their own currently known Unix time in that round.

-Adding proposal timestamp validation is a reasonably straightforward change.
-The current Unix time known to the proposer is already included in the [Proposal message](https://github.com/tendermint/tendermint/blob/dc7c212c41a360bfe6eb38a6dd8c709bbc39aae7/types/proposal.go#L31).
-Once the proposal is received, the complete message is stored in the `RoundState.Proposal` field.
-The precommit and prevote validation logic does not currently use this timestamp.
-This validation logic will be updated to check that the proposal timestamp is within `PRECISION` of the current Unix time known to the validators.
-If the timestamp is not within `PRECISION` of the current Unix time known to the validator, the proposal will not be considered it valid.
-The validator will also check that the proposal time is greater than the block timestamp from the previous height.
+The validation logic will be updated to check `timely` for blocks that did not previously receive +2/3 prevotes in a round. 
+Receiving +2/3 prevotes in a round is frequently referred to as a 'polka' and we will use this term for simplicity.

-If no valid proposal is received by the proposal timeout, the validator will prevote nil.
-This is identical to the current logic.
+#### Current timestamp validation logic

-#### Block timestamp validation
+To provide a better understanding of the changes needed to timestamp validation, we will first detail how timestamp validation works currently in Tendermint.

 The [validBlock function](https://github.com/tendermint/tendermint/blob/c3ae6f5b58e07b29c62bfdc5715b6bf8ae5ee951/state/validation.go#L14) currently [validates the proposed block timestamp in three ways](https://github.com/tendermint/tendermint/blob/c3ae6f5b58e07b29c62bfdc5715b6bf8ae5ee951/state/validation.go#L118).
 First, the validation logic checks that this timestamp is greater than the previous block’s timestamp.
-Additionally, it validates that the block timestamp is correctly calculated as the weighted median of the timestamps in the [block’s LastCommit](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/types/block.go#L48).
-Finally, the logic also authenticates the timestamps in the `LastCommit`.
-The cryptographic signature in each `CommitSig` is created by signing a hash of fields in the block with the validator’s private key.
-One of the items in this `signedBytes` hash is derived from the timestamp in the `CommitSig`.
-To authenticate the `CommitSig` timestamp, the validator builds a hash of fields that includes the timestamp and checks this hash against the provided signature. 
+
+Second, it validates that the block timestamp is correctly calculated as the weighted median of the timestamps in the [block’s LastCommit](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/types/block.go#L48).
+
+Finally, the validation logic authenticates the timestamps in the `LastCommit.CommitSig`.
+The cryptographic signature in each `CommitSig` is created by signing a hash of fields in the block with the voting validator’s private key.
+One of the items in this `signedBytes` hash is the timestamp in the `CommitSig`.
+To authenticate the `CommitSig` timestamp, the validator authenticating votes builds a hash of fields that includes the `CommitSig` timestamp and checks this hash against the signature.
 This takes place in the [VerifyCommit function](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/types/validation.go#L25).

-The logic to validate that the block timestamp is greater than the previous block’s timestamp also works for proposer-based timestamps and will not change.
+#### Remove unused timestamp validation logic

 `BFTTime` validation is no longer applicable and will be removed.
-Validators will no longer check that the block timestamp is a weighted median of `LastCommit` timestamps.
-This will mean removing the call to [MedianTime in the validateBlock function](https://github.com/tendermint/tendermint/blob/4db71da68e82d5cb732b235eeb2fd69d62114b45/state/validation.go#L117).
+This means that validators will no longer check that the block timestamp is a weighted median of `LastCommit` timestamps.
+Specifically, we will remove the call to [MedianTime in the validateBlock function](https://github.com/tendermint/tendermint/blob/4db71da68e82d5cb732b235eeb2fd69d62114b45/state/validation.go#L117).
 The `MedianTime` function can be completely removed. 
-The `LastCommit` timestamps may also be removed. 

-The `signedBytes` validation logic in `VerifyCommit` will be slightly altered.
-The `CommitSig`s in the block’s `LastCommit` will no longer each contain a timestamp.
-The validation logic will instead include the `LastCommit.Timestamp` in the hash of fields for generating the `signedBytes`.
-The cryptographic signatures included in the `CommitSig`s will then be checked against this `signedBytes` hash to authenticate the timestamp.
-Specifically, the `VerifyCommit` function will be updated to use this new timestamp.  
+Since `CommitSig`s will no longer contain a timestamp, the validator authenticating a commit will no longer include the `CommitSig` timestamp in the hash of fields it builds to check against the cryptographic signature.
+
+#### Timestamp validation when a block has not received a polka
+
+The [POLRound](https://github.com/tendermint/tendermint/blob/68ca65f5d79905abd55ea999536b1a3685f9f19d/types/proposal.go#L29) in the `Proposal` message indicates which round the block received a polka.
+A negative value in the `POLRound` field indicates that the block has not previously been proposed on the network. 
+Therefore the validation logic will check for timely when `POLRound < 0`.
+
+When a validator receives a `Proposal` message, the validator will check that the `Proposal.Timestamp` is at most `PRECISION` greater than the current Unix time known to the validator, and at minimum `PRECISION + MSGDELAY` less than the current Unix time known to the validator.
+If the timestamp is not within these bounds, the proposed block will not be considered `timely`.
+
+Once a full block matching the `Proposal` message is received, the validator will also check that the timestamp in the `Header.Timestamp` of the block matches this `Proposal.Timestamp`.
+Using the `Proposal.Timestamp` to check `timely` allows for the `MSGDELAY` parameter to be more finely tuned since `Proposal` messages do not change sizes and are therefore faster to gossip than full blocks across the network.
+
+A validator will also check that the proposed timestamp is greater than the timestamp of the block for the previous height.
+If the timestamp is not greater than the previous block's timestamp, the block will not be considered valid, which is the same as the current logic.
+
+#### Timestamp validation when a block has received a polka
+
+When a block is re-proposed that has already received a +2/3 majority of `Prevote`s on the network, the `Proposal` message for the re-proposed block is created with a `POLRound` that is `>= 0`.
+A validator will not check that the `Proposal` is `timely` if the propose message has a non-negative `POLRound`.
+If the `POLRound` is non-negative, each validator will simply ensure that it received the `Prevote` messages for the proposed block in the round indicated by `POLRound`.
+
+If the validator did not receive `Prevote` messages for the proposed block in `POLRound`, then it will prevote nil.
+Validators already check that +2/3 prevotes were seen in `POLRound`, so this does not represent a change to the prevote logic.
+
+A validator will also check that the proposed timestamp is greater than the timestamp of the block for the previous height.
+If the timestamp is not greater than the previous block's timestamp, the block will not be considered valid, which is the same as the current logic.
+
+Additionally, this validation logic can be updated to check that the `Proposal.Timestamp` matches the `Header.Timestamp` of the proposed block, but it is less relevant since checking that votes were received is sufficient to ensure the block timestamp is correct. 

 ### Changes to the prevote step

@@ -383,26 +289,14 @@ Currently, a validator will prevote a proposal in one of three cases:

 * Case 1:  Validator has no locked block and receives a valid proposal.
 * Case 2:  Validator has a locked block and receives a valid proposal matching its locked block.
-* Case 3:  Validator has a locked block, sees a valid proposal not matching its locked block but sees +⅔ prevotes for the new proposal’s block. 
+* Case 3:  Validator has a locked block, sees a valid proposal not matching its locked block but sees +⅔ prevotes for the proposal’s block, either in the current round or in a round greater than or equal to the round in which it locked its locked block. 

 The only change we will make to the prevote step is to what a validator considers a valid proposal as detailed above.

 ### Changes to the precommit step

 The precommit step will not require much modification.
-Its proposal validation rules will change in the same ways that validation will change in the prevote step.
-
-### Changes to locking a block
-When a validator receives a valid proposed block and +2/3 prevotes for that block, it stores the block as its ‘locked block’ in the [RoundState.ValidBlock](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/internal/consensus/types/round_state.go#L85) field.
-In each subsequent round it will prevote that block.
-A validator will only change which block it has locked if it sees +2/3 prevotes for a different block.
-
-This mechanism will remain largely unchanged.
-The only difference is the addition of proposal timestamp validation.
-A validator will prevote nil in a round if the proposal message it received is not `timely`.
-Prevoting nil in this case will not cause a validator to ‘unlock’ its locked block.
-This difference is an incidental result of the changes to prevote validation.
-It is included in this design for completeness and to clarify that no additional changes will be made to block locking. 
+Its proposal validation rules will change in the same ways that validation will change in the prevote step with the exception of the `timely` check: precommit validation will never check that the timestamp is `timely`.

 ### Remove voteTime Completely

--- a/docs/networks/README.md
+++ b/docs/networks/README.md
@@ -1,16 +0,0 @@
---
-order: 1
-parent:
-  title: Networks
-  order: 6
---
-
-# Overview
-
-Use [Docker Compose](./docker-compose.md) to spin up Tendermint testnets on your
-local machine.
-
-Use [Terraform and Ansible](./terraform-and-ansible.md) to deploy Tendermint
-testnets to the cloud.
-
-See the `tendermint testnet --help` command for more help initializing testnets.
--- a/docs/nodes/README.md
+++ b/docs/nodes/README.md
@@ -1,7 +1,7 @@
 ---
 order: 1
 parent:
-  title: Nodes
+  title: Node Operators
  order: 4
 ---

--- a/docs/nodes/configuration.md
+++ b/docs/nodes/configuration.md
@@ -16,8 +16,7 @@ the parameters set with their default values. It will look something
 like the file below, however, double check by inspecting the
 `config.toml` created with your version of `tendermint` installed:

-```toml
-# This is a TOML config file.
+```toml# This is a TOML config file.
 # For more information, see https://github.com/toml-lang/toml

 # NOTE: Any path below can be absolute (e.g. "/var/myawesomeapp/data") or
@@ -34,18 +33,14 @@ like the file below, however, double check by inspecting the
 proxy-app = "tcp://127.0.0.1:26658"

 # A custom human readable name for this node
-moniker = "anonymous"
+moniker = "ape"

-# If this node is many blocks behind the tip of the chain, BlockSync
-# allows them to catchup quickly by downloading blocks in parallel
-# and verifying their commits
-fast-sync = true

 # Mode of Node: full | validator | seed (default: "validator")
 # * validator node (default)
 #   - all reactors
 #   - with priv_validator_key.json, priv_validator_state.json
-# * full node 
+# * full node
 #   - all reactors
 #   - No priv_validator_key.json, priv_validator_state.json
 # * seed node
@@ -53,6 +48,11 @@ fast-sync = true
 #   - No priv_validator_key.json, priv_validator_state.json
 mode = "validator"

+# If this node is many blocks behind the tip of the chain, FastSync
+# allows them to catchup quickly by downloading blocks in parallel
+# and verifying their commits
+fast-sync = true
+
 # Database backend: goleveldb | cleveldb | boltdb | rocksdb | badgerdb
 # * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
 #   - pure go
@@ -88,16 +88,6 @@ log-format = "plain"
 # Path to the JSON file containing the initial validator set and other meta data
 genesis-file = "config/genesis.json"

-# Path to the JSON file containing the private key to use as a validator in the consensus protocol
-priv-validator-key-file = "config/priv_validator_key.json"
-
-# Path to the JSON file containing the last sign state of a validator
-priv-validator-state-file = "data/priv_validator_state.json"
-
-# TCP or UNIX socket address for Tendermint to listen on for
-# connections from an external PrivValidator process
-priv-validator-laddr = ""
-
 # Path to the JSON file containing the private key to use for node authentication in the p2p protocol
 node-key-file = "config/node_key.json"

