feat!: demote auth registry to non-protocol contract#23106
Conversation
dbanks12
changed the title
dbanks12
changed the title
dbanks12
changed the title
dbanks12
changed the title
dbanks12
requested review from
IlyasRidhuan,
MirandaWood and
jeanmon
as code owners
dbanks12
changed the title
dbanks12
changed the title
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
This stack of pull requests is managed by Graphite. Learn more about stacking. |
dbanks12
changed the title
dbanks12
changed the base branch from
merge-train/fairies
to
dbanks12/autogen-canonical-interfaces
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Mirrors the auth_registry demotion (PR #23106): - Moves the noir contract from contracts/protocol/ to contracts/canonical/. - Removes MULTI_CALL_ENTRYPOINT_ADDRESS from constants.nr / aztec_constants.hpp / constants_gen.pil and drops the entry from protocol_contracts.json so the contract is no longer treated as a protocol contract. - Adds a multi-call-entrypoint stamp sub-package under @aztec/canonical-contracts with TS-only address.gen.ts + freshness test (no Noir consumers of the address exist, so no Noir lib stamp is generated). - Migrates consumers from ProtocolContractAddress.MultiCallEntrypoint / @aztec/protocol-contracts/multi-call-entrypoint to MULTI_CALL_ENTRYPOINT_ADDRESS and @aztec/canonical-contracts/multi-call-entrypoint: DefaultMultiCallEntrypoint, AztecNodeService.getProtocolContractAddresses, and the embedded wallet bundle/lazy providers. - Drops the multi-call-entrypoint subdir from @aztec/protocol-contracts and the corresponding aztec.js re-export.
dbanks12
force-pushed
the
dbanks12/autogen-canonical-interfaces
branch
from
214e5c4 to
e5390ee
Compare
…enrichment Without the PXE-side registerContract call, AuthRegistry revert messages surface as the generic "Assertion failed:" instead of the real assertion string (e.g. "unauthorized"), breaking blacklist-token tests that match on the message.
…er in bulk test fixture The AVM enforces that any populated slot in ProtocolContractsList has a matching registered instance, so register ContractClassRegistry alongside the other protocol contracts. AuthRegistry is now a standard contract (post-demotion), so it also needs a deployment-nullifier insertion to satisfy the AVM's non-protocol contract check.
Post-demotion, AuthRegistry is no longer a protocol contract — PXE no
longer auto-registers it, and it must be published on-chain like any
other contract. The CLI wallet creates a fresh PXE per command, so:
- CLIWallet.create now registers the AuthRegistry instance + artifact
with PXE on every wallet creation (mirrors EmbeddedWallet).
- authorize-action calls ensureAuthRegistryPublished before invoking
SetPublicAuthwit, publishing the class + instance on first use so
the AVM-side deployment-nullifier check passes.
Fixes the public_authwit_transfer flow which reverted on
'aztec-wallet authorize-action transfer_in_public ...'.
publishContractClass(...).send({from}) returns TxSendResultMined which
is already awaitable; chaining .wait() on the unawaited Promise was a
TS2339 type error.
…p CLI ensure local-network now publishes AuthRegistry as part of its bootstrap (after test accounts are funded). Adds --deployer flag to aztec-wallet deploy so callers can deploy a standard contract while paying the fee from -f. CLIWallet no longer silently publishes AuthRegistry from authorize-action; it only does PXE-side registerContract on create. Migration note describes the one-time deploy command for fresh rollups.
…h -f --universal already implies deployer=0x0 via UniversalDeployMethod. The separate --deployer flag was only needed because --universal previously skipped passing the fee-paying address. Now --universal only affects the instance deployer (address derivation) while -f/--from continues to set the fee payer as usual.
