@aztec/pxe 0.0.1-commit.f5d02921e → 0.0.1-commit.f650c0a5c

package/src/entrypoints/server/utils.ts

@@ -1,4 +1,3 @@
-import { BBPrivateKernelProver } from '@aztec/bb-prover/client';
 import { BBBundlePrivateKernelProver } from '@aztec/bb-prover/client/bundle';
 import { createLogger } from '@aztec/foundation/log';
 import { createStore } from '@aztec/kv-store/lmdb-v2';
@@ -10,7 +9,7 @@ import type { AztecNode } from '@aztec/stdlib/interfaces/client';
 import type { PXEConfig } from '../../config/index.js';
 import { PXE } from '../../pxe.js';
 import { PXE_DATA_SCHEMA_VERSION } from '../../storage/index.js';
-import type { PXECreationOptions } from '../pxe_creation_options.js';
+import { type PXECreationOptions, isPrivateKernelProver } from '../pxe_creation_options.js';
 
 type PXEConfigWithoutDefaults = Omit<PXEConfig, 'l1Contracts' | 'l1ChainId' | 'l2BlockBatchSize' | 'rollupVersion'>;
 
@@ -49,7 +48,7 @@ export async function createPXE(
   const proverLogger = loggers.prover ?? createLogger('pxe:bb:native', { actor });
 
   let prover;
-  if (options.proverOrOptions instanceof BBPrivateKernelProver) {
+  if (isPrivateKernelProver(options.proverOrOptions)) {
     prover = options.proverOrOptions;
   } else {
     prover = new BBBundlePrivateKernelProver(simulator, { ...options.proverOrOptions, logger: proverLogger });

package/src/logs/log_service.ts

@@ -1,21 +1,13 @@
-import type { Fr } from '@aztec/foundation/curves/bn254';
 import { type Logger, type LoggerBindings, createLogger } from '@aztec/foundation/log';
 import type { KeyStore } from '@aztec/key-store';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { AztecNode } from '@aztec/stdlib/interfaces/server';
-import {
-  ExtendedDirectionalAppTaggingSecret,
-  PendingTaggedLog,
-  SiloedTag,
-  Tag,
-  TxScopedL2Log,
-} from '@aztec/stdlib/logs';
+import { ExtendedDirectionalAppTaggingSecret, PendingTaggedLog, SiloedTag, Tag } from '@aztec/stdlib/logs';
 import type { BlockHeader } from '@aztec/stdlib/tx';
 
 import type { LogRetrievalRequest } from '../contract_function_simulator/noir-structs/log_retrieval_request.js';
 import { LogRetrievalResponse } from '../contract_function_simulator/noir-structs/log_retrieval_response.js';
 import { AddressStore } from '../storage/address_store/address_store.js';
-import type { CapsuleService } from '../storage/capsule_store/capsule_service.js';
 import type { RecipientTaggingStore } from '../storage/tagging_store/recipient_tagging_store.js';
 import type { SenderAddressBookStore } from '../storage/tagging_store/sender_address_book_store.js';
 import {
@@ -31,7 +23,6 @@ export class LogService {
     private readonly aztecNode: AztecNode,
     private readonly anchorBlockHeader: BlockHeader,
     private readonly keyStore: KeyStore,
-    private readonly capsuleService: CapsuleService,
     private readonly recipientTaggingStore: RecipientTaggingStore,
     private readonly senderAddressBookStore: SenderAddressBookStore,
     private readonly addressStore: AddressStore,
@@ -120,11 +111,7 @@ export class LogService {
     );
   }
 
-  public async fetchTaggedLogs(
-    contractAddress: AztecAddress,
-    pendingTaggedLogArrayBaseSlot: Fr,
-    recipient: AztecAddress,
-  ) {
+  public async fetchTaggedLogs(contractAddress: AztecAddress, recipient: AztecAddress): Promise<PendingTaggedLog[]> {
     this.log.verbose(`Fetching tagged logs for ${contractAddress.toString()}`);
 
