@aztec/pxe 0.0.1-commit.2c85e299c → 0.0.1-commit.2d9cb6034

package/src/notes/note_service.ts

@@ -7,7 +7,6 @@ import { Note, NoteDao, NoteStatus } from '@aztec/stdlib/note';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
 import type { BlockHeader, TxHash } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../access_scopes.js';
 import type { NoteStore } from '../storage/note_store/note_store.js';
 
 export class NoteService {
@@ -32,7 +31,7 @@ export class NoteService {
     owner: AztecAddress | undefined,
     storageSlot: Fr,
     status: NoteStatus,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
   ) {
     const noteDaos = await this.noteStore.getNotes(
       {
@@ -71,7 +70,7 @@ export class NoteService {
    *
    * @param contractAddress - The contract whose notes should be checked and nullified.
    */
-  public async syncNoteNullifiers(contractAddress: AztecAddress, scopes: AccessScopes): Promise<void> {
+  public async syncNoteNullifiers(contractAddress: AztecAddress, scopes: AztecAddress[]): Promise<void> {
     const anchorBlockHash = await this.anchorBlockHeader.hash();
 
     const contractNotes = await this.noteStore.getNotes({ contractAddress, scopes }, this.jobId);
@@ -121,7 +120,7 @@ export class NoteService {
     noteHash: Fr,
     nullifier: Fr,
     txHash: TxHash,
-    recipient: AztecAddress,
+    scope: AztecAddress,
   ): Promise<void> {
     // We are going to store the new note in the NoteStore, which will let us later return it via `getNotes`.
     // There's two things we need to check before we do this however:
@@ -155,16 +154,28 @@ export class NoteService {
       this.aztecNode.findLeavesIndexes(anchorBlockHash, MerkleTreeId.NULLIFIER_TREE, [siloedNullifier]),
     ]);
     if (!txEffect) {
-      throw new Error(`Could not find tx effect for tx hash ${txHash}`);
+      // We error out instead of just logging a warning and skipping the note because this would indicate a bug. This
+      // is because the node has already served info about this tx either when obtaining the log (TxScopedL2Log contain
+      // tx info) or when getting metadata for the offchain message (before the message got passed to `process_log`).
+      throw new Error(`Could not find tx effect for tx hash ${txHash} when processing a note.`);
     }
 
     if (txEffect.l2BlockNumber > anchorBlockNumber) {
-      throw new Error(`Could not find tx effect for tx hash ${txHash} as of block number ${anchorBlockNumber}`);
+      // If the message was delivered onchain, this would indicate a bug: log sync should never load logs from blocks
+      // newer than the anchor block. If the note came via an offchain message, it would likely also be a bug, since we
+      // sync a new anchor block before calling `process_message`. For this not to be a bug, the message would need to
+      // come from a newer block than the anchor served by the node, implying the node isn't properly synced.
+      //     We therefore error out here rather than assuming the offchain message was constructed by a malicious
+      // sender with the intention of bricking recipient's PXE (if we assumed that we would just ignore the message).
+      throw new Error(
+        `Obtained a newer tx effect for ${txHash} for a note validation request than the anchor block ${anchorBlockNumber}. This is a bug as we should not ever be processing a note from a newer block than the anchor block.`,
+      );
     }
 
     // Find the index of the note hash in the noteHashes array to determine note ordering within the tx
     const noteIndexInTx = txEffect.data.noteHashes.findIndex(nh => nh.equals(uniqueNoteHash));
     if (noteIndexInTx === -1) {
+      // Similar to the comment above - we error out as this would indicate a bug in nonce discovery.
       throw new Error(`Note hash ${noteHash} (uniqued as ${uniqueNoteHash}) is not present in tx ${txHash}`);
     }
 
@@ -184,8 +195,7 @@ export class NoteService {
       noteIndexInTx,
     );
 
-    // The note was found by `recipient`, so we use that as the scope when storing the note.
-    await this.noteStore.addNotes([noteDao], recipient, this.jobId);
+    await this.noteStore.addNotes([noteDao], scope, this.jobId);
 
     if (nullifierIndex !== undefined) {
       // We found nullifier index which implies that the note has already been nullified.