…lit) - universal_deploy.sh: drop dead-code test case (--universal without -f was never functional, was broken on next too); keep --universal + -f case and non-universal-default-deployer assertion - fees_test.ts: extract applyEnsureAuthRegistryPublished from applyPublicDeployAccounts so each applyX step does one logical thing - standard-contracts/contract_data.ts: rename internal exported constants to ALL_CAPS with meaningful names (salt -> STANDARD_CONTRACT_SALT, deployer -> STANDARD_CONTRACT_DEPLOYER, path constants likewise); update internal callers
…tants.ts; export STANDARD_AUTH_REGISTRY_SALT
Demotes public_checks from protocol contract. Stacked on #23106.
auth_registry (#23106) and public_checks (#23217) were demoted from protocol to standard contracts. Protocol contracts occupy reserved low addresses the AVM treats as implicitly deployed; standard contracts have artifact-derived addresses and need a real deployment (instance + artifact in the contract DB plus a deployment nullifier). TXE registered protocol contracts but never deployed the demoted standard ones, so any public-authwit test reverted with 'Contract 0x1c3bd1fb... is not deployed'. Deploy AuthRegistry and PublicChecks in TXESession.init via the existing top-level deploy(), restoring pre-demotion availability for every TXE test.
…23658) `run_test_cmd`'s per-command result cache keyed on the command string alone and never inspected the `disabled-cache` marker. Commands tagged `disabled-cache` (e.g. all TXE tests on `merge-train/fairies`, per `noir-projects/noir-contracts/bootstrap.sh::test_cmds`) were therefore served stale cached passes and skipped — even though the sibling layer `filter_cached_test_cmd` already honors the marker. Consequence: aztec-nr-level changes such as contract demotions merged without their TXE tests ever running. See the test-engine log http://ci.aztec-labs.com/b893262917583a30 for the auth-registry demotion PR #23106, which logged 709 SKIPPED / 0 executed. Fix: bypass the result cache for `disabled-cache` commands in `run_test_cmd`, mirroring `filter_cached_test_cmd`'s marker check. No behavior change for other commands.
…tion (#23700) ## Why CI on `merge-train/fairies` is red after `feat: txe speedup (#23578)` merged with `next`. The yarn-project compile fails: ``` src/index.ts:43:73 - error TS2322: Type '"AuthRegistry"' is not assignable to type '"ContractClassRegistry" | "ContractInstanceRegistry" | "FeeJuice" | "MultiCallEntrypoint"'. ``` (log: http://ci.aztec-labs.com/1780061823709173 → http://ci.aztec-labs.com/bd7e1fc18ebbb263) This is a semantic merge conflict. #23578 was based on an older `next` where `AuthRegistry` was a protocol contract. On the train it was demoted from a protocol contract to a standard contract (#23106), so `ProtocolContractName` no longer includes it and it is now deployed per-session in `txe_session.ts`. ## Changes - **`txe/src/index.ts`** — drop `'AuthRegistry'` from `TXE_REQUIRED_PROTOCOL_CONTRACTS` (now empty); it is no longer a protocol contract. - **`txe/src/dispatcher_pool.ts`** — load the standard auth registry the same way protocol contracts are loaded: `buildSharedContractStore` now parses and registers its artifact/instance **once in the main thread, in parallel**, so every worker clones the result instead of re-parsing the ~1 MB JSON per session. - **`txe/src/txe_session.ts` + `txe/src/oracle/txe_oracle_top_level_context.ts`** — session init no longer calls `getStandardAuthRegistry()` (it imports only the cheap address-only `/constants`); `deployManyInSingleBlock` is replaced by `mineDeploymentNullifiers`, which only emits the auth-registry deployment nullifier into the baseline block (artifact/instance already come from the cloned shared store). The artifact leaves the worker startup bundle entirely. - **`txe/esbuild/plugins/strip_artifact_debug.mjs`** — extend the existing debug-strip filter to `standard-contracts/artifacts`, so the auth registry (942 → 103 KB) sheds `debug_symbols`/`file_map` when bundled, keeping the TXE bundle under its existing size limits (no limit bumps). ## Verification (local) Built the upstream chain from the artifact cache and ran the failing yarn-project compile step: - `yarn tsgo -b --emitDeclarationOnly` (full-project typecheck) — pass - `cd txe && yarn build` (tsc + esbuild + size guard) — pass; bundle 12.7 MiB, guard does not trip; auth-registry artifact confirmed absent from `worker.bundle` - `format --check` and txe `eslint` — pass Full `./bootstrap.sh ci` (which runs the entire repo incl. C++/circuit tests and the TXE test suites) was not run end-to-end: the noir build toolchain (cargo-binstall) is unavailable on this host, so upstream components were sourced from the build cache and only the yarn-project compile — the failing step — was reproduced locally. The TXE test suites that exercise the auth-registry deployment path should be confirmed by CI. --------- Co-authored-by: Gregorio Juliana <gregojquiros@gmail.com>