@@ -109,6 +99,33 @@ abci = "socket"
 filter-peers = false


+#######################################################
+###       Priv Validator Configuration              ###
+#######################################################
+[priv-validator]
+
+# Path to the JSON file containing the private key to use as a validator in the consensus protocol
+key-file = "config/priv_validator_key.json"
+
+# Path to the JSON file containing the last sign state of a validator
+state-file = "data/priv_validator_state.json"
+
+# TCP or UNIX socket address for Tendermint to listen on for
+# connections from an external PrivValidator process
+# when the listenAddr is prefixed with grpc instead of tcp it will use the gRPC Client
+laddr = ""
+
+# Path to the client certificate generated while creating needed files for secure connection.
+# If a remote validator address is provided but no certificate, the connection will be insecure
+client-certificate-file = ""
+
+# Client key generated while creating certificates for secure connection
+validator-client-key-file = ""
+
+# Path to the Root Certificate Authority used to sign both client and server certificates
+certificate-authority = ""
+
+
 #######################################################################
 ###                 Advanced Configuration Options                  ###
 #######################################################################
@@ -134,6 +151,7 @@ cors-allowed-headers = ["Origin", "Accept", "Content-Type", "X-Requested-With",

 # TCP or UNIX socket address for the gRPC server to listen on
 # NOTE: This server only supports /broadcast_tx_commit
+# Deprecated gRPC  in the RPC layer of Tendermint will be deprecated in 0.36.
 grpc-laddr = ""

 # Maximum number of simultaneous connections.
@@ -143,9 +161,10 @@ grpc-laddr = ""
 # 0 - unlimited.
 # Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files}
 # 1024 - 40 - 10 - 50 = 924 = ~900
+# Deprecated gRPC  in the RPC layer of Tendermint will be deprecated in 0.36.
 grpc-max-open-connections = 900

-# Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool
+# Activate unsafe RPC commands like /dial-seeds and /unsafe-flush-mempool
 unsafe = false

 # Maximum number of simultaneous connections (including WebSocket).
@@ -202,18 +221,31 @@ pprof-laddr = ""
 #######################################################
 [p2p]

+# Select the p2p internal queue
+queue-type = "priority"
+
 # Address to listen for incoming connections
 laddr = "tcp://0.0.0.0:26656"

 # Address to advertise to peers for them to dial
 # If empty, will use the same port as the laddr,
 # and will introspect on the listener or use UPnP
-# to figure out the address.
+# to figure out the address. ip and port are required
+# example: 159.89.10.97:26656
 external-address = ""

 # Comma separated list of seed nodes to connect to
+# We only use these if we can’t connect to peers in the addrbook
+# NOTE: not used by the new PEX reactor. Please use BootstrapPeers instead.
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 seeds = ""

+# Comma separated list of peers to be added to the peer store
+# on startup. Either BootstrapPeers or PersistentPeers are
+# needed for peer discovery
+bootstrap-peers = ""
+
 # Comma separated list of nodes to keep persistent connections to
 persistent-peers = ""

@@ -221,6 +253,8 @@ persistent-peers = ""
 upnp = false

 # Path to address book
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 addr-book-file = "config/addrbook.json"

 # Set true for strict address routability rules
@@ -228,9 +262,15 @@ addr-book-file = "config/addrbook.json"
 addr-book-strict = true

 # Maximum number of inbound peers
+#
+# TODO: Remove once p2p refactor is complete in favor of MaxConnections.
+# ref: https://github.com/tendermint/tendermint/issues/5670
 max-num-inbound-peers = 40

 # Maximum number of outbound peers to connect to, excluding persistent peers
+#
+# TODO: Remove once p2p refactor is complete in favor of MaxConnections.
+# ref: https://github.com/tendermint/tendermint/issues/5670
 max-num-outbound-peers = 10

 # Maximum number of connections (inbound and outbound).
@@ -240,27 +280,40 @@ max-connections = 64
 max-incoming-connection-attempts = 100

 # List of node IDs, to which a connection will be (re)established ignoring any existing limits
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 unconditional-peer-ids = ""

 # Maximum pause when redialing a persistent peer (if zero, exponential backoff is used)
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 persistent-peers-max-dial-period = "0s"

 # Time to wait before flushing messages out on the connection
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 flush-throttle-timeout = "100ms"

 # Maximum size of a message packet payload, in bytes
-max-packet-msg-payload-size = 1024
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
+max-packet-msg-payload-size = 1400

 # Rate at which packets can be sent, in bytes/second
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 send-rate = 5120000

 # Rate at which packets can be received, in bytes/second
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 recv-rate = 5120000

 # Set true to enable the peer-exchange reactor
 pex = true

 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
+# Warning: IPs will be exposed at /net_info, for more information https://github.com/tendermint/tendermint/issues/3055
 private-peer-ids = ""

 # Toggle to disable guard against peers connecting from the same ip.
@@ -353,14 +406,26 @@ discovery-time = "15s"
 # Will create a new, randomly named directory within, and remove it when done.
 temp-dir = ""

+# The timeout duration before re-requesting a chunk, possibly from a different
+# peer (default: 15 seconds).
+chunk-request-timeout = "15s"
+
+# The number of concurrent chunk and block fetchers to run (default: 4).
+fetchers = "4"
+
 #######################################################
-###       BlockSync Configuration Connections       ###
+###       Block Sync Configuration Connections       ###
 #######################################################
-[fastsync]
+[blocksync]
+
+# If this node is many blocks behind the tip of the chain, BlockSync
+# allows them to catchup quickly by downloading blocks in parallel
+# and verifying their commits
+enable = true

 # Block Sync version to use:
-#   1) "v0" (default) - the legacy block sync implementation
-#   2) "v2" - complete redesign of v0, optimized for testability & readability
+#   1) "v0" (default) - the standard block sync implementation
+#   2) "v2" - DEPRECATED, please use v0
 version = "v0"

 #######################################################
@@ -409,7 +474,8 @@ peer-query-maj23-sleep-duration = "2s"
 #######################################################
 [tx-index]

-# What indexer to use for transactions
+# The backend database list to back the indexer.
+# If list contains "null" or "", meaning no indexer service will be used.
 #
 # The application will set which txs to index. In some cases a node operator will be able
 # to decide which txs to index based on configuration set in the application.
@@ -417,8 +483,13 @@ peer-query-maj23-sleep-duration = "2s"
 # Options:
 #   1) "null"
 #   2) "kv" (default) - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend).
-#   - When "kv" is chosen "tx.height" and "tx.hash" will always be indexed.
-indexer = "kv"
+#   3) "psql" - the indexer services backed by PostgreSQL.
+# When "kv" or "psql" is chosen "tx.height" and "tx.hash" will always be indexed.
+indexer = ["kv"]
+
+# The PostgreSQL connection configuration, the connection format:
+#   postgresql://<user>:<password>@<host>:<port>/<db>?<opts>
+psql-conn = ""

 #######################################################
 ###       Instrumentation Configuration Options     ###
@@ -519,10 +590,61 @@ This section will cover settings within the p2p section of the `config.toml`.

 - `external-address` = is the address that will be advertised for other nodes to use. We recommend setting this field with your public IP and p2p port.
  - > We recommend setting an external address. When used in a private network, Tendermint Core currently doesn't advertise the node's public address. There is active and ongoing work to improve the P2P system, but this is a helpful workaround for now.
- `seeds` = is a list of comma separated seed nodes that you will connect upon a start and ask for peers. A seed node is a node that does not participate in consensus but only helps propagate peers to nodes in the networks
 - `persistent-peers` = is a list of comma separated peers that you will always want to be connected to. If you're already connected to the maximum number of peers, persistent peers will not be added.
- `max-num-inbound-peers` = is the maximum number of peers you will accept inbound connections from at one time (where they dial your address and initiate the connection).
- `max-num-outbound-peers` = is the maximum number of peers you will initiate outbound connects to at one time (where you dial their address and initiate the connection).
- `unconditional-peer-ids` = is similar to `persistent-peers` except that these peers will be connected to even if you are already connected to the maximum number of peers. This can be a validator node ID on your sentry node.
 - `pex` = turns the peer exchange reactor on or off. Validator node will want the `pex` turned off so it would not begin gossiping to unknown peers on the network. PeX can also be turned off for statically configured networks with fixed network connectivity. For full nodes on open, dynamic networks, it should be turned on.
 - `private-peer-ids` = is a comma-separated list of node ids that will _not_ be exposed to other peers (i.e., you will not tell other peers about the ids in this list). This can be filled with a validator's node id.
+
+Recently the Tendermint Team conducted a refactor of the p2p layer. This lead to multiple config paramters being deprecated and/or replaced. 
+
+We will cover the new and deprecated parameters below.
+### New Parameters
+
+There are three new parameters, which are enabled if use-legacy is set to false.
+
+- `queue-type` = sets a type of queue to use in the p2p layer. There are three options available `fifo`, `priority` and `wdrr`. The default is priority
+- `bootstrap-peers` = is a list of comma seperated peers which will be used to bootstrap the address book. 
+- `max-connections` = is the max amount of allowed inbound and outbound connections.
+### Deprecated Parameters
+
+> Note: For Tendermint 0.35, there are two p2p implementations. The old version is used by deafult with the deprecated fields. The new implementation uses different config parameters, explained above.
+
+- `max-num-inbound-peers` = is the maximum number of peers you will accept inbound connections from at one time (where they dial your address and initiate the connection). *This was replaced by `max-connections`*
+- `max-num-outbound-peers` = is the maximum number of peers you will initiate outbound connects to at one time (where you dial their address and initiate the connection).*This was replaced by `max-connections`*
+- `unconditional-peer-ids` = is similar to `persistent-peers` except that these peers will be connected to even if you are already connected to the maximum number of peers. This can be a validator node ID on your sentry node. *Deprecated*
+- `seeds` = is a list of comma separated seed nodes that you will connect upon a start and ask for peers. A seed node is a node that does not participate in consensus but only helps propagate peers to nodes in the networks *Deprecated, replaced by bootstrap peers*
+
+## Indexing Settings
+
+Operators can configure indexing via the `[tx_index]` section. The `indexer`
+field takes a series of supported indexers. If `null` is included, indexing will
+be turned off regardless of other values provided.
+
+### Supported Indexers
+
+#### KV
+
+The `kv` indexer type is an embedded key-value store supported by the main
+underlying Tendermint database. Using the `kv` indexer type allows you to query
+for block and transaction events directly against Tendermint's RPC. However, the
+query syntax is limited and so this indexer type might be deprecated or removed
+entirely in the future.
+
+#### PostgreSQL
+
+The `psql` indexer type allows an operator to enable block and transaction event
+indexing by proxying it to an external PostgreSQL instance allowing for the events
+to be stored in relational models. Since the events are stored in a RDBMS, operators
+can leverage SQL to perform a series of rich and complex queries that are not
+supported by the `kv` indexer type. Since operators can leverage SQL directly,
+searching is not enabled for the `psql` indexer type via Tendermint's RPC -- any
+such query will fail.
+
+Note, the SQL schema is stored in `state/indexer/sink/psql/schema.sql` and operators
+must explicitly create the relations prior to starting Tendermint and enabling
+the `psql` indexer type.
+
+Example:
+
+```shell
+$ psql ... -f state/indexer/sink/psql/schema.sql
+```
--- a/docs/nodes/metrics.md
+++ b/docs/nodes/metrics.md
@@ -20,6 +20,7 @@ The following metrics are available:

 | **Name**                               | **Type**  | **Tags**      | **Description**                                                        |
 | -------------------------------------- | --------- | ------------- | ---------------------------------------------------------------------- |
+| abci_connection_method_timing          | Histogram | method, type  | Timings for each of the ABCI methods                                   |
 | consensus_height                       | Gauge     |               | Height of the chain                                                    |
 | consensus_validators                   | Gauge     |               | Number of validators                                                   |
 | consensus_validators_power             | Gauge     |               | Total voting power of all validators                                   |
@@ -55,6 +56,16 @@ The following metrics are available:

 Percentage of missing + byzantine validators:

-```md
-((consensus\_byzantine\_validators\_power + consensus\_missing\_validators\_power) / consensus\_validators\_power) * 100
+```prometheus
+((consensus_byzantine_validators_power + consensus_missing_validators_power) / consensus_validators_power) * 100
+```
+
+Rate at which the application is responding to each ABCI method call.
+```
+sum(rate(tendermint_abci_connection_method_timing_count[5m])) by (method)
+```
+
+The 95th percentile response time for the application to the `deliver_tx` ABCI method call.
+```
+histogram_quantile(0.95, sum by(le) (rate(tendermint_abci_connection_method_timing_bucket{method="deliver_tx"}[5m])))
 ```
--- a/docs/package-lock.json
+++ b/docs/package-lock.json
--- a/docs/rfc/README.md
+++ b/docs/rfc/README.md
@@ -38,5 +38,11 @@ sections.
 ## Table of Contents

 - [RFC-000: P2P Roadmap](./rfc-000-p2p-roadmap.rst)
+- [RFC-001: Storage Engines](./rfc-001-storage-engine.rst)
+- [RFC-002: Interprocess Communication](./rfc-002-ipc-ecosystem.md)
+- [RFC-003: Performance Taxonomy](./rfc-003-performance-questions.md)
+- [RFC-004: E2E Test Framework Enhancements](./rfc-004-e2e-framework.md)
+- [RFC-005: Event System](./rfc-005-event-system.rst)
+- [RFC-006: Event Subscription](./rfc-006-event-subscription.md)

 <!-- - [RFC-NNN: Title](./rfc-NNN-title.md) -->
--- a/docs/rfc/rfc-000-p2p-roadmap.rst
+++ b/docs/rfc/rfc-000-p2p-roadmap.rst
@@ -40,15 +40,15 @@ Critique of Current Peer-to-Peer Infrastructure

 The current (refactored) P2P stack is an improvement on the previous iteration
 (legacy), but as of 0.35, there remains room for improvement in the design and
-implementation of the P2P layer. 
+implementation of the P2P layer.

 Some limitations of the current stack include:

 - heavy reliance on buffering to avoid backups in the flow of components,
  which is fragile to maintain and can lead to unexpected memory usage
  patterns and forces the routing layer to make decisions about when messages
-  should be discarded. 
-  
+  should be discarded.
+
 - the current p2p stack relies on convention (rather than the compiler) to
  enforce the API boundaries and conventions between reactors and the router,
  making it very easy to write "wrong" reactor code or introduce a bad
@@ -64,7 +64,7 @@ Some limitations of the current stack include:
  difficult to expose that information to monitoring/observability tools. This
  general opacity also makes it difficult to interact with the peer system
  from other areas of the code base (e.g. tests, reactors).
-  
+
 - the legacy stack provided some control to operators to force the system to
  dial new peers or seed nodes or manipulate the topology of the system _in
  situ_. The current stack can't easily provide this, and while the new stack
@@ -94,16 +94,16 @@ blocksync and consensus) from procedure calls to message passing.
 This is a relatively simple change and could be implemented with the following
 components:

- a constant to represent "local" delivery as  the ``To``` field on
+- a constant to represent "local" delivery as  the ``To`` field on
  ``p2p.Envelope``.
-  
+
 - special path for routing local messages that doesn't require message
  serialization (protobuf marshalling/unmarshaling).
-  
+
 Adding these semantics, particularly if in conjunction with synchronous
 semantics provides a solution to dependency graph problems currently present
 in the Tendermint codebase, which will simplify development, make it possible
-to isolate components for testing. 
+to isolate components for testing.

 Eventually, this will also make it possible to have a logical Tendermint node
 running in multiple processes or in a collection of containers, although the
@@ -129,7 +129,7 @@ of request/response ID to allow identifying out-of-order responses over a
 single connection. Additionally, expanded the programming model of the
 ``p2p.Channel`` to accommodate some kind of _future_ or similar paradigm to
 make it viable to write reactor code without needing for the reactor developer
-to wrestle with lower level concurency constructs.
+to wrestle with lower level concurrency constructs.


 Timeout Handling (QoS)
@@ -143,7 +143,7 @@ detect or attribute. Additionally, the current system provides three main
 parameters to control quality of service:

 - buffer sizes for channels and queues.
-  
+
 - priorities for channels

 - queue implementation details for shedding load.
@@ -151,13 +151,13 @@ parameters to control quality of service:
 These end up being quite coarse controls, and changing the settings are
 difficult because as the queues and channels are able to buffer large numbers
 of messages it can be hard to see the impact of a given change, particularly
-in our extant test environment. In general, we should endeavor to: 
+in our extant test environment. In general, we should endeavor to:

 - set real timeouts, via contexts, on most message send operations, so that
  senders rather than queues can be responsible for timeout
  logic. Additionally, this will make it possible to avoid sending messages
  during shutdown.
-  
+
 - reduce (to the greatest extent possible) the amount of buffering in
  channels and the queues, to more readily surface backpressure and reduce the
  potential for buildup of stale messages.
@@ -173,8 +173,8 @@ transport types and makes it more likely that message-based caching and rate
 limiting will be implemented at the transport layer rather than at a more
 appropriate level.

-The transport then, would be responsible for negitating the connection and the
-handshake and otherwise behave like a socket/file discriptor with ``Read` and
+The transport then, would be responsible for negotiating the connection and the
+handshake and otherwise behave like a socket/file descriptor with ``Read`` and
 ``Write`` methods.

 While this was included in the initial design for the new P2P layer, it may be
@@ -185,7 +185,7 @@ Service Discovery
 ~~~~~~~~~~~~~~~~~

 In the current system, Tendermint assumes that all nodes in a network are
-largely equivelent, and nodes tend to be "chatty" making many requests of
+largely equivalent, and nodes tend to be "chatty" making many requests of
 large numbers of peers and waiting for peers to (hopefully) respond. While
 this works and has allowed Tendermint to get to a certain point, this both
 produces a theoretical scaling bottle neck and makes it harder to test and
@@ -194,7 +194,7 @@ verify components of the system.
 In addition to peer's identity and connection information, peers should be
 able to advertise a number of services or capabilities, and node operators or
 developers should be able to specify peer capability requirements (e.g. target
-at least <x>-percent of peers with <y> capability.)  
+at least <x>-percent of peers with <y> capability.)

 These capabilities may be useful in selecting peers to send messages to, it
 may make sense to extend Tendermint's message addressing capability to allow
@@ -215,7 +215,7 @@ Continued Homegrown Implementation
 The current peer system is homegrown and is conceptually compatible with the
 needs of the project, and while there are limitations to the system, the p2p
 layer is not (currently as of 0.35) a major source of bugs or friction during
-development. 
+development.

 However, the current implementation makes a number of allowances for
 interoperability, and there are a collection of iterative improvements that
@@ -228,18 +228,18 @@ implementation, upcoming work would include:
  connections using different protocols (e.g. QUIC, etc.)

 - entirely remove the constructs and implementations of the legacy peer
-  implementation. 
-  
+  implementation.
+
 - establish and enforce clearer chains of responsibility for connection
  establishment (e.g. handshaking, setup,) which is currently shared between
-  three components. 
+  three components.

 - report better metrics regarding the into the state of peers and network
  connectivity, which are opaque outside of the system. This is constrained at
  the moment as a side effect of the split responsibility for connection
  establishment.
-  
- extend the PEX system to include service information so that ndoes in the
+
+- extend the PEX system to include service information so that nodes in the
  network weren't necessarily homogeneous.

 While maintaining a bespoke peer management layer would seem to distract from
@@ -272,20 +272,20 @@ case that our internal systems need to know much less about peers than
 otherwise specified. Similarly, the current system has a notion of peer
 scoring that cannot be communicated to libp2p, which may be fine as this is
 only used to support peer exchange (PEX,) which would become a property libp2p
-and not expressed in it's current higher-level form. 
+and not expressed in it's current higher-level form.

-In general, the effort to switch to libp2p would involve: 
+In general, the effort to switch to libp2p would involve:

 - timing it during an appropriate protocol-breaking window, as it doesn't seem
-  viable to support both libp2p *and* the current p2p protocol. 
-  
+  viable to support both libp2p *and* the current p2p protocol.
+
 - providing some in-memory testing network to support the use case that the
  current ``p2p.MemoryNetwork`` provides.

 - re-homing the ``p2p.Router`` implementation on top of libp2p components to
  be able to maintain the current reactor implementations.
-  
-Open question include: 
+
+Open question include:

 - how much local buffering should we be doing? It sort of seems like we should
  figure out what the expected behavior is for libp2p for QoS-type
@@ -302,7 +302,7 @@ Open question include:

 - how do efforts to select "the best" (healthy, close, well-behaving, etc.)
  peers work out if Tendermint is not maintaining a local peer database?
-  
+
 - would adding additional higher level semantics (internal message passing,
  request/response pairs, service discovery, etc.) facilitate removing some of
  the direct linkages between constructs/components in the system and reduce
@@ -311,6 +311,6 @@ Open question include:
 References
 ----------

