feat!: scoped capsules#21533
Merged
Merged
Conversation
Second part of implementing scopes in capsules. First part at: #21533 - Makes CapsuleArray's scope aware. - Introduces a `CapsuleArray::at_global_scope` that defaults to no-scope, which provides the legacy, unscoped behavior - Replaces all usages of `CapsuleArray::at` with `CapsuleArray::at_global_scope`, to allow future PRs to deal with each case - Makes `CapsuleArray::at` work only with explicit scopes, intended to be the default Closes F-458
Depends on #21588 Uses the new scoped functionalities of capsules from as many places in the codebase as possible Note: this PR makes the distinction between stored capsules and volatile arrays even more painfully clear, as capsules used just for rpc comms between Aztec.nr and PXE don't really need a scope but at the same time would be better off not being global to remove concurrency constraints Closes F-459
Collaborator
|
❌ Failed to cherry-pick to |
AztecBot
added a commit
that referenced
this pull request
Mar 25, 2026
Cherry-pick of 3029216 with conflicts.
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Mar 25, 2026
BEGIN_COMMIT_OVERRIDE fix: interactions clean up (#21933) fix(stdlib): decode `EthAddress`, `FunctionSelector` and wrapped field structs in `AbiDecoder` (#21926) fix: bot gas estimations (#21945) refactor(aztec-nr): use logging wrappers in compute_note_hash_and_nullifier (#21897) feat: add error page mapping for incompatible oracles (#21943) fix(pxe): robust error handling in message processing (#21093) fix: make PXE#getSyncedBlockHeader a concurrency=1 job to prevent IDB tx liveness issues (#21944) fix(aztec-up): validate semver in uninstall to prevent path traversal (#21892) fix(aztec-up): add truncation protection to install scripts (#21896) feat!: scoped capsules (#21533) END_COMMIT_OVERRIDE
mverzilli
pushed a commit
that referenced
this pull request
Mar 25, 2026
## Summary Backport of #21533 (feat!: scoped capsules) to v4-next. The automatic cherry-pick failed due to conflicts in 7 files. This PR preserves the full cherry-pick history: 1. **Cherry-pick with conflicts** — raw cherry-pick of `3029216084` with conflict markers committed as-is 2. **Conflict resolution** — resolved all 7 conflicted files: - `docs/docs-developers/docs/resources/migration_notes.md` — added new migration notes under TBD - `noir-projects/aztec-nr/aztec/src/macros/aztec.nr` — took PR's `$offchain_inbox_sync_option` macro variable + `scope` param - `noir-projects/aztec-nr/aztec/src/messages/discovery/mod.nr` — added `scope` param to `get_private_logs` call - `yarn-project/pxe/src/contract_function_simulator/noir-structs/message_tx_context.ts` — accepted deletion (PR removes this file) - `yarn-project/pxe/src/contract_function_simulator/oracle/utility_execution.test.ts` — renamed method + added scope param - `yarn-project/pxe/src/logs/log_service.ts` — took PR's simplified single-recipient approach, moved deduplication into `#getSecretsForSenders` - `yarn-project/pxe/src/oracle_version.ts` — took PR's oracle interface hash 3. **Build fixes** — added missing `offchain_inbox_sync_option` variable definition and updated `generate_sync_state` function signature in `aztec.nr` ClaudeBox log: https://claudebox.work/s/358dd3e35e1d8542?run=1
nchamo
added a commit
that referenced
this pull request
Mar 26, 2026
BEGIN_COMMIT_OVERRIDE feat!: scoped capsules (backport #21533) (#21986) feat(aztec-nr): add initialization check to utility functions (#21751) refactor(aztec-nr): remove storage from init_test_contract (#21996) fix(p2p): check peer rate limit before global to prevent quota starvation (#21997) chore: remove claude file (#22012) fix: disallow infinite pubkeys (#22026) END_COMMIT_OVERRIDE
2 tasks
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Mar 27, 2026
Reverting [bad decision of mine](#21533 (comment)) from a while ago. ## Summary - Copies the version oracle into `aztec_sublib` so it no longer depends on the `aztec` (aztecnr) crate - Removes the `aztec` dependency from `aztec_sublib/Nargo.toml` - Makes `aztec_sublib` fully independent, allowing it to be audited and versioned separately from aztecnr Resolves https://linear.app/aztec-labs/issue/F-466/extract-oracles-mod-specifically-for-aztec-sublib ## Test plan - [x] `nargo check --package fee_juice_contract` compiles successfully - [x] No remaining `aztec::` imports in aztec_sublib 🤖 Generated with [Claude Code](https://claude.com/claude-code)
AztecBot
pushed a commit
that referenced
this pull request
Mar 27, 2026
Reverting [bad decision of mine](#21533 (comment)) from a while ago. ## Summary - Copies the version oracle into `aztec_sublib` so it no longer depends on the `aztec` (aztecnr) crate - Removes the `aztec` dependency from `aztec_sublib/Nargo.toml` - Makes `aztec_sublib` fully independent, allowing it to be audited and versioned separately from aztecnr Resolves https://linear.app/aztec-labs/issue/F-466/extract-oracles-mod-specifically-for-aztec-sublib ## Test plan - [x] `nargo check --package fee_juice_contract` compiles successfully - [x] No remaining `aztec::` imports in aztec_sublib 🤖 Generated with [Claude Code](https://claude.com/claude-code)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Expands capsules to be addressed not only by contract address but also by scope. This changes
loadCapsule,storeCapsule,deleteCapsule, andcopyCapsulethrough various layers, in most cases by introducing a new scope param. This means different things at different layers:CapsuleStorechanges how it creates DB row keys to store capsule content, by adding the scope address as part of key computation. Address=ZERO then becomes global scope. Note this means legacy behavior is possible by providing a zero scope (though this should be frowned upon).load, that would have caused behavioral drift.CapsuleArray
CapsuleArray::atwork only with explicit scopes, intended to be the defaultContract sync
Contract sync flows rely heavily on capsules so as a ripple of this change we move from a "per contract" sync, to a "per contract and scope" sync. This in turn resulted in simplification of some ad-hoc types such as MessageContext, NoteValidationRequest and EventValidationRequest.
Offchain processing
This is the original canary that triggered this refactor: it was not possible to cleanly implement offchain inboxes isolated by recipient. Since now capsules are always scoped, this is issue gets organically resolved by dispatching messages to different capsules based on each message's recipient.
Closes F-456
Closes F-457
Closes F-458
Closes F-459