do not run docker as root

Author: Jiloc

contrib/tools/config-docs-generator/Dockerfile

@@ -13,6 +13,10 @@ WORKDIR /build
 # Copy from three levels up (project root) to maintain the directory structure
 COPY ../../../ /build
 
+RUN useradd -ms /bin/bash docs-builder
+RUN chown docs-builder -R /build
+USER docs-builder
+
 # Pre-build the config-docs-generator binaries during image build
 RUN cargo build --package config-docs-generator --release
 

docs/generated/configuration-reference.md

@@ -193,7 +193,7 @@ The configuration is automatically generated from the Rust source code documenta
 | [<span id="miner-filter_origins">filter_origins</span>](#miner-filter_origins) | A comma separated list of Stacks addresses to whitelist so that only<br>transactions from these addresses should be considered during the mempool walk<br>for block building. If this list is non-empty, any transaction whose origin<br>address is *not* in this set will be skipped.<br><br>This allows miners to prioritize transactions originating from specific accounts that are<br>important to them.<br>Configured as a comma-separated string of standard Stacks addresses<br>(e.g., "ST123...,ST456...") in the configuration file.<br><br>**Example:**<br><pre><code>filter_origins = "ST2QKZ4FKHAH1NQKYKYAYZPY440FEPK7GZ1R5HBP2,ST319CF5WV77KYR1H3GT0GZ7B8Q4AQPY42ETP1VPF"</code></pre> | Empty set (all origins are considered). |
 | [<span id="miner-first_rejection_pause_ms">first_rejection_pause_ms</span>](#miner-first_rejection_pause_ms) | Time in milliseconds to pause after receiving the first threshold rejection,<br>before proposing a new block.<br><br>When a miner's block proposal fails to gather enough signatures from the<br>signers for the first time at a given height, the miner will pause for this<br>duration before attempting to mine and propose again.<br><br>**Units:** milliseconds | `5_000` |
 | [<span id="miner-max_execution_time_secs">max_execution_time_secs</span>](#miner-max_execution_time_secs) | Defines the maximum execution time (in seconds) allowed for a single contract call transaction.<br><br>When processing a transaction (contract call or smart contract deployment),<br>if this option is set, and the execution time exceeds this limit, the<br>transaction processing fails with an `ExecutionTimeout` error, and the<br>transaction is skipped. This prevents potentially long-running or<br>infinite-loop transactions from blocking block production.<br><br>**Units:** seconds | `None` (no execution time limit) |
-| [<span id="miner-mempool_walk_strategy">mempool_walk_strategy</span>](#miner-mempool_walk_strategy) | Strategy for selecting the next transaction candidate from the mempool.<br>Controls prioritization between maximizing immediate fee capture vs. ensuring<br>transaction nonce order for account progression and processing efficiency.<br><br>See `MemPoolWalkStrategy` for variant details.<br><br>Possible values (use variant names for configuration):<br>- `"GlobalFeeRate"`: Selects the transaction with the highest fee rate globally.<br>- `"NextNonceWithHighestFeeRate"`: Selects the highest-fee transaction among those<br>  matching the next expected nonce for sender/sponsor accounts. | `"GlobalFeeRate"` |
+| [<span id="miner-mempool_walk_strategy">mempool_walk_strategy</span>](#miner-mempool_walk_strategy) | Strategy for selecting the next transaction candidate from the mempool.<br>Controls prioritization between maximizing immediate fee capture vs. ensuring<br>transaction nonce order for account progression and processing efficiency.<br><br>See `MemPoolWalkStrategy` for variant details.<br><br>Possible values (use variant names for configuration):<br>- `"GlobalFeeRate"`: Selects the transaction with the highest fee rate globally.<br>- `"NextNonceWithHighestFeeRate"`: Selects the highest-fee transaction among those<br>  matching the next expected nonce for sender/sponsor accounts. | `"NextNonceWithHighestFeeRate"` |
 | [<span id="miner-min_time_between_blocks_ms">min_time_between_blocks_ms</span>](#miner-min_time_between_blocks_ms) | The minimum time to wait between mining blocks in milliseconds. The value<br>must be greater than or equal to 1000 ms because if a block is mined<br>within the same second as its parent, it will be rejected by the signers.<br><br>This check ensures compliance with signer rules that prevent blocks with<br>identical timestamps (at second resolution) to their parents. If a lower<br>value is configured, 1000 ms is used instead.<br><br>**Units:** milliseconds | `1_000` |
 | [<span id="miner-mining_key">mining_key</span>](#miner-mining_key) | The private key (Secp256k1) used for signing blocks, provided as a hex string.<br><br>This key must be present at runtime for mining operations to succeed. | - if the `[miner]` section *is present* in the config file: [[node].seed](#node-seed) <br>- else: `None` |
 | [<span id="miner-nakamoto_attempt_time_ms">nakamoto_attempt_time_ms</span>](#miner-nakamoto_attempt_time_ms) | Maximum time (in milliseconds) the miner spends selecting transactions from<br>the mempool when assembling a Nakamoto block. Once this duration is exceeded,<br>the miner stops adding transactions and finalizes the block with those<br>already selected.<br><br>**Units:** milliseconds | `5_000` (5 seconds) |