package/src/notes_filter.ts

@@ -2,8 +2,6 @@ import type { Fr } from '@aztec/foundation/curves/bn254';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { NoteStatus } from '@aztec/stdlib/note';
 
-import type { AccessScopes } from './access_scopes.js';
-
 /**
  * A filter used to fetch notes.
  * @remarks This filter is applied as an intersection of all its params.
@@ -22,5 +20,5 @@ export type NotesFilter = {
   status?: NoteStatus;
   /** The siloed nullifier for the note. */
   siloedNullifier?: Fr;
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };

package/src/oracle_version.ts

@@ -4,9 +4,9 @@
 ///
 /// @dev Whenever a contract function or Noir test is run, the `aztec_utl_assertCompatibleOracleVersion` oracle is called
 /// and if the oracle version is incompatible an error is thrown.
-export const ORACLE_VERSION = 14;
+export const ORACLE_VERSION = 22;
 
 /// This hash is computed as by hashing the Oracle interface and it is used to detect when the Oracle interface changes,
 /// which in turn implies that you need to update the ORACLE_VERSION constant in this file and in
 /// `noir-projects/aztec-nr/aztec/src/oracle/version.nr`.
-export const ORACLE_INTERFACE_HASH = '9fb918682455c164ce8dd3acb71c751e2b9b2fc48913604069c9ea885fa378ca';
+export const ORACLE_INTERFACE_HASH = '83f1de1a9741a34916fd58cf12b857d0bac90f74bf00751b20304301a3f5c8eb';

package/src/pxe.ts

@@ -52,7 +52,6 @@ import {
 
 import { inspect } from 'util';
 
-import type { AccessScopes } from './access_scopes.js';
 import { BlockSynchronizer } from './block_synchronizer/index.js';
 import type { PXEConfig } from './config/index.js';
 import { BenchmarkedNodeFactory } from './contract_function_simulator/benchmarked_node.js';
@@ -68,6 +67,7 @@ import { PXEDebugUtils } from './debug/pxe_debug_utils.js';
 import { enrichPublicSimulationError, enrichSimulationError } from './error_enriching.js';
 import { PrivateEventFilterValidator } from './events/private_event_filter_validator.js';
 import { JobCoordinator } from './job_coordinator/job_coordinator.js';
+import { MessageContextService } from './messages/message_context_service.js';
 import {
   PrivateKernelExecutionProver,
   type PrivateKernelExecutionProverConfig,
@@ -95,7 +95,7 @@ export type ProfileTxOpts = {
   /** If true, proof generation is skipped during profiling. Defaults to true. */
   skipProofGeneration?: boolean;
   /** Addresses whose private state and keys are accessible during private execution. */
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };
 
 /** Options for PXE.simulateTx. */
@@ -106,10 +106,12 @@ export type SimulateTxOpts = {
   skipTxValidation?: boolean;
   /** If false, fees are enforced. */
   skipFeeEnforcement?: boolean;
-  /** State overrides for the simulation, such as contract instances and artifacts. */
+  /** If true, kernel logic is emulated in TS for simulation */
+  skipKernels?: boolean;
+  /** State overrides for the simulation, such as contract instances and artifacts. Requires skipKernels: true */
   overrides?: SimulationOverrides;
   /** Addresses whose private state and keys are accessible during private execution */
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };
 
 /** Options for PXE.executeUtility. */
@@ -117,7 +119,7 @@ export type ExecuteUtilityOpts = {
   /** The authentication witnesses required for the function call. */
   authwits?: AuthWitness[];
   /** The accounts whose notes we can access in this call */
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };
 