     // We only load logs from block up to and including the anchor block number
@@ -148,12 +135,12 @@ export class LogService {
       ),
     );
 
-    // Flatten all logs from all secrets
-    const allLogs = logArrays.flat();
-
-    if (allLogs.length > 0) {
-      await this.#storePendingTaggedLogs(contractAddress, pendingTaggedLogArrayBaseSlot, recipient, allLogs);
-    }
+    return logArrays
+      .flat()
+      .map(
+        scopedLog =>
+          new PendingTaggedLog(scopedLog.logData, scopedLog.txHash, scopedLog.noteHashes, scopedLog.firstNullifier),
+      );
   }
 
   async #getSecretsForSenders(
@@ -176,43 +163,25 @@ export class LogService {
     );
 
     return Promise.all(
-      deduplicatedSenders.map(sender => {
-        return ExtendedDirectionalAppTaggingSecret.compute(
+      deduplicatedSenders.map(async sender => {
+        const secret = await ExtendedDirectionalAppTaggingSecret.compute(
           recipientCompleteAddress,
           recipientIvsk,
           sender,
           contractAddress,
           recipient,
         );
-      }),
-    );
-  }
 
-  #storePendingTaggedLogs(
-    contractAddress: AztecAddress,
-    capsuleArrayBaseSlot: Fr,
-    recipient: AztecAddress,
-    privateLogs: TxScopedL2Log[],
-  ) {
-    // Build all pending tagged logs from the scoped logs
-    const pendingTaggedLogs = privateLogs.map(scopedLog => {
-      const pendingTaggedLog = new PendingTaggedLog(
-        scopedLog.logData,
-        scopedLog.txHash,
-        scopedLog.noteHashes,
-        scopedLog.firstNullifier,
-      );
-
-      return pendingTaggedLog.toFields();
-    });
+        if (!secret) {
+          // Note that all senders originate from either the SenderAddressBookStore or the KeyStore.
+          // TODO(F-512): make sure we actually prevent registering invalid senders.
+          throw new Error(
+            `Failed to compute a tagging secret for sender ${sender} - this implies this is an invalid address, which should not happen as they have been previously registered in PXE.`,
+          );
+        }
 
-    // TODO: This looks like it could belong more at the oracle interface level
-    return this.capsuleService.appendToCapsuleArray(
-      contractAddress,
-      capsuleArrayBaseSlot,
-      pendingTaggedLogs,
-      this.jobId,
-      recipient,
+        return secret;
+      }),
     );
   }
 }

package/src/notes/note_service.ts

@@ -7,7 +7,6 @@ import { Note, NoteDao, NoteStatus } from '@aztec/stdlib/note';
 import { MerkleTreeId } from '@aztec/stdlib/trees';
 import type { BlockHeader, TxHash } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../access_scopes.js';
 import type { NoteStore } from '../storage/note_store/note_store.js';
 
 export class NoteService {
@@ -32,7 +31,7 @@ export class NoteService {
     owner: AztecAddress | undefined,
     storageSlot: Fr,
     status: NoteStatus,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
   ) {
     const noteDaos = await this.noteStore.getNotes(
       {
@@ -71,7 +70,7 @@ export class NoteService {
    *
    * @param contractAddress - The contract whose notes should be checked and nullified.
    */
-  public async syncNoteNullifiers(contractAddress: AztecAddress, scopes: AccessScopes): Promise<void> {
+  public async syncNoteNullifiers(contractAddress: AztecAddress, scopes: AztecAddress[]): Promise<void> {
     const anchorBlockHash = await this.anchorBlockHeader.hash();
 
     const contractNotes = await this.noteStore.getNotes({ contractAddress, scopes }, this.jobId);

package/src/notes_filter.ts

@@ -2,8 +2,6 @@ import type { Fr } from '@aztec/foundation/curves/bn254';
 import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { NoteStatus } from '@aztec/stdlib/note';
 