- `Tracking Ticket for P2P Refactor Project <https://github.com/tendermint/tendermint/issues/5670>`_ 
+- `Tracking Ticket for P2P Refactor Project <https://github.com/tendermint/tendermint/issues/5670>`_
 - `ADR 61: P2P Refactor Scope <../architecture/adr-061-p2p-refactor-scope.md>`_
 - `ADR 62: P2P Architecture and Abstraction <../architecture/adr-061-p2p-architecture.md>`_
--- a/docs/rfc/rfc-001-storage-engine.rst
+++ b/docs/rfc/rfc-001-storage-engine.rst
@@ -0,0 +1,179 @@
+===========================================
+RFC 001: Storage Engines and Database Layer
+===========================================
+
+Changelog
+---------
+
+- 2021-04-19: Initial Draft (gist)
+- 2021-09-02: Migrated to RFC folder, with some updates  
+
+Abstract
+--------
+
+The aspect of Tendermint that's responsible for persistence and storage (often
+"the database" internally) represents a bottle neck in the architecture of the
+platform, that the 0.36 release presents a good opportunity to correct. The
+current storage engine layer provides a great deal of flexibility that is
+difficult for users to leverage or benefit from, while also making it harder
+for Tendermint Core developers to deliver improvements on storage engine. This
+RFC discusses the possible improvements to this layer of the system.
+
+Background
+----------
+
+Tendermint has a very thin common wrapper that makes Tendermint itself
+(largely) agnostic to the data storage layer (within the realm of the popular
+key-value/embedded databases.) This flexibility is not particularly useful:
+the benefits of a specific database engine in the context of Tendermint is not
+particularly well understood, and the maintenance burden for multiple backends
+is not commensurate with the benefit provided. Additionally, because the data
+storage layer is handled generically, and most tests run with an in-memory
+framework, it's difficult to take advantage of any higher-level features of a
+database engine.
+
+Ideally, developers within Tendermint will be able to interact with persisted
+data via an interface that can function, approximately like an object
+store, and this storage interface will be able to accommodate all existing
+persistence workloads (e.g. block storage, local peer management information
+like the "address book", crash-recovery log like the WAL.) In addition to
+providing a more ergonomic interface and new semantics, by selecting a single
+storage engine tendermint can use native durability and atomicity features of
+the storage engine and simplify its own implementations. 
+
+Data Access Patterns
+~~~~~~~~~~~~~~~~~~~~
+
+Tendermint's data access patterns have the following characteristics:
+
+- aggregate data size often exceeds memory.
+
+- data is rarely mutated after it's written for most data (e.g. blocks), but
+  small amounts of working data is persisted by nodes and is frequently
+  mutated (e.g. peer information, validator information.)
+
+- read patterns can be quite random.
+
+- crash resistance and crash recovery, provided by write-ahead-logs (in
+  consensus, and potentially for the mempool) should allow the system to
+  resume work after an unexpected shut down.
+
+Project Goals
+~~~~~~~~~~~~~
+
+As we think about replacing the current persistence layer, we should consider
+the following high level goals: 
+
+- drop dependencies on storage engines that have a CGo dependency.
+
+- encapsulate data format and data storage from higher-level services
+  (e.g. reactors) within tendermint.
+
+- select a storage engine that does not incur any additional operational
+  complexity (e.g. database should be embedded.)
+
+- provide database semantics with sufficient ACID, snapshots, and
+  transactional support.
+
+Open Questions
+~~~~~~~~~~~~~~
+
+The following questions remain:
+
+- what kind of data-access concurrency does tendermint require?
+
+- would tendermint users SDK/etc. benefit from some shared database
+  infrastructure?
+  
+  - In earlier conversations it seemed as if the SDK has selected Badger and
+    RocksDB for their storage engines, and it might make sense to be able to
+    (optionally) pass a handle to a Badger instance between the libraries in
+    some cases.
+
+- what are typical data sizes, and what kinds of memory sizes can we expect
+  operators to be able to provide?
+
+- in addition to simple persistence, what kind of additional semantics would
+  tendermint like to enjoy (e.g. transactional semantics, unique constraints,
+  indexes, in-place-updates, etc.)?
+
+Decision Framework
+~~~~~~~~~~~~~~~~~~
+
+Given the constraint of removing the CGo dependency, the decision is between
+"badger" and "boltdb" (in the form of the etcd/CoreOS fork,) as low level. On
+top of this and somewhat orthogonally, we must also decide on the interface to
+the database and how the larger application will have to interact with the
+database layer. Users of the data layer shouldn't ever need to interact with
+raw byte slices from the database, and should mostly have the experience of
+interacting with Go-types.
+
+Badger is more consistently developed and has a broader feature set than
+Bolt. At the same time, Badger is likely more memory intensive and may have
+more overhead in terms of open file handles given it's model. At first glance,
+Badger is the obvious choice: it's actively developed and it has a lot of
+features that could be useful. Bolt is not without some benefits: it's stable
+and is maintained by the etcd folks, it's simpler model (single memory mapped
+file, etc,) may be easier to reason about.
+
+I propose that we consider the following specific questions about storage
+engines:
+
+- does Badger's evolving development, which may result in data file format
+  changes in the future, and could restrict our access to using the latest
+  version of the library between major upgrades, present a problem?
+
+- do we do we have goals/concerns about memory footprint that Badger may
+  prevent us from hitting, particularly as data sets grow over time?
+
+- what kind of additional tooling might we need/like to build (dump/restore,
+  etc.)?
+
+- do we want to run unit/integration tests against a data files on disk rather
+  than relying exclusively on the memory database?
+
+Project Scope
+~~~~~~~~~~~~~
+
+This project will consist of the following aspects:
+
+- selecting a storage engine, and modifying the tendermint codebase to
+  disallow any configuration of the storage engine outside of the tendermint. 
+
+- remove the dependency on the current tm-db interfaces and replace with some
+  internalized, safe, and ergonomic interface for data persistence with all
+  required database semantics.
+
+- update core tendermint code to use the new interface and data tools.
+
+Next Steps
+~~~~~~~~~~
+
+- circulate the RFC, and discuss options with appropriate stakeholders. 
+  
+- write brief ADR to summarize decisions around technical decisions reached
+  during the RFC phase. 
+
+References
+----------
+
+- `bolddb <https://github.com/etcd-io/bbolt>`_
+- `badger <https://github.com/dgraph-io/badger>`_
+- `badgerdb overview <https://dbdb.io/db/badgerdb>`_
+- `botldb overview <https://dbdb.io/db/boltdb>`_
+- `boltdb vs badger <https://tech.townsourced.com/post/boltdb-vs-badger>`_
+- `bolthold <https://github.com/timshannon/bolthold>`_
+- `badgerhold <https://github.com/timshannon/badgerhold>`_
+- `Pebble <https://github.com/cockroachdb/pebble>`_
+- `SDK Issue Regarding IVAL <https://github.com/cosmos/cosmos-sdk/issues/7100>`_
+- `SDK Discussion about SMT/IVAL <https://github.com/cosmos/cosmos-sdk/discussions/8297>`_
+
+Discussion
+----------
+
+- All things being equal, my tendency would be to use badger, with badgerhold
+  (if that makes sense) for its ergonomics and indexing capabilities, which
+  will require some small selection of wrappers for better write transaction
+  support. This is a weakly held tendency/belief and I think it would be
+  useful for the RFC process to build consensus (or not) around this basic
+  assumption.
--- a/docs/rfc/rfc-002-ipc-ecosystem.md
+++ b/docs/rfc/rfc-002-ipc-ecosystem.md
@@ -0,0 +1,420 @@
+# RFC 002: Interprocess Communication (IPC) in Tendermint
+
+## Changelog
+
+- 08-Sep-2021: Initial draft (@creachadair).
+
+
+## Abstract
+
+Communication in Tendermint among consensus nodes, applications, and operator
+tools all use different message formats and transport mechanisms.  In some
+cases there are multiple options. Having all these options complicates both the
+code and the developer experience, and hides bugs. To support a more robust,
+trustworthy, and usable system, we should document which communication paths
+are essential, which could be removed or reduced in scope, and what we can
+improve for the most important use cases.
+
+This document proposes a variety of possible improvements of varying size and
+scope. Specific design proposals should get their own documentation.
+
+
+## Background
+
+The Tendermint state replication engine has a complex IPC footprint.
+
+1. Consensus nodes communicate with each other using a networked peer-to-peer
+   message-passing protocol.
+
+2. Consensus nodes communicate with the application whose state is being
+   replicated via the [Application BlockChain Interface (ABCI)][abci].
+
+3. Consensus nodes export a network-accessible [RPC service][rpc-service] to
+   support operations (bootstrapping, debugging) and synchronization of [light clients][light-client].
+   This interface is also used by the [`tendermint` CLI][tm-cli].
+
+4. Consensus nodes export a gRPC service exposing a subset of the methods of
+   the RPC service described by (3). This was intended to simplify the
+   implementation of tools that already use gRPC to communicate with an
+   application (via the Cosmos SDK), and wanted to also talk to the consensus
+   node without implementing yet another RPC protocol.
+
+   The gRPC interface to the consensus node has been deprecated and is slated
+   for removal in the forthcoming Tendermint v0.36 release.
+
+5. Consensus nodes may optionally communicate with a "remote signer" that holds
+   a validator key and can provide public keys and signatures to the consensus
+   node. One of the stated goals of this configuration is to allow the signer
+   to be run on a private network, separate from the consensus node, so that a
+   compromise of the consensus node from the public network would be less
+   likely to expose validator keys.
+
+## Discussion: Transport Mechanisms
+
+### Remote Signer Transport
+
+A remote signer communicates with the consensus node in one of two ways:
+
+1. "Raw": Using a TCP or Unix-domain socket which carries varint-prefixed
+   protocol buffer messages. In this mode, the consensus node is the server,
+   and the remote signer is the client.
+
+   This mode has been deprecated, and is intended to be removed.
+
+2. gRPC: This mode uses the same protobuf messages as "Raw" node, but uses a
+   standard encrypted gRPC HTTP/2 stub as the transport. In this mode, the
+   remote signer is the server and the consensus node is the client.
+
+
+### ABCI Transport
+
+In ABCI, the _application_ is the server, and the Tendermint consensus engine
+is the client.  Most applications implement the server using the [Cosmos SDK][cosmos-sdk],
+which handles low-level details of the ABCI interaction and provides a
+higher-level interface to the rest of the application. The SDK is written in Go.
+
+Beneath the SDK, the application communicates with Tendermint core in one of
+two ways:
+
+- In-process direct calls (for applications written in Go and compiled against
+  the Tendermint code).  This is an optimization for the common case where an
+  application is written in Go, to save on the overhead of marshaling and
+  unmarshaling requests and responses within the same process:
+  [`abci/client/local_client.go`][local-client]
+
+- A custom remote procedure protocol built on wire-format protobuf messages
+  using a socket (the "socket protocol"): [`abci/server/socket_server.go`][socket-server]
+
+The SDK also provides a [gRPC service][sdk-grpc] accessible from outside the
+application, allowing transactions to be broadcast to the network, look up
+transactions, and simulate transaction costs.
+
+
+### RPC Transport
+
+The consensus node RPC service allows callers to query consensus parameters
+(genesis data, transactions, commits), node status (network info, health
+checks), application state (abci_query, abci_info), mempool state, and other
+attributes of the node and its application. The service also provides methods
+allowing transactions and evidence to be injected ("broadcast") into the
+blockchain.
+
+The RPC service is exposed in several ways:
+
+- HTTP GET: Queries may be sent as URI parameters, with method names in the path.
+
+- HTTP POST: Queries may be sent as JSON-RPC request messages in the body of an
+  HTTP POST request.  The server uses a custom implementation of JSON-RPC that
+  is not fully compatible with the [JSON-RPC 2.0 spec][json-rpc], but handles
+  the common cases.
+
+- Websocket: Queries may be sent as JSON-RPC request messages via a websocket.
+  This transport uses more or less the same JSON-RPC plumbing as the HTTP POST
+  handler.
+
+  The websocket endpoint also includes three methods that are _only_ exported
+  via websocket, which appear to support event subscription.
+
+- gRPC: A subset of queries may be issued in protocol buffer format to the gRPC
+  interface described above under (4). As noted, this endpoint is deprecated
+  and will be removed in v0.36.
+
+### Opportunities for Simplification
+
+**Claim:** There are too many IPC mechanisms.
+
+The preponderance of ABCI usage is via the Cosmos SDK, which means the
+application and the consensus node are compiled together into a single binary,
+and the consensus node calls the ABCI methods of the application directly as Go
+functions.
+
+We also need a true IPC transport to support ABCI applications _not_ written in
+Go.  There are also several known applications written in Rust, for example
+(including [Anoma](https://github.com/anoma/anoma), Penumbra,
+[Oasis](https://github.com/oasisprotocol/oasis-core), Twilight, and
+[Nomic](https://github.com/nomic-io/nomic)). Ideally we will have at most one
+such transport "built-in": More esoteric cases can be handled by a custom proxy.
+Pragmatically, gRPC is probably the right choice here.
+
+The primary consumers of the multi-headed "RPC service" today are the light