 /** Args for PXE.create. */
@@ -158,6 +160,7 @@ export class PXE {
     private addressStore: AddressStore,
     private privateEventStore: PrivateEventStore,
     private contractSyncService: ContractSyncService,
+    private messageContextService: MessageContextService,
     private simulator: CircuitSimulator,
     private proverEnabled: boolean,
     private proofCreator: PrivateKernelProver,
@@ -213,6 +216,8 @@ export class PXE {
       noteStore,
       createLogger('pxe:contract_sync', bindings),
     );
+    const messageContextService = new MessageContextService(node);
+
     const synchronizer = new BlockSynchronizer(
       node,
       store,
@@ -254,6 +259,7 @@ export class PXE {
       addressStore,
       privateEventStore,
       contractSyncService,
+      messageContextService,
       simulator,
       proverEnabled,
       proofCreator,
@@ -295,6 +301,7 @@ export class PXE {
       privateEventStore: this.privateEventStore,
       simulator: this.simulator,
       contractSyncService: this.contractSyncService,
+      messageContextService: this.messageContextService,
     });
   }
 
@@ -360,7 +367,7 @@ export class PXE {
   async #executePrivate(
     contractFunctionSimulator: ContractFunctionSimulator,
     txRequest: TxExecutionRequest,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
     jobId: string,
   ): Promise<PrivateExecutionResult> {
     const { origin: contractAddress, functionSelector } = txRequest;
@@ -409,12 +416,19 @@ export class PXE {
     contractFunctionSimulator: ContractFunctionSimulator,
     call: FunctionCall,
     authWitnesses: AuthWitness[] | undefined,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
     jobId: string,
   ) {
     try {
       const anchorBlockHeader = await this.anchorBlockStore.getBlockHeader();
-      return contractFunctionSimulator.runUtility(call, authWitnesses ?? [], anchorBlockHeader, scopes, jobId);
+      const { result, offchainEffects } = await contractFunctionSimulator.runUtility(
+        call,
+        authWitnesses ?? [],
+        anchorBlockHeader,
+        scopes,
+        jobId,
+      );
+      return { result, offchainEffects };
     } catch (err) {
       if (err instanceof SimulationError) {
         await enrichSimulationError(err, this.contractStore, this.log);
@@ -487,7 +501,9 @@ export class PXE {
    * @returns The synced block header
    */
   public getSyncedBlockHeader(): Promise<BlockHeader> {
-    return this.anchorBlockStore.getBlockHeader();
+    return this.#putInJobQueue(() => {
+      return this.anchorBlockStore.getBlockHeader();
+    });
   }
 
   /**
@@ -554,6 +570,9 @@ export class PXE {
 
     if (wasAdded) {
       this.log.info(`Added sender:\n ${sender.toString()}`);
+      // Wipe the entire sync cache: the new sender's tagged logs could contain notes/events for any contract, so
+      // all contracts must re-sync to discover them.
+      this.contractSyncService.wipe();
     } else {
       this.log.info(`Sender:\n "${sender.toString()}"\n already registered.`);
     }
@@ -766,17 +785,17 @@ export class PXE {
         // transaction before this one is included in a block from this PXE, and that transaction contains a log with
         // a tag derived from the same secret, we would reuse the tag and the transactions would be linked. Hence
         // storing the tags here prevents linkage of txs sent from the same PXE.
-        const preTagsUsedInTheTx = privateExecutionResult.entrypoint.preTags;
-        if (preTagsUsedInTheTx.length > 0) {
+        const taggingIndexRangesUsedInTheTx = privateExecutionResult.entrypoint.taggingIndexRanges;
+        if (taggingIndexRangesUsedInTheTx.length > 0) {
           // TODO(benesjan): The following is an expensive operation. Figure out a way to avoid it.
           const txHash = (await txProvingResult.toTx()).txHash;
 
-          await this.senderTaggingStore.storePendingIndexes(preTagsUsedInTheTx, txHash, jobId);
-          this.log.debug(`Stored used pre-tags as sender for the tx`, {
-            preTagsUsedInTheTx,
+          await this.senderTaggingStore.storePendingIndexes(taggingIndexRangesUsedInTheTx, txHash, jobId);
+          this.log.debug(`Stored used tagging index ranges as sender for the tx`, {
+            taggingIndexRangesUsedInTheTx,
           });
         } else {
-          this.log.debug(`No pre-tags used in the tx`);
+          this.log.debug(`No tagging index ranges used in the tx`);
         }
 