## Problem V5 / `next` net deployments crash on startup with: ``` Error [ERR_MODULE_NOT_FOUND]: Cannot find module '/usr/src/yarn-project/standard-contracts/artifacts/AuthRegistry.json' imported from /usr/src/yarn-project/standard-contracts/dest/auth-registry/index.js ``` ## Root cause `release-image/Dockerfile.dockerignore` is an allowlist (`*` ignores everything, then `!`-includes specific paths). It explicitly re-includes the `artifacts/` directory for `protocol-contracts`, `noir-contracts.js`, `accounts`, `simulator`, etc., and copies every `dest/` via `!/yarn-project/*/dest/` — but it has **no** entry for `standard-contracts/artifacts/`. When auth-registry (and later public-checks / multi-call-entrypoint) was demoted into the new `standard-contracts` package (#23106), the allowlist was never updated. So the image ships `standard-contracts/dest/` but not its artifacts. At container startup the eager import in `dest/auth-registry/index.js` (`import '../../artifacts/AuthRegistry.json'`) resolves to a file that was excluded from the build context → `ERR_MODULE_NOT_FOUND`. This only affects the **Docker release image**. The npm tarball is unaffected because it uses `package.json`'s `files` field (which includes `artifacts`), a different mechanism — which is why `npm pack @aztec/standard-contracts` contains `AuthRegistry.json` while the deployed image does not. ## Fix Add `standard-contracts/artifacts/` to the dockerignore allowlist, matching the other contract-artifact packages. One line; same pattern as the existing `protocol-contracts`/`noir-contracts.js` entries. ## Verification - `npm pack @aztec/standard-contracts@latest` already contains `artifacts/AuthRegistry.json`, `PublicChecks.json` (confirms source/files are correct; the gap is image-only). - After this change the dockerignore re-includes `standard-contracts/artifacts/`, so the JSON artifacts are copied to `/usr/src/yarn-project/standard-contracts/artifacts/` alongside `dest/`, resolving the eager import. --- *Created by [claudebox](https://claudebox.work/v2/sessions/b19bc30b22f7bbf3) · group: `slackbot`*
BEGIN_COMMIT_OVERRIDE refactor(aztec-nr): use constructor methods for MessageDelivery variants (AztecProtocol#23596) docs: update testing_contracts.md for two-crate aztec new layout (AztecProtocol#23617) fix: drop usage of include and indexof on types that support equals (AztecProtocol#23595) fix: unused ts expressions in tests (AztecProtocol#23621) feat(aztec-nr): Get tagging index for constrained delivery (AztecProtocol#23359) feat!: demote auth registry to non-protocol contract (AztecProtocol#23106) feat(aztec-nr)!: embed BoundedVec max length in validation requests (AztecProtocol#23622) fix: regenerate standard contract addresses after auth registry demotion (AztecProtocol#23640) feat(aztec-nr): encrypt handshake log for indistinguishability (AztecProtocol#23638) feat!: demote public_checks to non-protocol contract (AztecProtocol#23217) fix: noir precommit re-staging inside worktrees (AztecProtocol#23628) END_COMMIT_OVERRIDE
3 participants
Demotes auth_registry from protocol contract. Introduces generated
standard_addresses.nrNoir file in aztec-nr and yarn-project/standard-contracts TS package that includes "drift" checks at build time and compile time to prevent someone from proceeding when they should actually go back and rebuild noir-contracts.Deploy
AuthRegistryonce per fresh rollup:aztec-wallet deploy auth_registry_contract@AuthRegistry --salt 1 --universal -f <fee-paying-account>.CLI change: Removed
--deployer <address>flag fromaztec-wallet deploy;--universalnow works alongside-fto set deployer=0x0 while paying fees from the specified account.Stacked on #23216.