+client and the `tendermint` command-line client. There is probably some local
+use via curl, but I expect that is mostly ad hoc. Ethan reports that nodes are
+often configured with the ports to the RPC service blocked, which is good for
+security but complicates use by the light client.
+
+### Context: Remote Signer Issues
+
+Since the remote signer needs a secure communication channel to exchange keys
+and signatures, and is expected to run truly remotely from the node (i.e., on a
+separate physical server), there is not a whole lot we can do here. We should
+finish the deprecation and removal of the "raw" socket protocol between the
+consensus node and remote signers, but the use of gRPC is appropriate.
+
+The main improvement we can make is to simplify the implementation quite a bit,
+once we no longer need to support both "raw" and gRPC transports.
+
+### Context: ABCI Issues
+
+In the original design of ABCI, the presumption was that all access to the
+application should be mediated by the consensus node. The idea is that outside
+access could change application state and corrupt the consensus process, which
+relies on the application to be deterministic. Of course, even without outside
+access an application could behave nondeterministically, but allowing other
+programs to send it requests was seen as courting trouble.
+
+Conversely, users noted that most of the time, tools written for a particular
+application don't want to talk to the consensus module directly. The
+application "owns" the state machine the consensus engine is replicating, so
+tools that care about application state should talk to the application.
+Otherwise, they would have to bake in knowledge about Tendermint (e.g., its
+interfaces and data structures) just because of the mediation.
+
+For clients to talk directly to the application, however, there is another
+concern: The consensus node is the ABCI _client_, so it is inconvenient for the
+application to "push" work into the consensus module via ABCI itself.  The
+current implementation works around this by calling the consensus node's RPC
+service, which exposes an `ABCIQuery` kitchen-sink method that allows the
+application a way to poke ABCI messages in the other direction.
+
+Without this RPC method, you could work around this (at least in principle) by
+having the consensus module "poll" the application for work that needs done,
+but that has unsatisfactory implications for performance and robustness, as
+well as being harder to understand.
+
+There has apparently been discussion about trying to make a more bidirectional
+communication between the consensus node and the application, but this issue
+seems to still be unresolved.
+
+Another complication of ABCI is that it requires the application (server) to
+maintain [four separate connections][abci-conn]: One for "consensus" operations
+(BeginBlock, EndBlock, DeliverTx, Commit), one for "mempool" operations, one
+for "query" operations, and one for "snapshot" (state synchronization) operations.
+The rationale seems to have been that these groups of operations should be able
+to proceed concurrently with each other. In practice, it results in a very complex
+state management problem to coordinate state updates between the separate streams.
+While application authors in Go are mostly insulated from that complexity by the
+Cosmos SDK, the plumbing to maintain those separate streams is complicated, hard
+to understand, and we suspect it contains concurrency bugs and/or lock contention
+issues affecting performance that are subtle and difficult to pin down.
+
+Even without changing the semantics of any ABCI operations, this code could be
+made smaller and easier to debug by separating the management of concurrency
+and locking from the IPC transport: If all requests and responses are routed
+through one connection, the server can explicitly maintain priority queues for
+requests and responses, and make less-conservative decisions about when locks
+are (or aren't) required to synchronize state access. With independent queues,
+the server must lock conservatively, and no optimistic scheduling is practical.
+
+This would be a tedious implementation change, but should be achievable without
+breaking any of the existing interfaces. More importantly, it could potentially
+address a lot of difficult concurrency and performance problems we currently
+see anecdotally but have difficultly isolating because of how intertwined these
+separate message streams are at runtime.
+
+TODO: Impact of ABCI++ for this topic?
+
+### Context: RPC Issues
+
+The RPC system serves several masters, and has a complex surface area. I
+believe there are some improvements that can be exposed by separating some of
+these concerns.
+
+The Tendermint light client currently uses the RPC service to look up blocks
+and transactions, and to forward ABCI queries to the application.  The light
+client proxy uses the RPC service via a websocket. The Cosmos IBC relayer also
+uses the RPC service via websocket to watch for transaction events, and uses
+the `ABCIQuery` method to fetch information and proofs for posted transactions.
+
+Some work is already underway toward using P2P message passing rather than RPC
+to synchronize light client state with the rest of the network.  IBC relaying,
+however, requires access to the event system, which is currently not accessible
+except via the RPC interface. Event subscription _could_ be exposed via P2P,
+but that is a larger project since it adds P2P communication load, and might
+thus have an impact on the performance of consensus.
+
+If event subscription can be moved into the P2P network, we could entirely
+remove the websocket transport, even for clients that still need access to the
+RPC service. Until then, we may still be able to reduce the scope of the
+websocket endpoint to _only_ event subscription, by moving uses of the RPC
+server as a proxy to ABCI over to the gRPC interface.
+
+Having the RPC server still makes sense for local bootstrapping and operations,
+but can be further simplified. Here are some specific proposals:
+
+- Remove the HTTP GET interface entirely.
+
+- Simplify JSON-RPC plumbing to remove unnecessary reflection and wrapping.
+
+- Remove the gRPC interface (this is already planned for v0.36).
+
+- Separate the websocket interface from the rest of the RPC service, and
+  restrict it to only event subscription.
+
+  Eventually we should try to emove the websocket interface entirely, but we
+  will need to revisit that (probably in a new RFC) once we've done some of the
+  easier things.
+
+These changes would preserve the ability of operators to issue queries with
+curl (but would require using JSON-RPC instead of URI parameters). That would
+be a little less user-friendly, but for a use case that should not be that
+prevalent.
+
+These changes would also preserve compatibility with existing JSON-RPC based
+code paths like the `tendermint` CLI and the light client (even ahead of
+further work to remove that dependency).
+
+**Design goal:** An operator should be able to disable non-local access to the
+RPC server on any node in the network without impairing the ability of the
+network to function for service of state replication, including light clients.
+
+**Design principle:** All communication required to implement and monitor the
+consensus network should use P2P, including the various synchronizations.
+
+### Options for ABCI Transport
+
+The majority of current usage is in Go, and the majority of that is mediated by
+the Cosmos SDK, which uses the "direct call" interface. There is probably some
+opportunity to clean up the implementation of that code, notably by inverting
+which interface is at the "top" of the abstraction stack (currently it acts
+like an RPC interface, and escape-hatches into the direct call). However, this
+general approach works fine and doesn't need to be fundamentally changed.
+
+For applications _not_ written in Go, the two remaining options are the
+"socket" protocol (another variation on varint-prefixed protobuf messages over
+an unstructured stream) and gRPC. It would be nice if we could get rid of one
+of these to reduce (unneeded?) optionality.
+
+Since both the socket protocol and gRPC depend on protocol buffers, the
+"socket" protocol is the most obvious choice to remove. While gRPC is more
+complex, the set of languages that _have_ protobuf support but _lack_ gRPC
+support is small. Moreover, gRPC is already widely used in the rest of the
+ecosystem (including the Cosmos SDK).
+
+If some use case did arise later that can't work with gRPC, it would not be too
+difficult for that application author to write a little proxy (in Go) that
+bridges the convenient SDK APIs into a simpler protocol than gRPC.
+
+**Design principle:** It is better for an uncommon special case to carry the
+burdens of its specialness, than to bake an escape hatch into the infrastructure.
+
+**Recommendation:** We should deprecate and remove the socket protocol.
+
+### Options for RPC Transport
+
+[ADR 057][adr-57] proposes using gRPC for the Tendermint RPC implementation.
+This is still possible, but if we are able to simplify and decouple the
+concerns as described above, I do not think it should be necessary.
+
+While JSON-RPC is not the best possible RPC protocol for all situations, it has
+some advantages over gRPC for our domain. Specifically:
+
+- It is easy to call JSON-RPC manually from the command-line, which helps with
+  a common concern for the RPC service, local debugging and operations.
+
+  Relatedly: JSON is relatively easy for humans to read and write, and it can
+  be easily copied and pasted to share sample queries and debugging results in
+  chat, issue comments, and so on. Ideally, the RPC service will not be used
+  for activities where the costs of a text protocol are important compared to
+  its legibility and manual usability benefits.
+
+- gRPC has an enormous dependency footprint for both clients and servers, and
+  many of the features it provides to support security and performance
+  (encryption, compression, streaming, etc.) are mostly irrelevant to local
+  use. Tendermint already needs to include a gRPC client for the remote signer,
+  but if we can avoid the need for a _client_ to depend on gRPC, that is a win
+  for usability.
+
+- If we intend to migrate light clients off RPC to use P2P entirely, there is
+  no advantage to forcing a temporary migration to gRPC along the way; and once
+  the light client is not dependent on the RPC service, the efficiency of the
+  protocol is much less important.
+
+- We can still get the benefits of generated data types using protocol buffers, even
+  without using gRPC:
+
+  - Protobuf defines a standard JSON encoding for all message types so
+    languages with protobuf support do not need to worry about type mapping
+    oddities.
+
+  - Using JSON means that even languages _without_ good protobuf support can
+    implement the protocol with a bit more work, and I expect this situation to
+    be rare.
+
+Even if a language lacks a good standard JSON-RPC mechanism, the protocol is
+lightweight and can be implemented by simple send/receive over TCP or
+Unix-domain sockets with no need for code generation, encryption, etc. gRPC
+uses a complex HTTP/2 based transport that is not easily replicated.
+
+### Future Work
+
+The background and proposals sketched above focus on the existing structure of
+Tendermint and improvements we can make in the short term. It is worthwhile to
+also consider options for longer-term broader changes to the IPC ecosystem.
+The following outlines some ideas at a high level:
+
+- **Consensus service:** Today, the application and the consensus node are
+  nominally connected only via ABCI. Tendermint was originally designed with
+  the assumption that all communication with the application should be mediated
+  by the consensus node.  Based on further experience, however, the design goal
+  is now that the _application_ should be the mediator of application state.
+
+  As noted above, however, ABCI is a client/server protocol, with the
+  application as the server. For outside clients that turns out to have been a
+  good choice, but it complicates the relationship between the application and
+  the consensus node: Previously transactions were entered via the node, now
+  they are entered via the app.
+
+  We have worked around this by using the Tendermint RPC service to give the
+  application a "back channel" to the consensus node, so that it can push
+  transactions back into the consensus network. But the RPC service exposes a
+  lot of other functionality, too, including event subscription, block and
+  transaction queries, and a lot of node status information.
+
+  Even if we can't easily "fix" the orientation of the ABCI relationship, we
+  could improve isolation by splitting out the parts of the RPC service that
+  the application needs as a back-channel, and sharing those _only_ with the
+  application. By defining a "consensus service", we could give the application
+  a way to talk back limited to only the capabilities it needs. This approach
+  has the benefit that we could do it without breaking existing use, and if we
+  later did "fix" the ABCI directionality, we could drop the special case
+  without disrupting the rest of the RPC interface.
+
+- **Event service:** Right now, the IBC relayer relies on the Tendermint RPC
+  service to provide a stream of block and transaction events, which it uses to
+  discover which transactions need relaying to other chains.  While I think
+  that event subscription should eventually be handled via P2P, we could gain
+  some immediate benefit by splitting out event subscription from the rest of
+  the RPC service.
+
+  In this model, an event subscription service would be exposed on the public
+  network, but on a different endpoint. This would remove the need for the RPC
+  service to support the websocket protocol, and would allow operators to
+  isolate potentially sensitive status query results from the public network.
+
+  At the moment the relayers also use the RPC service to get block data for
+  synchronization, but work is already in progress to handle that concern via
+  the P2P layer. Once that's done, event subscription could be separated.
+
+Separating parts of the existing RPC service is not without cost: It might
+require additional connection endpoints, for example, though it is also not too