         return txProvingResult;
@@ -883,7 +902,14 @@ export class PXE {
    */
   public simulateTx(
     txRequest: TxExecutionRequest,
-    { simulatePublic, skipTxValidation = false, skipFeeEnforcement = false, overrides, scopes }: SimulateTxOpts,
+    {
+      simulatePublic,
+      skipTxValidation = false,
+      skipFeeEnforcement = false,
+      skipKernels = true,
+      overrides,
+      scopes,
+    }: SimulateTxOpts,
   ): Promise<TxSimulationResult> {
     // We disable concurrent simulations since those might execute oracles which read and write to the PXE stores (e.g.
     // to the capsules), and we need to prevent concurrent runs from interfering with one another (e.g. attempting to
@@ -907,17 +933,20 @@ export class PXE {
         await this.blockStateSynchronizer.sync();
         const syncTime = syncTimer.ms();
 
-        const contractFunctionSimulator = this.#getSimulatorForTx(overrides);
-        // Temporary: in case there are overrides, we have to skip the kernels or validations
-        // will fail. Consider handing control to the user/wallet on whether they want to run them
-        // or not.
         const overriddenContracts = overrides?.contracts ? new Set(Object.keys(overrides.contracts)) : undefined;
         const hasOverriddenContracts = overriddenContracts !== undefined && overriddenContracts.size > 0;
-        const skipKernels = hasOverriddenContracts;
 
-        // Set overridden contracts on the sync service so it knows to skip syncing them
+        if (hasOverriddenContracts && !skipKernels) {
+          throw new Error(
+            'Simulating with overridden contracts is not compatible with kernel execution. Please set skipKernels to true when simulating with overridden contracts.',
+          );
+        }
+        const contractFunctionSimulator = this.#getSimulatorForTx(overrides);
+
         if (hasOverriddenContracts) {
-          this.contractSyncService.setOverriddenContracts(jobId, overriddenContracts);
+          // Overridden contracts don't have a sync function, so calling sync on them would fail.
+          // We exclude them so the sync service skips them entirely.
+          this.contractSyncService.setExcludedFromSync(jobId, overriddenContracts);
         }
 
         // Execution of private functions only; no proving, and no kernel logic.
@@ -1012,7 +1041,7 @@ export class PXE {
           inspect(txRequest),
           `simulatePublic=${simulatePublic}`,
           `skipTxValidation=${skipTxValidation}`,
-          `scopes=${scopes === 'ALL_SCOPES' ? scopes : scopes.map(s => s.toString()).join(', ')}`,
+          `scopes=${scopes.map(s => s.toString()).join(', ')}`,
         );
       }
     });
@@ -1024,7 +1053,7 @@ export class PXE {
    */
   public executeUtility(
     call: FunctionCall,
-    { authwits, scopes }: ExecuteUtilityOpts = { scopes: 'ALL_SCOPES' },
+    { authwits, scopes }: ExecuteUtilityOpts = { scopes: [] },
   ): Promise<UtilityExecutionResult> {
     // We disable concurrent executions since those might execute oracles which read and write to the PXE stores (e.g.
     // to the capsules), and we need to prevent concurrent runs from interfering with one another (e.g. attempting to
@@ -1049,7 +1078,7 @@ export class PXE {
           scopes,
         );
 
-        const executionResult = await this.#executeUtility(
+        const { result: executionResult, offchainEffects } = await this.#executeUtility(
           contractFunctionSimulator,
           call,
           authwits ?? [],
@@ -1070,14 +1099,19 @@ export class PXE {
         };
 
         const simulationStats = contractFunctionSimulator.getStats();
-        return { result: executionResult, stats: { timings, nodeRPCCalls: simulationStats.nodeRPCCalls } };
+        return {
+          result: executionResult,
+          offchainEffects,
+          anchorBlockTimestamp: anchorBlockHeader.globalVariables.timestamp,
+          stats: { timings, nodeRPCCalls: simulationStats.nodeRPCCalls },
+        };
       } catch (err: any) {
         const { to, name, args } = call;
         const stringifiedArgs = args.map(arg => arg.toString()).join(', ');
         throw this.#contextualizeError(
           err,
           `executeUtility ${to}:${name}(${stringifiedArgs})`,
-          `scopes=${scopes === 'ALL_SCOPES' ? scopes : scopes.map(s => s.toString()).join(', ')}`,
+          `scopes=${scopes.map(s => s.toString()).join(', ')}`,
         );
       }
     });