-import type { AccessScopes } from './access_scopes.js';
-
 /**
  * A filter used to fetch notes.
  * @remarks This filter is applied as an intersection of all its params.
@@ -22,5 +20,5 @@ export type NotesFilter = {
   status?: NoteStatus;
   /** The siloed nullifier for the note. */
   siloedNullifier?: Fr;
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };

package/src/oracle_version.ts

@@ -1,12 +1,22 @@
-/// The ORACLE_VERSION constant is used to check that the oracle interface is in sync between PXE and Aztec.nr. We need
-/// to version the oracle interface to ensure that developers get a reasonable error message if they use incompatible
-/// versions of Aztec.nr and PXE. The Noir counterpart is in `noir-projects/aztec-nr/aztec/src/oracle/version.nr`.
+/// The oracle version constants are used to check that the oracle interface is in sync between PXE and Aztec.nr.
+/// We version the oracle interface as `major.minor` where:
+///   - `major` = backward-breaking changes (must match exactly between PXE and Aztec.nr)
+///   - `minor` = oracle additions (non-breaking; PXE minor >= contract minor)
 ///
-/// @dev Whenever a contract function or Noir test is run, the `aztec_utl_assertCompatibleOracleVersion` oracle is called
-/// and if the oracle version is incompatible an error is thrown.
-export const ORACLE_VERSION = 21;
+/// The Noir counterparts are in `noir-projects/aztec-nr/aztec/src/oracle/version.nr`.
+///
+/// @dev Whenever a contract function or Noir test is run, the `aztec_utl_assertCompatibleOracleVersion` oracle is called.
+/// If the major version is incompatible, an error is thrown immediately. The minor version is recorded by the PXE and
+/// used to provide helpful error messages if a contract calls an oracle that doesn't exist. We don't throw immediately
+/// if AZTEC_NR_MINOR > PXE_MINOR because if a contract is updated to use a newer Aztec.nr dependency without actually
+/// using any of the new oracles then there is no reason to throw.
+export const ORACLE_VERSION_MAJOR = 22;
+export const ORACLE_VERSION_MINOR = 1;
 
-/// This hash is computed as by hashing the Oracle interface and it is used to detect when the Oracle interface changes,
-/// which in turn implies that you need to update the ORACLE_VERSION constant in this file and in
-/// `noir-projects/aztec-nr/aztec/src/oracle/version.nr`.
-export const ORACLE_INTERFACE_HASH = '83f1de1a9741a34916fd58cf12b857d0bac90f74bf00751b20304301a3f5c8eb';
+/// This hash is computed from the Oracle interface and is used to detect when that interface changes. When it does,
+/// you need to either:
+/// - increment `ORACLE_VERSION_MAJOR` and reset `ORACLE_VERSION_MINOR` to zero if the change is breaking, or
+/// - increment only `ORACLE_VERSION_MINOR` if the change is additive (a new oracle was added).
+///
+/// These constants must be kept in sync between this file and `noir-projects/aztec-nr/aztec/src/oracle/version.nr`.
+export const ORACLE_INTERFACE_HASH = 'efafa0db2cc1f94e26d794d0079c8f71115261df0c3d0fa8cb5b64f17a12db92';

package/src/pxe.ts

@@ -52,7 +52,6 @@ import {
 
 import { inspect } from 'util';
 
-import type { AccessScopes } from './access_scopes.js';
 import { BlockSynchronizer } from './block_synchronizer/index.js';
 import type { PXEConfig } from './config/index.js';
 import { BenchmarkedNodeFactory } from './contract_function_simulator/benchmarked_node.js';
@@ -96,7 +95,7 @@ export type ProfileTxOpts = {
   /** If true, proof generation is skipped during profiling. Defaults to true. */
   skipProofGeneration?: boolean;
   /** Addresses whose private state and keys are accessible during private execution. */
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };
 