+difficult for multiple otherwise-independent services to share a connection.
+
+In return, though, it would become easier to reduce transport options and for
+operators to independently control access to sensitive data. Considering the
+viability and implications of these ideas is beyond the scope of this RFC, but
+they are documented here since they follow from the background we have already
+discussed.
+
+## References
+
+[abci]: https://github.com/tendermint/spec/tree/95cf253b6df623066ff7cd4074a94e7a3f147c7a/spec/abci
+[rpc-service]: https://docs.tendermint.com/master/rpc/
+[light-client]: https://docs.tendermint.com/master/tendermint-core/light-client.html
+[tm-cli]: https://github.com/tendermint/tendermint/tree/master/cmd/tendermint
+[cosmos-sdk]: https://github.com/cosmos/cosmos-sdk/
+[local-client]: https://github.com/tendermint/tendermint/blob/master/abci/client/local_client.go
+[socket-server]: https://github.com/tendermint/tendermint/blob/master/abci/server/socket_server.go
+[sdk-grpc]: https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/tx#ServiceServer
+[json-rpc]: https://www.jsonrpc.org/specification
+[abci-conn]: https://github.com/tendermint/spec/blob/master/spec/abci/apps.md#state
+[adr-57]: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-057-RPC.md
--- a/docs/rfc/rfc-003-performance-questions.md
+++ b/docs/rfc/rfc-003-performance-questions.md
@@ -0,0 +1,283 @@
+# RFC 003: Taxonomy of potential performance issues in Tendermint 
+
+## Changelog
+
+- 2021-09-02: Created initial draft (@wbanfield)
+- 2021-09-14: Add discussion of the event system (@wbanfield)
+
+## Abstract
+
+This document discusses the various sources of performance issues in Tendermint and
+attempts to clarify what work may be required to understand and address them.
+
+## Background
+
+Performance, loosely defined as the ability of a software process to perform its work
+quickly and efficiently under load and within reasonable resource limits, is a frequent
+topic of discussion in the Tendermint project.
+To effectively address any issues with Tendermint performance we need to
+categorize the various issues, understand their potential sources, and gauge their
+impact on users.
+
+Categorizing the different known performance issues will allow us to discuss and fix them
+more systematically. This document proposes a rough taxonomy of performance issues
+and highlights areas where more research into potential performance problems is required.
+
+Understanding Tendermint's performance limitations will also be critically important
+as we make changes to many of its subsystems. Performance is a central concern for
+upcoming decisions regarding the `p2p` protocol, RPC message encoding and structure,
+database usage and selection, and consensus protocol updates.
+
+
+## Discussion
+
+This section attempts to delineate the different sections of Tendermint functionality
+that are often cited as having performance issues. It raises questions and suggests
+lines of inquiry that may be valuable for better understanding Tendermint's performance issues.
+
+As a note: We should avoid quickly adding many microbenchmarks or package level benchmarks. 
+These are prone to being worse than useless as they can obscure what _should_ be
+focused on: performance of the system from the perspective of a user. We should,
+instead, tune performance with an eye towards user needs and actions users make. These users comprise
+both operators of Tendermint chains and the people generating transactions for
+Tendermint chains. Both of these sets of users are largely aligned in wanting an end-to-end
+system that operates quickly and efficiently.
+
+REQUEST: The list below may be incomplete, if there are additional sections that are often
+cited as creating poor performance, please comment so that they may be included.
+
+### P2P
+
+#### Claim: Tendermint cannot scale to large numbers of nodes
+
+A complaint has been reported that Tendermint networks cannot scale to large numbers of nodes.
+The listed number of nodes a user reported as causing issue was in the thousands.
+We don't currently have evidence about what the upper-limit of nodes that Tendermint's
+P2P stack can scale to.
+
+We need to more concretely understand the source of issues and determine what layer
+is causing a problem. It's possible that the P2P layer, in the absence of any reactors
+sending data, is perfectly capable of managing thousands of peer connections. For
+a reasonable networking and application setup, thousands of connections should not present any
+issue for the application.
+
+We need more data to understand the problem directly. We want to drive the popularity
+and adoption of Tendermint and this will mean allowing for chains with more validators.
+We should follow up with users experiencing this issue. We may then want to add
+a series of metrics to the P2P layer to better understand the inefficiencies it produces.
+
+The following metrics can help us understand the sources of latency in the Tendermint P2P stack:
+
+* Number of messages sent and received per second
+* Time of a message spent on the P2P layer send and receive queues
+
+The following metrics exist and should be leveraged in addition to those added:
+
+* Number of peers node's connected to
+* Number of bytes per channel sent and received from each peer
+
+### Sync
+
+#### Claim: Block Syncing is slow
+
+Bootstrapping a new node in a network to the height of the rest of the network is believed to
+take longer than users would like. Block sync requires fetching all of the blocks from
+peers and placing them into the local disk for storage. A useful line of inquiry
+is understanding how quickly a perfectly tuned system _could_ fetch all of the state
+over a network so that we understand how much overhead Tendermint actually adds.
+
+The operation is likely to be _incredibly_ dependent on the environment in which
+the node is being run. The factors that will influence syncing include:
+1. Number of peers that a syncing node may fetch from.
+2. Speed of the disk that a validator is writing to.
+3. Speed of the network connection between the different peers that node is
+syncing from.
+
+We should calculate how quickly this operation _could possibly_ complete for common chains and nodes.
+To calculate how quickly this operation could possibly complete, we should assume that
+a node is reading at line-rate of the NIC and writing at the full drive speed to its
+local storage. Comparing this theoretical upper-limit to the actual sync times
+observed by node operators will give us a good point of comparison for understanding
+how much overhead Tendermint incurs.
+
+We should additionally add metrics to the blocksync operation to more clearly pinpoint
+slow operations. The following metrics should be added to the block syncing operation:
+
+* Time to fetch and validate each block
+* Time to execute a block
+* Blocks sync'd per unit time
+
+### Application
+
+Applications performing complex state transitions have the potential to bottleneck
+the Tendermint node.
+
+#### Claim: ABCI block delivery could cause slowdown
+
+ABCI delivers blocks in several methods: `BeginBlock`, `DeliverTx`, `EndBlock`, `Commit`.
+
+Tendermint delivers transactions one-by-one via the `DeliverTx` call. Most of the 
+transaction delivery in Tendermint occurs asynchronously and therefore appears unlikely to
+form a bottleneck in ABCI.
+
+After delivering all transactions, Tendermint then calls the `Commit` ABCI method.
+Tendermint [locks all access to the mempool][abci-commit-description] while `Commit`
+proceeds. This means that an application that is slow to execute all of its
+transactions or finalize state during the `Commit` method will prevent any new
+transactions from being added to the mempool.  Apps that are slow to commit will
+prevent consensus from proceeded to the next consensus height since Tendermint
+cannot validate block proposals or produce block proposals without the
+AppHash obtained from the `Commit` method. We should add a metric for each
+step in the ABCI protocol to track the amount of time that a node spends communicating
+with the application at each step.
+
+#### Claim: ABCI serialization overhead causes slowdown
+
+The most common way to run a Tendermint application is using the Cosmos-SDK.
+The Cosmos-SDK runs the ABCI application within the same process as Tendermint.
+When an application is run in the same process as Tendermint, a serialization penalty
+is not paid. This is because the local ABCI client does not serialize method calls
+and instead passes the protobuf type through directly. This can be seen
+in [local_client.go][abci-local-client-code].
+
+Serialization and deserialization in the gRPC and socket protocol ABCI methods
+may cause slowdown. While these may cause issue, they are not part of the primary
+usecase of Tendermint and do not necessarily need to be addressed at this time.
+
+### RPC
+
+#### Claim: The Query API is slow.
+
+The query API locks a mutex across the ABCI connections. This causes consensus to
+slow during queries, as ABCI is no longer able to make progress. This is known
+to be causing issue in the cosmos-sdk and is being addressed [in the sdk][sdk-query-fix]
+but a more robust solution may be required. Adding metrics to each ABCI client connection
+and message as described in the Application section of this document would allow us
+to further introspect the issue here. 
+
+#### Claim: RPC Serialization may cause slowdown
+
+The Tendermint RPC uses a modified version of JSON-RPC. This RPC powers the `broadcast_tx_*` methods,
+which is a critical method for adding transactions to Tendermint at the moment. This method is
+likely invoked quite frequently on popular networks. Being able to perform efficiently
+on this common and critical operation is very important. The current JSON-RPC implementation
+relies heavily on type introspection via reflection, which is known to be very slow in
+Go. We should therefore produce benchmarks of this method to determine how much overhead
+we are adding to what, is likely to be, a very common operation.
+
+The other JSON-RPC methods are much less critical to the core functionality of Tendermint.
+While there may other points of performance consideration within the RPC, methods that do not
+receive high volumes of requests should not be prioritized for performance consideration.
+
+NOTE: Previous discussion of the RPC framework was done in [ADR 57][adr-57] and 
+there is ongoing work to inspect and alter the JSON-RPC framework in [RFC 002][rfc-002]. 
+Much of these RPC-related performance considerations can either wait until the work of RFC 002 work is done or be
+considered concordantly with the in-flight changes to the JSON-RPC.
+
+### Protocol
+
+#### Claim: Gossiping messages is a slow process
+
+Currently, for any validator to successfully vote in a consensus _step_, it must
+receive votes from greater than 2/3 of the validators on the network. In many cases,
+it's preferable to receive as many votes as possible from correct validators.
+
+This produces a quadratic increase in messages that are communicated as more validators join the network.
+(Each of the N validators must communicate with all other N-1 validators).
+
+This large number of messages communicated per step has been identified to impact
+performance of the protocol. Given that the number of messages communicated has been
+identified as a bottleneck, it would be extremely valuable to gather data on how long
+it takes for popular chains with many validators to gather all votes within a step.
+
+Metrics that would improve visibility into this include:
+
+* Amount of time for a node to gather votes in a step.
+* Amount of time for a node to gather all block parts.
+* Number of votes each node sends to gossip (i.e. not its own votes, but votes it is
+transmitting for a peer).
+* Total number of votes each node sends to receives (A node may receive duplicate votes
+so understanding how frequently this occurs will be valuable in evaluating the performance
+of the gossip system).
+
+#### Claim: Hashing Txs causes slowdown in Tendermint
+
+Using a faster hash algorithm for Tx hashes is currently a point of discussion
+in Tendermint. Namely, it is being considered as part of the [modular hashing proposal][modular-hashing].
+It is currently unknown if hashing transactions in the Mempool forms a significant bottleneck.
+Although it does not appear to be documented as slow, there are a few open github
+issues that indicate a possible user preference for a faster hashing algorithm,
+including [issue 2187][issue-2187] and [issue 2186][issue-2186]. 
+
+It is likely worth investigating what order of magnitude Tx hashing takes in comparison to other
+aspects of adding a Tx to the mempool. It is not currently clear if the rate of adding Tx
+to the mempool is a source of user pain. We should not endeavor to make large changes to
+consensus critical components without first being certain that the change is highly
+valuable and impactful.
+
+### Digital Signatures
+
+#### Claim: Verification of digital signatures may cause slowdown in Tendermint
+
+Working with cryptographic signatures can be computationally expensive. The cosmos
+hub uses [ed25519 signatures][hub-signature]. The library performing signature
+verification in Tendermint on votes is [benchmarked][ed25519-bench] to be able to perform an `ed25519`
+signature in 75μs on a decently fast CPU. A validator in the Cosmos Hub performs
+3 sets of verifications on the signatures of the 140 validators in the Hub
+in a consensus round, during block verification, when verifying the prevotes, and
+when verifying the precommits. With no batching, this would be roughly `3ms` per
+round. It is quite unlikely, therefore, that this accounts for any serious amount
+of the ~7 seconds of block time per height in the Hub.
+
+This may cause slowdown when syncing, since the process needs to constantly verify
+signatures. It's possible that improved signature aggregation will lead to improved
+light client or other syncing performance. In general, a metric should be added
+to track block rate while blocksyncing.
+
+#### Claim: Our use of digital signatures in the consensus protocol contributes to performance issue
+
+Currently, Tendermint's digital signature verification requires that all validators
+receive all vote messages. Each validator must receive the complete digital signature