package/src/storage/capsule_store/capsule_service.ts

@@ -0,0 +1,90 @@
+import type { Fr } from '@aztec/foundation/curves/bn254';
+import { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { Capsule } from '@aztec/stdlib/tx';
+
+import type { CapsuleStore } from './capsule_store.js';
+
+/**
+ * Wraps a CapsuleStore with scope-based access control. Each operation asserts that the requested scope is in the
+ * allowed scopes list before delegating to the underlying store.
+ */
+export class CapsuleService {
+  constructor(
+    private readonly capsuleStore: CapsuleStore,
+    private readonly allowedScopes: AztecAddress[],
+  ) {}
+
+  setCapsule(contractAddress: AztecAddress, slot: Fr, capsule: Fr[], jobId: string, scope: AztecAddress) {
+    assertAllowedScope(scope, this.allowedScopes);
+    this.capsuleStore.setCapsule(contractAddress, slot, capsule, jobId, scope);
+  }
+
+  async getCapsule(
+    contractAddress: AztecAddress,
+    slot: Fr,
+    jobId: string,
+    scope: AztecAddress,
+    transientCapsules?: Capsule[],
+  ): Promise<Fr[] | null> {
+    assertAllowedScope(scope, this.allowedScopes);
+
+    // TODO(#12425): On the following line, the pertinent capsule gets overshadowed by the transient one. Tackle this.
+    const maybeTransientCapsule = transientCapsules?.find(
+      c =>
+        c.contractAddress.equals(contractAddress) &&
+        c.storageSlot.equals(slot) &&
+        (c.scope ?? AztecAddress.ZERO).equals(scope),
+    )?.data;
+
+    return maybeTransientCapsule ?? (await this.capsuleStore.getCapsule(contractAddress, slot, jobId, scope));
+  }
+
+  deleteCapsule(contractAddress: AztecAddress, slot: Fr, jobId: string, scope: AztecAddress) {
+    assertAllowedScope(scope, this.allowedScopes);
+    this.capsuleStore.deleteCapsule(contractAddress, slot, jobId, scope);
+  }
+
+  copyCapsule(
+    contractAddress: AztecAddress,
+    srcSlot: Fr,
+    dstSlot: Fr,
+    numEntries: number,
+    jobId: string,
+    scope: AztecAddress,
+  ): Promise<void> {
+    assertAllowedScope(scope, this.allowedScopes);
+    return this.capsuleStore.copyCapsule(contractAddress, srcSlot, dstSlot, numEntries, jobId, scope);
+  }
+
+  appendToCapsuleArray(
+    contractAddress: AztecAddress,
+    baseSlot: Fr,
+    content: Fr[][],
+    jobId: string,
+    scope: AztecAddress,
+  ): Promise<void> {
+    assertAllowedScope(scope, this.allowedScopes);
+    return this.capsuleStore.appendToCapsuleArray(contractAddress, baseSlot, content, jobId, scope);
+  }
+
+  readCapsuleArray(contractAddress: AztecAddress, baseSlot: Fr, jobId: string, scope: AztecAddress): Promise<Fr[][]> {
+    assertAllowedScope(scope, this.allowedScopes);
+    return this.capsuleStore.readCapsuleArray(contractAddress, baseSlot, jobId, scope);
+  }
+
+  setCapsuleArray(contractAddress: AztecAddress, baseSlot: Fr, content: Fr[][], jobId: string, scope: AztecAddress) {
+    assertAllowedScope(scope, this.allowedScopes);
+    return this.capsuleStore.setCapsuleArray(contractAddress, baseSlot, content, jobId, scope);
+  }
+}
+
+function assertAllowedScope(scope: AztecAddress, allowedScopes: AztecAddress[]) {
+  if (scope.equals(AztecAddress.ZERO)) {
+    return;
+  }
+  if (!allowedScopes.some((allowed: AztecAddress) => allowed.equals(scope))) {
+    throw new Error(
+      `Scope ${scope.toString()} is not in the allowed scopes list: [${allowedScopes.map((s: AztecAddress) => s.toString()).join(', ')}]. See https://docs.aztec.network/errors/10`,
+    );
+  }
+}

