fix(aztec-nr): use registered accounts as capsule test scopes#22171
Merged
benesjan merged 11 commits intomerge-train/fairiesfrom Mar 31, 2026
Merged
fix(aztec-nr): use registered accounts as capsule test scopes#22171benesjan merged 11 commits intomerge-train/fairiesfrom
benesjan merged 11 commits intomerge-train/fairiesfrom
Conversation
The removal of ALL_SCOPES (#22136) broke CapsuleArray tests because they used hardcoded scope addresses (0xface, 0xaaa, 0xbbb) that were not registered in the keystore. Replace them with real accounts created via create_light_account(), which registers them as allowed scopes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
Author
|
/claudebox remove the redundant import that makes CI fail |
Collaborator
|
⏳ Run #1 — Created fix PR #22172, writing gist (4m) Removed the unused |
## Summary - Removes the unused `AztecAddress` import in the capsule test module that was left behind after #22171 replaced hardcoded addresses with `env.create_light_account()`. - This fixes the CI compilation failure caused by the redundant import. ClaudeBox log: https://claudebox.work/s/1c6961aa70441540?run=1
Same issue as the capsule tests — the hardcoded NOTE_OWNER address (0x32) was not registered in the keystore, causing scope validation to fail after ALL_SCOPES removal. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace hardcoded scope/owner addresses (0xcafe, from_field(50)) with real accounts from create_light_account() in: - oracle/capsules tests - messages/processing/offchain tests - messages/discovery tests - state_vars/private_set tests - test environment note tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Thunkar
approved these changes
Mar 31, 2026
The contract sync step before private execution needs access to all registered accounts' keys (for note nullifier computation during discovery), not just the calling account. This fixes the contract_accounts_accept_valid_private_authwits test which failed because getKeyValidationRequest was denied during sync_state.
Thunkar
added
the
ci-no-fail-fast
Constructors (from=zero) need key access for note log encryption, and sync needs all accounts for nullifier computation. In TXE all accounts are co-located in the same key store, so using all accounts as scopes is safe and matches the utility execution path.
…NewFlow" This reverts commit 8898dd4.
…tructor The constructor needs access to its own keys for SinglePrivateImmutable.initialize(). Passing the account's address instead of zero gives the correct minimal scope. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
benesjan
removed
ci-no-fail-fast
AztecBot
pushed a commit
that referenced
this pull request
Mar 31, 2026
Collaborator
|
✅ Successfully backported to backport-to-v4-next-staging #22174. |
mverzilli
reviewed
Mar 31, 2026
Comment on lines
+330
to
+333
| // For the sync step, we use all registered accounts as scopes. Note discovery during sync needs | ||
| // broader key access (e.g. to compute nullifiers for notes belonging to any registered account), | ||
| // while the private execution itself remains restricted to `effectiveScopes`. | ||
| const syncScopes = from.isZero() ? [] : await this.keyStore.getAccounts(); |
Contributor
There was a problem hiding this comment.
🤔 this is not how the real thing works, normally it should be enough to sync using the execution scopes... perhaps there's something in how we're wiring TXE that I'm not seeing
Contributor
Author
There was a problem hiding this comment.
Shit, this is an accident.
Mistakenly thought I reverted this with 5ee5f55
Will send a fix of fix PR
AztecBot
added a commit
that referenced
this pull request
Mar 31, 2026
BEGIN_COMMIT_OVERRIDE fix(aztec-nr): use registered accounts as capsule test scopes (#22171) END_COMMIT_OVERRIDE
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Apr 1, 2026
BEGIN_COMMIT_OVERRIDE feat!: remove ALL_SCOPES (#22136) chore: syncing oracle versions (#22131) fix(aztec-nr): use registered accounts as capsule test scopes (#22171) chore: reverting accidentally merged AI slop (#22175) feat: move event size check from declaration to private emission (#22168) fix: prevent oracle failure on tag computation for invalid recipient (#22163) feat: disable noir test cache on merge-train/fairies (#22206) END_COMMIT_OVERRIDE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ALL_SCOPES(feat!: remove ALL_SCOPES #22136) brokeCapsuleArraytests because they used hardcoded scope addresses (0xface,0xaaa,0xbbb) not registered in the keystorecreate_light_account(), which registers them as allowed scopes inCapsuleServiceTest plan
capsules::test::*tests pass locally with TXE server🤖 Generated with Claude Code