+along with the vote message that it corresponds to. This means that all N validators
+must receive messages from at least 2/3 of the N validators in each consensus
+round. Given the potential for oddly shaped network topologies and the expected
+variable network roundtrip times of a few hundred milliseconds in a blockchain,
+it is highly likely that this amount of gossiping is leading to a significant amount
+of the slowdown in the Cosmos Hub and in Tendermint consensus.
+
+### Tendermint Event System
+
+#### Claim: The event system is a bottleneck in Tendermint
+
+The Tendermint Event system is used to communicate and store information about
+internal Tendermint execution. The system uses channels internally to send messages
+to different subscribers. Sending an event [blocks on the internal channel][event-send].
+The default configuration is to [use an unbuffered channel for event publishes][event-buffer-capacity].
+Several consumers of the event system also use an unbuffered channel for reads.
+An example of this is the [event indexer][event-indexer-unbuffered], which takes an
+unbuffered subscription to the event system. The result is that these unbuffered readers
+can cause writes to the event system to block or slow down depending on contention in the
+event system. This has implications for the consensus system, which [publishes events][consensus-event-send].
+To better understand the performance of the event system, we should add metrics to track the timing of
+event sends. The following metrics would be a good start for tracking this performance:
+
+* Time in event send, labeled by Event Type
+* Time in event receive, labeled by subscriber
+* Event throughput, measured in events per unit time.
+
+### References
+[modular-hashing]: https://github.com/tendermint/tendermint/pull/6773
+[issue-2186]: https://github.com/tendermint/tendermint/issues/2186
+[issue-2187]: https://github.com/tendermint/tendermint/issues/2187
+[rfc-002]: https://github.com/tendermint/tendermint/pull/6913
+[adr-57]: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-057-RPC.md
+[issue-1319]: https://github.com/tendermint/tendermint/issues/1319
+[abci-commit-description]: https://github.com/tendermint/spec/blob/master/spec/abci/apps.md#commit
+[abci-local-client-code]: https://github.com/tendermint/tendermint/blob/511bd3eb7f037855a793a27ff4c53c12f085b570/abci/client/local_client.go#L84
+[hub-signature]: https://github.com/cosmos/gaia/blob/0ecb6ed8a244d835807f1ced49217d54a9ca2070/docs/resources/genesis.md#consensus-parameters
+[ed25519-bench]: https://github.com/oasisprotocol/curve25519-voi/blob/d2e7fc59fe38c18ca990c84c4186cba2cc45b1f9/PERFORMANCE.md
+[event-send]: https://github.com/tendermint/tendermint/blob/5bd3b286a2b715737f6d6c33051b69061d38f8ef/libs/pubsub/pubsub.go#L338
+[event-buffer-capacity]: https://github.com/tendermint/tendermint/blob/5bd3b286a2b715737f6d6c33051b69061d38f8ef/types/event_bus.go#L14
+[event-indexer-unbuffered]: https://github.com/tendermint/tendermint/blob/5bd3b286a2b715737f6d6c33051b69061d38f8ef/state/indexer/indexer_service.go#L39
+[consensus-event-send]: https://github.com/tendermint/tendermint/blob/5bd3b286a2b715737f6d6c33051b69061d38f8ef/internal/consensus/state.go#L1573
+[sdk-query-fix]: https://github.com/cosmos/cosmos-sdk/pull/10045
--- a/docs/rfc/rfc-004-e2e-framework.rst
+++ b/docs/rfc/rfc-004-e2e-framework.rst
@@ -0,0 +1,213 @@
+========================================
+RFC 004: E2E Test Framework Enhancements
+========================================
+
+Changelog
+---------
+
+- 2021-09-14: started initial draft (@tychoish)
+
+Abstract
+--------
+
+This document discusses a series of improvements to the e2e test framework
+that we can consider during the next few releases to help boost confidence in
+Tendermint releases, and improve developer efficiency.
+
+Background
+----------
+
+During the 0.35 release cycle, the E2E tests were a source of great
+value, helping to identify a number of bugs before release. At the same time,
+the tests were not consistently passing during this time, thereby reducing
+their value, and forcing the core development team to allocate time and energy
+to maintaining and chasing down issues with the e2e tests and the test
+harness. The experience of this release cycle calls to mind a series of
+improvements to the test framework, and this document attempts to capture
+these improvements, along with motivations, and potential for impact.
+
+Projects
+--------
+
+Flexible Workload Generation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Presently the e2e suite contains a single workload generation pattern, which
+exists simply to ensure that the test networks have some work during their
+runs. However, the shape and volume of the work is very consistent and is very
+gentle to help ensure test reliability.
+
+We don't need a complex workload generation framework, but being able to have 
+a few different workload shapes available for test networks, both generated and
+hand-crafted, would be useful.
+
+Workload patterns/configurations might include:
+
+- transaction targeting patterns (include light nodes, round robin, target
+  individual nodes)
+
+- variable transaction size over time.
+
+- transaction broadcast option (synchronously, checked, fire-and-forget,
+  mixed).
+
+- number of transactions to submit.
+
+- non-transaction workloads: (evidence submission, query, event subscription.)
+
+Configurable Generator
+~~~~~~~~~~~~~~~~~~~~~~
+
+The nightly e2e suite is defined by the `testnet generator
+<https://github.com/tendermint/tendermint/blob/master/test/e2e/generator/generate.go#L13-L65>`_,
+and it's difficult to add dimensions or change the focus of the test suite in
+any way without modifying the implementation of the generator. If the
+generator were more configurable, potentially via a file rather than in
+the Go implementation, we could modify the focus of the test suite on the
+fly.
+
+Features that we might want to configure:
+
+- number of test networks to generate of various topologies, to improve
+  coverage of different configurations.
+
+- test application configurations (to modify the latency of ABCI calls, etc.)
+
+- size of test networks.
+
+- workload shape and behavior.
+
+- initial sync and catch-up configurations.
+
+The workload generator currently provides runtime options for limiting the
+generator to specific types of P2P stacks, and for generating multiple groups
+of test cases to support parallelism. The goal is to extend this pattern and
+avoid hardcoding the matrix of test cases in the generator code.  Once the
+testnet configuration generation behavior is configurable at runtime,
+developers may be able to use the e2e framework to validate changes before
+landing changes that break e2e tests a day later.
+
+In addition to the autogenerated suite, it might make sense to maintain a
+small collection of hand-crafted cases that exercise configurations of
+concern, to run as part of the nightly (or less frequent) loop.
+
+Implementation Plan Structure
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As a development team, we should determine the features should impact the e2e
+testing early in the development cycle, and if we intend to modify the e2e
+tests to exercise a feature, we should identify this early and begin the
+integration process as early as possible.
+
+To facilitate this, we should adopt a practice whereby we exercise specific
+features that are currently under development more rigorously in the e2e
+suite, and then as development stabilizes we can reduce the number or weight
+of these features in the suite.
+
+As of 0.35 there are essentially two end to end tests: the suite of 64
+generated test networks, and the hand crafted `ci.toml` test case. The
+generated test cases help provide systemtic coverage, while the `ci` run 
+provides coverage for a large number of features. 
+
+Reduce Cycle Time
+~~~~~~~~~~~~~~~~~
+
+One of the barriers to leveraging the e2e framework, and one of the challenges
+in debugging failures, is the cycle time of running a single test iteration is
+quite high: 5 minutes to build the docker image, plus the time to run the test
+or tests.
+
+There are a number of improvements and enhancements that can reduce the cycle
+time in practice:
+
+- reduce the amount of time required to build the docker image used in these
+  tests. Without the dependency on CGo, the tendermint binaries could be
+  (cross) compiled outside of the docker container and then injected into
+  them, which would take better advantage of docker's native caching,
+  although, without the dependency on CGo there would be no hard requirement
+  for the e2e tests to use docker.
+
+- support test parallelism. Because of the way the testnets are orchestrated
+  a single system can really only run one network at a time. For executions
+  (local or remote) with more resources, there's no reason to run a few
+  networks in parallel to reduce the feedback time.
+
+- prune testnet configurations that are unlikely to provide good signal, to
+  shorten the time to feedback.
+
+- apply some kind of tiered approach to test execution, to improve the
+  legibility of the test result. For example order tests by the dependency of
+  their features, or run test networks without perturbations before running
+  that configuration with perturbations, to be able to isolate the impact of
+  specific features.
+
+- orchestrate the test harness directly from go test rather than via a special
+  harness and shell scripts so e2e tests may more naively fit into developers
+  existing workflows.
+
+Many of these improvements, particularly, reducing the build time will also
+reduce the time to get feedback during automated builds.
+
+Deeper Insights
+~~~~~~~~~~~~~~~
+
+When a test network fails, it's incredibly difficult to understand _why_ the
+network failed, as the current system provides very little insight into the
+system outside of the process logs. When a test network stalls or fails
+developers should be able to quickly and easily get a sense of the state of
+the network and all nodes.
+
+Improvements in persuit of this goal, include functionality that would help
+node operators in production environments by improving the quality and utility
+of the logging messages and other reported metrics, but also provide some
+tools to collect and aggregate this data for developers in the context of test
+networks.
+
+- Interleave messages from all nodes in the network to be able to correlate
+  events during the test run.
+
+- Collect structured metrics of the system operation (CPU/MEM/IO) during the
+  test run, as well as from each tendermint/application process.
+
+- Build (simple) tools to be able to render and summarize the data collected
+  during the test run to answer basic questions about test outcome.
+
+Flexible Assertions
+~~~~~~~~~~~~~~~~~~~
+
+Currently, all assertions run for every test network, which makes the
+assertions pretty bland, and the framework primarily useful as a smoke-test
+framework, but it might be useful to be able to write and run different
+tests for different configurations. This could allow us to test outside of the
+happy-path.
+
+In general our existing assertions occupy a fraction of the total test time,
+so the relative cost of adding a few extra test assertions would be of limited
+cost, and could help build confidence.
+
+Additional Kinds of Testing
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The existing e2e suite, exercises networks of nodes that have homogeneous
+tendermint version, stable configuration, that are expected to make
+progress. There are many other possible test configurations that may be
+interesting to engage with. These could include dimensions, such as:
+
+- Multi-version testing to exercise our compatibility guarantees for networks
+  that might have different tendermint versions.
+
+- As a flavor or mult-version testing, include upgrade testing, to build
+  confidence in migration code and procedures.
+
+- Additional test applications, particularly practical-type applciations
+  including some that use gaiad and/or the cosmos-sdk. Test-only applications
+  that simulate other kinds of applications (e.g. variable application
+  operation latency.)
+
+- Tests of "non-viable" configurations that ensure that forbidden combinations
+  lead to halts.
+
+References
+----------
+
+- `ADR 66: End-to-End Testing <../architecture/adr-66-e2e-testing.md>`_
--- a/docs/rfc/rfc-005-event-system.rst
+++ b/docs/rfc/rfc-005-event-system.rst
@@ -0,0 +1,122 @@
+=====================
+RFC 005: Event System
+=====================
+
+Changelog
+---------
+
+- 2021-09-17: Initial Draft (@tychoish)
+
+Abstract
+--------
+
+The event system within Tendermint, which supports a lot of core
+functionality, also represents a major infrastructural liability. As part of
+our upcoming review of the RPC interfaces and our ongoing thoughts about
+stability and performance, as well as the preparation for Tendermint 1.0, we
+should revisit the design and implementation of the event system. This
+document discusses both the current state of the system and potential
+directions for future improvement.
+
+Background
+----------
+
+Current State of Events
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The event system makes it possible for clients, both internal and external,
+to receive notifications of state replication events, such as new blocks,
+new transactions, validator set changes, as well as intermediate events during
+consensus. Because the event system is very cross cutting, the behavior and
+performance of the event publication and subscription system has huge impacts
+for all of Tendermint.
+
+The subscription service is exposed over the RPC interface, but also powers
+the indexing (e.g. to an external database,) and is the mechanism by which
+`BroadcastTxCommit` is able to wait for transactions to land in a block.
+
+The current pubsub mechanism relies on a couple of buffered channels,
+primarily between all event creators and subscribers, but also for each
+subscription. The result of this design is that, in some situations with the
+right collection of slow subscription consumers the event system can put
+backpressure on the consensus state machine and message gossiping in the
+network, thereby causing nodes to lag.
+
+Improvements
+~~~~~~~~~~~~
+
+The current system relies on implicit, bounded queues built by the buffered channels,