package/src/storage/capsule_store/capsule_store.ts

@@ -1,7 +1,7 @@
 import { Fr } from '@aztec/foundation/curves/bn254';
 import { type Logger, createLogger } from '@aztec/foundation/log';
 import type { AztecAsyncKVStore, AztecAsyncMap } from '@aztec/kv-store';
-import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import { AztecAddress } from '@aztec/stdlib/aztec-address';
 
 import type { StagedStore } from '../../job_coordinator/job_coordinator.js';
 
@@ -10,11 +10,12 @@ export class CapsuleStore implements StagedStore {
 
   #store: AztecAsyncKVStore;
 
-  // Arbitrary data stored by contracts. Key is computed as `${contractAddress}:${key}`
+  // Arbitrary data stored by contracts. Key is computed as `${contractAddress}:${scope}:${key}`, using the zero
+  // address for the global scope.
   #capsules: AztecAsyncMap<string, Buffer>;
 
-  // jobId => `${contractAddress}:${key}` => capsule data
-  // when `#stagedCapsules.get('some-job-id').get('${some-contract-address:some-key') === null`,
+  // jobId => `${contractAddress}:${scope}:${key}` => capsule data
+  // when `#stagedCapsules.get('some-job-id').get('${some-contract-address}:${some-scope}:${some-key}') === null`,
   // it signals that the capsule was deleted during the job, so it needs to be deleted on commit
   #stagedCapsules: Map<string, Map<string, Buffer | null>>;
 
@@ -134,8 +135,8 @@ export class CapsuleStore implements StagedStore {
    * to public contract storage in that it's indexed by the contract address and storage slot but instead of the global
    * network state it's backed by local PXE db.
    */
-  storeCapsule(contractAddress: AztecAddress, slot: Fr, capsule: Fr[], jobId: string) {
-    const dbSlotKey = dbSlotToKey(contractAddress, slot);
+  setCapsule(contractAddress: AztecAddress, slot: Fr, capsule: Fr[], jobId: string, scope: AztecAddress) {
+    const dbSlotKey = dbSlotToKey(contractAddress, slot, scope);
 
     // A store overrides any pre-existing data on the slot
     this.#setOnStage(jobId, dbSlotKey, Buffer.concat(capsule.map(value => value.toBuffer())));
@@ -147,8 +148,8 @@ export class CapsuleStore implements StagedStore {
    * @param slot - The slot in the database to read.
    * @returns The stored data or `null` if no data is stored under the slot.
    */
-  async loadCapsule(contractAddress: AztecAddress, slot: Fr, jobId: string): Promise<Fr[] | null> {
-    const dataBuffer = await this.#getFromStage(jobId, dbSlotToKey(contractAddress, slot));
+  async getCapsule(contractAddress: AztecAddress, slot: Fr, jobId: string, scope: AztecAddress): Promise<Fr[] | null> {
+    const dataBuffer = await this.#getFromStage(jobId, dbSlotToKey(contractAddress, slot, scope));
     if (!dataBuffer) {
       this.logger.trace(`Data not found for contract ${contractAddress.toString()} and slot ${slot.toString()}`);
       return null;
@@ -165,9 +166,9 @@ export class CapsuleStore implements StagedStore {
    * @param contractAddress - The contract address under which the data is scoped.
    * @param slot - The slot in the database to delete.
    */
-  deleteCapsule(contractAddress: AztecAddress, slot: Fr, jobId: string) {
+  deleteCapsule(contractAddress: AztecAddress, slot: Fr, jobId: string, scope: AztecAddress) {
     // When we commit this, we will interpret null as a deletion, so we'll propagate the delete to the KV store
-    this.#deleteOnStage(jobId, dbSlotToKey(contractAddress, slot));
+    this.#deleteOnStage(jobId, dbSlotToKey(contractAddress, slot, scope));
   }
 
