I don't have too strong opinion, but it might make sense to use V1 struct with all the fields instead of ext here. Or at least call it V0Ext to clarify the connection between these two.

We don't need hacky indexing here because only RW entries can be restored.

Also, I've mentioned this already offline, I think we should have a vec of indices of entries that need to be restored. This will reduce the size of 99% of transactions as almost no transactions need to restore any entries. I think a slight increase in size for the txs that do restore entries is worth it. Also, it will be easier to interpret a sequence of indicies vs an opaque blob.

I agree with @dmkozh I think a separate list of just the evicted entries is easier to understand and will be more space efficient in the average case

Did a little digging and we're currently averaging 1.367 keys per restore op. I thought it would be way higher so I agree, vector of indices is better. Should we go uint8 or uint16? Do we ever forsee footprints going beyond 255?

I'd go for u16 just in case. The overhead is marginal, but I'd say accessing 255+ keys is not out of the realm of possibility Though restoring 255+ entries seems unlikely... Still, I feel like it might create unnecessary confusion in the future.

Are you planning to have 16-bit integer values in the XDR? XDR doesn't support a 16-bit integer type, the smallest integer is a 32-bit, because all values in XDR are padded to 4 bytes, so a 1 or 2 byte value would be 4 bytes anyway.

You can actually have a vector of 16 bits if you bitpack an opaque vector. For example, we do this in the fingerprints vector in SerializedBinaryFuseFilter. I've followed a similar spec here where I just use an opaque vector.

What about the proofs, do we allocate an ext for these?

I didn't include it in this CAP just because they aren't necessary until full state archival.

what happens if you mark a ledger entry as evicted in the invoke host function operation but during application it turns out the ledger entry has already been restored? will the operation still succeed?

I assume that if a ledger entry is not present in evictedSorobanEntries and it turns out that the ledger entry is evicted, the transaction will fail regardless of whether there are enough fees to pay for the unexpected write. Is that correct?

Yeah, if you don't mark an entry as evicted you fail. If you do mark it as evicted and it's not, you're spending more in fees and resources, so we shouldn't fail. I'll update this section, but if an entry is marked evicted, we should charge it as if it's evicted no matter what, but not fail if it's actually live.

See added "Incorrect Entries in evictedSorobanEntries Vector" section.

TBH for the sake of interpretability I'd probably just have these as a normal vector of ints.

Should we say expired entries here instead of archived?

Is it possible to split limits and fees in different structs? That way the one with fees can have cost in the name (ConfigSettingContractLedgerCost) while the other one could be named ConfigSettingContractLedgerLimitV1.

(Probably a question for @dmkozh)

Originally I did that, but Dima suggested one struct instead (I unresolved the comment above for context). I don't care particularly strongly either way.

Is it possible to split limits and fees in different structs?

We didn't do that initially, and I don't think it makes much sense to change this now. Conceptually the 'cost' here concerns both resource limits ('cost' for the validators) and fees ('cost' for the user).

Originally I did that, but Dima suggested one struct instead

FWIW I suggested to use one struct for the setting version migration, this wasn't about separating the fees and limits. But this is the first time we do a setting update and there is no well-defined process yet. Giving this a second thought, I think going the extension way is probably less disruptive for anyone who consumes these settings, as having two versions introduces the risk of using the deprecated value. The name should be ConfigSettingContractLedgerCostV0Ext then. Version bumps should probably be reserved for non-incremental and truly breaking changes. Sorry for the confusion, I should have thought more about this initially.

Worth asking the ecosytem on deprecating this Op. Only thing I can think of is that if admin doesn't want the users to incur the restoration fees and keeps expired/archived entries restored on behalf of the users.

Should we refer to the states as live, expired, archived? This way expired indicates those still in live BL but not evicted and archived refers to those in hot archive BL.

Same thought here if we should call expired for entries in live BL and archived for entries that are evicted from live and are in hot archive.

This way archived entries count towards disk resources while expired ones are in-memory.

typo: an issue

Should we call this archivedEntries dropping Soroban in the name since its already inside _Soroban_ResourcesExtV0 struct?

One reason to not deprecated RestoreFootprintOp.

Maybe we should highlight this up top that background eviction will remove in-memory Soroban entries.