+and though threadsafe, can force all activity within Tendermint to serialize,
+which does not need to happen. Additionally, timeouts for subscription
+consumers related to the implementation of the RPC layer, may complicate the
+use of the system.
+
+References
+~~~~~~~~~~
+
+- Legacy Implementation
+  - `publication of events <https://github.com/tendermint/tendermint/blob/master/libs/pubsub/pubsub.go#L333-L345>`_ 
+  - `send operation <https://github.com/tendermint/tendermint/blob/master/libs/pubsub/pubsub.go#L489-L527>`_ 
+  - `send loop <https://github.com/tendermint/tendermint/blob/master/libs/pubsub/pubsub.go#L381-L402>`_
+- Related RFCs 
+  - `RFC 002: IPC Ecosystem <./rfc-002-ipc-ecosystem.md>`_ 
+  - `RFC 003: Performance Questions <./rfc-003-performance-questions.md>`_ 
+
+Discussion
+----------
+
+Changes to Published Events
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As part of this process, the Tendermint team should do a study of the existing
+event types and ensure that there are viable production use cases for
+subscriptions to all event types. Instinctively it seems plausible that some
+of the events may not be useable outside of tendermint, (e.g. ``TimeoutWait``
+or ``NewRoundStep``) and it might make sense to remove them. Certainly, it
+would be good to make sure that we don't maintain infrastructure for unused or
+un-useful message indefinitely.
+
+Blocking Subscription
+~~~~~~~~~~~~~~~~~~~~~
+
+The blocking subscription mechanism makes it possible to have *send*
+operations into the subscription channel be un-buffered (the event processing
+channel is still buffered.) In the blocking case, events from one subscription
+can block processing that event for other non-blocking subscriptions. The main
+case, it seems for blocking subscriptions is ensuring that a transaction has
+been committed to a block for ``BroadcastTxCommit``. Removing blocking
+subscriptions entirely, and potentially finding another way to implement
+``BroadcastTxCommit``, could lead to important simplifications and
+improvements to throughput without requiring large changes.
+
+Subscription Identification
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Before `#6386 <https://github.com/tendermint/tendermint/pull/6386>`_, all
+subscriptions were identified by the combination of a client ID and a query,
+and with that change, it became possible to identify all subscription given
+only an ID, but compatibility with the legacy identification means that there's a
+good deal of legacy code as well as client side efficiency that could be
+improved. 
+
+Pubsub Changes
+~~~~~~~~~~~~~~
+
+The pubsub core should be implemented in a way that removes the possibility of
+backpressure from the event system to impact the core system *or* for one
+subscription to impact the behavior of another area of the
+system. Additionally, because the current system is implemented entirely in
+terms of a collection of buffered channels, the event system (and large
+numbers of subscriptions) can be a source of memory pressure. 
+
+These changes could include: 
+
+- explicit cancellation and timeouts promulgated from callers (e.g. RPC end
+  points, etc,) this should be done using contexts.
+
+- subscription system should be able to spill to disk to avoid putting memory
+  pressure on the core behavior of the node (consensus, gossip).
+  
+- subscriptions implemented as cursors rather than channels, with either
+  condition variables to simulate the existing "push" API or a client side
+  iterator API with some kind of long polling-type interface. 
--- a/docs/rfc/rfc-006-event-subscription.md
+++ b/docs/rfc/rfc-006-event-subscription.md
@@ -0,0 +1,204 @@
+# RFC 006: Event Subscription
+
+## Changelog
+
+- 30-Oct-2021: Initial draft (@creachadair)
+
+## Abstract
+
+The Tendermint consensus node allows clients to subscribe to its event stream
+via methods on its RPC service.  The ability to view the event stream is
+valuable for clients, but the current implementation has some deficiencies that
+make it difficult for some clients to use effectively. This RFC documents these
+issues and discusses possible approaches to solving them.
+
+
+## Background
+
+A running Tendermint consensus node exports a [JSON-RPC service][rpc-service]
+that provides a [large set of methods][rpc-methods] for inspecting and
+interacting with the node.  One important cluster of these methods are the
+`subscribe`, `unsubscribe`, and `unsubscribe_all` methods, which permit clients
+to subscribe to a filtered stream of the [events generated by the node][events]
+as it runs.
+
+Unlike the other methods of the service, the methods in the "event
+subscription" cluster are not accessible via [ordinary HTTP GET or POST
+requests][rpc-transport], but require upgrading the HTTP connection to a
+[websocket][ws].  This is necessary because the `subscribe` request needs a
+persistent channel to deliver results back to the client, and an ordinary HTTP
+connection does not reliably persist across multiple requests.  Since these
+methods do not work properly without a persistent channel, they are _only_
+exported via a websocket connection, and are not routed for plain HTTP.
+
+
+## Discussion
+
+There are some operational problems with the current implementation of event
+subscription in the RPC service:
+
+- **Event delivery is not valid JSON-RPC.** When a client issues a `subscribe`
+  request, the server replies (correctly) with an initial empty acknowledgement
+  (`{}`). After that, each matching event is delivered "unsolicited" (without
+  another request from the client), as a separate [response object][json-response]
+  with the same ID as the initial request.
+
+  This matters because it means a standard JSON-RPC client library can't
+  interact correctly with the event subscription mechanism.
+
+  Even for clients that can handle unsolicited values pushed by the server,
+  these responses are invalid: They have an ID, so they cannot be treated as
+  [notifications][json-notify]; but the ID corresponds to a request that was
+  already completed.  In practice, this means that general-purpose JSON-RPC
+  libraries cannot use this method correctly -- it requires a custom client.
+
+  The Go RPC client from the Tendermint core can support this case, but clients
+  in other languages have no easy solution.
+
+  This is the cause of issue [#2949][issue2949].
+
+- **Subscriptions are terminated by disconnection.** When the connection to the
+  client is interrupted, the subscription is silently dropped.
+
+  This is a reasonable behavior, but it matters because a client whose
+  subscription is dropped gets no useful error feedback, just a closed
+  connection.  Should they try again?  Is the node overloaded?  Was the client
+  too slow?  Did the caller forget to respond to pings? Debugging these kinds
+  of failures is unnecessarily painful.
+
+  Websockets compound this, because websocket connections time out if no
+  traffic is seen for a while, and keeping them alive requires active
+  cooperation between the client and server.  With a plain TCP socket, liveness
+  is handled transparently by the keepalive mechanism.  On a websocket,
+  however, one side has to occasionally send a PING (if the connection is
+  otherwise idle).  The other side must return a matching PONG in time, or the
+  connection is dropped.  Apart from being tedious, this is highly susceptible
+  to CPU load.
+
+  The Tendermint Go implementation automatically sends and responds to pings.
+  Clients in other languages (or not wanting to use the Tendermint libraries)
+  need to handle it explicitly.  This burdens the client for no practical
+  benefit: A subscriber has no information about when matching events may be
+  available, so it shouldn't have to participate in keeping the connection
+  alive.
+
+- **Mismatched load profiles.** Most of the RPC service is mainly important for
+  low-volume local use, either by the application the node serves (e.g., the
+  ABCI methods) or by the node operator (e.g., the info methods).  Event
+  subscription is important for remote clients, and may represent a much higher
+  volume of traffic.
+
+  This matters because both are using the same JSON-RPC mechanism. For
+  low-volume local use, the ergonomics of JSON-RPC are a good fit: It's easy to
+  issue queries from the command line (e.g., using `curl`) or to write scripts
+  that call the RPC methods to monitor the running node.
+
+  For high-volume remote use, JSON-RPC is not such a good fit: Even leaving
+  aside the non-standard delivery protocol mentioned above, the time and memory
+  cost of encoding event data matters for the stability of the node when there
+  can be potentially hundreds of subscribers. Moreover, a subscription is
+  long-lived compared to most RPC methods, in that it may persist as long the
+  node is active.
+
+- **Mismatched security profiles.** The RPC service exports several methods
+  that should not be open to arbitrary remote callers, both for correctness
+  reasons (e.g., `remove_tx` and `broadcast_tx_*`) and for operational
+  stability reasons (e.g., `tx_search`). A node may still need to expose
+  events, however, to support UI tools.
+
+  This matters, because all the methods share the same network endpoint. While
+  it is possible to block the top-level GET and POST handlers with a proxy,
+  exposing the `/websocket` handler exposes not _only_ the event subscription
+  methods, but the rest of the service as well.
+
+### Possible Improvements
+
+There are several things we could do to improve the experience of developers
+who need to subscribe to events from the consensus node. These are not all
+mutually exclusive.
+
+1. **Split event subscription into a separate service**. Instead of exposing
+   event subscription on the same endpoint as the rest of the RPC service,
+   dedicate a separate endpoint on the node for _only_ event subscription.  The
+   rest of the RPC services (_sans_ events) would remain as-is.
+
+   This would make it easy to disable or firewall outside access to sensitive
+   RPC methods, without blocking access to event subscription (and vice versa).
+   This is probably worth doing, even if we don't take any of the other steps
+   described here.
+
+2. **Use a different protocol for event subscription.** There are various ways
+   we could approach this, depending how much we're willing to shake up the
+   current API. Here are sketches of a few options:
+
+   - Keep the websocket, but rework the API to be more JSON-RPC compliant,
+     perhaps by converting event delivery into notifications.  This is less
+     up-front change for existing clients, but retains all of the existing
+     implementation complexity, and doesn't contribute much toward more serious
+     performance and UX improvements later.
+
+   - Switch from websocket to plain HTTP, and rework the subscription API to
+     use a more conventional request/response pattern instead of streaming.
+     This is a little more up-front work for existing clients, but leverages
+     better library support for clients not written in Go.
+
+     The protocol would become more chatty, but we could mitigate that with
+     batching, and in return we would get more control over what to do about
+     slow clients: Instead of simply silently dropping them, as we do now, we
+     could drop messages and signal the client that they missed some data ("M
+     dropped messages since your last poll").
+
+     This option is probably the best balance between work, API change, and
+     benefit, and has a nice incidental effect that it would be easier to debug
+     subscriptions from the command-line, like the other RPC methods.
+
+   - Switch to gRPC: Preserves a persistent connection and gives us a more
+     efficient binary wire format (protobuf), at the cost of much more work for
+     clients and harder debugging. This may be the best option if performance
+     and server load are our top concerns.
+
+     Given that we are currently using JSON-RPC, however, I'm not convinced the
+     costs of encoding and sending messages on the event subscription channel
+     are the limiting factor on subscription efficiency, however.
+
+3. **Delegate event subscriptions to a proxy.** Give responsibility for
+   managing event subscription to a proxy that runs separately from the node,
+   and switch the node to push events to the proxy (like a webhook) instead of
+   serving subscribers directly.  This is more work for the operator (another
+   process to configure and run) but may scale better for big networks.
+
+   I mention this option for completeness, but making this change would be a
+   fairly substantial project.  If we want to consider shifting responsibility
+   for event subscription outside the node anyway, we should probably be more
+   systematic about it. For a more principled approach, see point (4) below.
+
+4. **Move event subscription downstream of indexing.** We are already planning
+   to give applications more control over event indexing. By extension, we
+   might allow the application to also control how events are filtered,
+   queried, and subscribed. Having the application control these concerns,
+   rather than the node, might make life easier for developers building UI and
+   tools for that application.
+
+   This is a much larger change, so I don't think it is likely to be practical
+   in the near-term, but it's worth considering as a broader option. Some of
+   the existing code for filtering and selection could be made more reusable,
+   so applications would not need to reinvent everything.
+
+
+## References
+
+- [Tendermint RPC service][rpc-service]
+- [Tendermint RPC routes][rpc-methods]
+- [Discussion of the event system][events]
+- [Discussion about RPC transport options][rpc-transport] (from RFC 002)
+- [RFC 6455: The websocket protocol][ws]
+- [JSON-RPC 2.0 Specification](https://www.jsonrpc.org/specification)
+
+[rpc-service]: https://docs.tendermint.com/master/rpc/
+[rpc-methods]: https://github.com/tendermint/tendermint/blob/master/internal/rpc/core/routes.go#L12
+[events]: ./rfc-005-event-system.rst
+[rpc-transport]: ./rfc-002-ipc-ecosystem.md#rpc-transport
+[ws]: https://datatracker.ietf.org/doc/html/rfc6455
+[json-response]: https://www.jsonrpc.org/specification#response_object
+[json-notify]: https://www.jsonrpc.org/specification#notification
+[issue2949]: https://github.com/tendermint/tendermint/issues/2949
--- a/Show More
+++ b/Show More