   /**
@@ -187,6 +188,7 @@ export class CapsuleStore implements StagedStore {
     dstSlot: Fr,
     numEntries: number,
     jobId: string,
+    scope: AztecAddress,
   ): Promise<void> {
     // This transactional context gives us "copy atomicity":
     // there shouldn't be concurrent writes to what's being copied here.
@@ -203,8 +205,8 @@ export class CapsuleStore implements StagedStore {
       }
 
       for (const i of indexes) {
-        const currentSrcSlot = dbSlotToKey(contractAddress, srcSlot.add(new Fr(i)));
-        const currentDstSlot = dbSlotToKey(contractAddress, dstSlot.add(new Fr(i)));
+        const currentSrcSlot = dbSlotToKey(contractAddress, srcSlot.add(new Fr(i)), scope);
+        const currentDstSlot = dbSlotToKey(contractAddress, dstSlot.add(new Fr(i)), scope);
 
         const toCopy = await this.#getFromStage(jobId, currentSrcSlot);
         if (!toCopy) {
@@ -224,7 +226,13 @@ export class CapsuleStore implements StagedStore {
    * @param baseSlot - The slot where the array length is stored
    * @param content - Array of capsule data to append
    */
-  appendToCapsuleArray(contractAddress: AztecAddress, baseSlot: Fr, content: Fr[][], jobId: string): Promise<void> {
+  appendToCapsuleArray(
+    contractAddress: AztecAddress,
+    baseSlot: Fr,
+    content: Fr[][],
+    jobId: string,
+    scope: AztecAddress,
+  ): Promise<void> {
     // We wrap this in a transaction to serialize concurrent calls from Promise.all.
     // Without this, concurrent appends to the same array could race: both read length=0,
     // both write at the same slots, one overwrites the other.
@@ -232,22 +240,22 @@ export class CapsuleStore implements StagedStore {
     // and not using a transaction here would heavily impact performance.
     return this.#store.transactionAsync(async () => {
       // Load current length, defaulting to 0 if not found
-      const lengthData = await this.loadCapsule(contractAddress, baseSlot, jobId);
+      const lengthData = await this.getCapsule(contractAddress, baseSlot, jobId, scope);
       const currentLength = lengthData ? lengthData[0].toNumber() : 0;
 
       // Store each capsule at consecutive slots after baseSlot + 1 + currentLength
       for (let i = 0; i < content.length; i++) {
         const nextSlot = arraySlot(baseSlot, currentLength + i);
-        this.storeCapsule(contractAddress, nextSlot, content[i], jobId);
+        this.setCapsule(contractAddress, nextSlot, content[i], jobId, scope);
       }
 
       // Update length to include all new capsules
       const newLength = currentLength + content.length;
-      this.storeCapsule(contractAddress, baseSlot, [new Fr(newLength)], jobId);
+      this.setCapsule(contractAddress, baseSlot, [new Fr(newLength)], jobId, scope);
     });
   }
 
-  readCapsuleArray(contractAddress: AztecAddress, baseSlot: Fr, jobId: string): Promise<Fr[][]> {
+  readCapsuleArray(contractAddress: AztecAddress, baseSlot: Fr, jobId: string, scope: AztecAddress): Promise<Fr[][]> {
     // I'm leaving this transactional context here though because I'm assuming this
     // gives us "read array atomicity": there shouldn't be concurrent writes to what's being copied
     // here.
@@ -255,14 +263,14 @@ export class CapsuleStore implements StagedStore {
     // of jobs: different calls running concurrently on the same contract may cause trouble.
     return this.#store.transactionAsync(async () => {
       // Load length, defaulting to 0 if not found
-      const maybeLength = await this.loadCapsule(contractAddress, baseSlot, jobId);
+      const maybeLength = await this.getCapsule(contractAddress, baseSlot, jobId, scope);
       const length = maybeLength ? maybeLength[0].toBigInt() : 0n;
 
       const values: Fr[][] = [];
 
       // Read each capsule at consecutive slots after baseSlot
       for (let i = 0; i < length; i++) {
-        const currentValue = await this.loadCapsule(contractAddress, arraySlot(baseSlot, i), jobId);
+        const currentValue = await this.getCapsule(contractAddress, arraySlot(baseSlot, i), jobId, scope);
         if (currentValue == undefined) {
           throw new Error(
             `Expected non-empty value at capsule array in base slot ${baseSlot} at index ${i} for contract ${contractAddress}`,
@@ -276,7 +284,7 @@ export class CapsuleStore implements StagedStore {
     });
   }
 
-  setCapsuleArray(contractAddress: AztecAddress, baseSlot: Fr, content: Fr[][], jobId: string) {
+  setCapsuleArray(contractAddress: AztecAddress, baseSlot: Fr, content: Fr[][], jobId: string, scope: AztecAddress) {
     // This transactional context in theory isn't so critical now because we aren't
     // writing to DB so if there's exceptions midway and it blows up, no visible impact
     // to persistent storage will happen.
@@ -287,27 +295,27 @@ export class CapsuleStore implements StagedStore {
     // of jobs: different calls running concurrently on the same contract may cause trouble.
     return this.#store.transactionAsync(async () => {
       // Load current length, defaulting to 0 if not found
-      const maybeLength = await this.loadCapsule(contractAddress, baseSlot, jobId);
+      const maybeLength = await this.getCapsule(contractAddress, baseSlot, jobId, scope);
       const originalLength = maybeLength ? maybeLength[0].toNumber() : 0;
 
       // Set the new length
-      this.storeCapsule(contractAddress, baseSlot, [new Fr(content.length)], jobId);
+      this.setCapsule(contractAddress, baseSlot, [new Fr(content.length)], jobId, scope);
 
       // Store the new content, possibly overwriting existing values
       for (let i = 0; i < content.length; i++) {
-        this.storeCapsule(contractAddress, arraySlot(baseSlot, i), content[i], jobId);
+        this.setCapsule(contractAddress, arraySlot(baseSlot, i), content[i], jobId, scope);
       }
 
       // Clear any stragglers
       for (let i = content.length; i < originalLength; i++) {
-        this.deleteCapsule(contractAddress, arraySlot(baseSlot, i), jobId);
+        this.deleteCapsule(contractAddress, arraySlot(baseSlot, i), jobId, scope);
       }
     });
   }
 }
 
-function dbSlotToKey(contractAddress: AztecAddress, slot: Fr): string {
-  return `${contractAddress.toString()}:${slot.toString()}`;
+function dbSlotToKey(contractAddress: AztecAddress, slot: Fr, scope: AztecAddress): string {
+  return [contractAddress.toString(), scope.toString(), slot.toString()].join(':');
 }
 
 function arraySlot(baseSlot: Fr, index: number) {

package/src/storage/capsule_store/index.ts

@@ -1 +1,2 @@
+export { CapsuleService } from './capsule_service.js';
 export { CapsuleStore } from './capsule_store.js';

package/src/storage/metadata.ts

@@ -1 +1 @@
-export const PXE_DATA_SCHEMA_VERSION = 3;
+export const PXE_DATA_SCHEMA_VERSION = 5;

package/src/storage/note_store/note_store.ts

@@ -106,7 +106,7 @@ export class NoteStore implements StagedStore {
    * returned once if this is the case)
    */
   getNotes(filter: NotesFilter, jobId: string): Promise<NoteDao[]> {
-    if (filter.scopes !== 'ALL_SCOPES' && filter.scopes.length === 0) {
+    if (filter.scopes.length === 0) {
       return Promise.resolve([]);
     }
 
@@ -180,10 +180,7 @@ export class NoteStore implements StagedStore {
           continue;
         }
 
-        if (
-          filter.scopes !== 'ALL_SCOPES' &&
-          note.scopes.intersection(new Set(filter.scopes.map(s => s.toString()))).size === 0
-        ) {
+        if (note.scopes.intersection(new Set(filter.scopes.map(s => s.toString()))).size === 0) {
           continue;
         }