 /** Options for PXE.simulateTx. */
@@ -112,7 +111,7 @@ export type SimulateTxOpts = {
   /** State overrides for the simulation, such as contract instances and artifacts. Requires skipKernels: true */
   overrides?: SimulationOverrides;
   /** Addresses whose private state and keys are accessible during private execution */
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };
 
 /** Options for PXE.executeUtility. */
@@ -120,7 +119,7 @@ export type ExecuteUtilityOpts = {
   /** The authentication witnesses required for the function call. */
   authwits?: AuthWitness[];
   /** The accounts whose notes we can access in this call */
-  scopes: AccessScopes;
+  scopes: AztecAddress[];
 };
 
 /** Args for PXE.create. */
@@ -215,7 +214,6 @@ export class PXE {
       node,
       contractStore,
       noteStore,
-      () => keyStore.getAccounts(),
       createLogger('pxe:contract_sync', bindings),
     );
     const messageContextService = new MessageContextService(node);
@@ -369,7 +367,7 @@ export class PXE {
   async #executePrivate(
     contractFunctionSimulator: ContractFunctionSimulator,
     txRequest: TxExecutionRequest,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
     jobId: string,
   ): Promise<PrivateExecutionResult> {
     const { origin: contractAddress, functionSelector } = txRequest;
@@ -418,7 +416,7 @@ export class PXE {
     contractFunctionSimulator: ContractFunctionSimulator,
     call: FunctionCall,
     authWitnesses: AuthWitness[] | undefined,
-    scopes: AccessScopes,
+    scopes: AztecAddress[],
     jobId: string,
   ) {
     try {
@@ -1043,7 +1041,7 @@ export class PXE {
           inspect(txRequest),
           `simulatePublic=${simulatePublic}`,
           `skipTxValidation=${skipTxValidation}`,
-          `scopes=${scopes === 'ALL_SCOPES' ? scopes : scopes.map(s => s.toString()).join(', ')}`,
+          `scopes=${scopes.map(s => s.toString()).join(', ')}`,
         );
       }
     });
@@ -1055,7 +1053,7 @@ export class PXE {
    */
   public executeUtility(
     call: FunctionCall,
-    { authwits, scopes }: ExecuteUtilityOpts = { scopes: 'ALL_SCOPES' },
+    { authwits, scopes }: ExecuteUtilityOpts = { scopes: [] },
   ): Promise<UtilityExecutionResult> {
     // We disable concurrent executions since those might execute oracles which read and write to the PXE stores (e.g.
     // to the capsules), and we need to prevent concurrent runs from interfering with one another (e.g. attempting to
@@ -1113,7 +1111,7 @@ export class PXE {
         throw this.#contextualizeError(
           err,
           `executeUtility ${to}:${name}(${stringifiedArgs})`,
-          `scopes=${scopes === 'ALL_SCOPES' ? scopes : scopes.map(s => s.toString()).join(', ')}`,
+          `scopes=${scopes.map(s => s.toString()).join(', ')}`,
         );
       }
     });

package/src/storage/capsule_store/capsule_service.ts

@@ -2,7 +2,6 @@ import type { Fr } from '@aztec/foundation/curves/bn254';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import type { Capsule } from '@aztec/stdlib/tx';
 
-import type { AccessScopes } from '../../access_scopes.js';
 import type { CapsuleStore } from './capsule_store.js';
 
 /**
@@ -12,7 +11,7 @@ import type { CapsuleStore } from './capsule_store.js';
 export class CapsuleService {
   constructor(
     private readonly capsuleStore: CapsuleStore,
-    private readonly allowedScopes: AccessScopes,
+    private readonly allowedScopes: AztecAddress[],
   ) {}
 
   setCapsule(contractAddress: AztecAddress, slot: Fr, capsule: Fr[], jobId: string, scope: AztecAddress) {
@@ -79,13 +78,13 @@ export class CapsuleService {
   }
 }
 
-function assertAllowedScope(scope: AztecAddress, allowedScopes: AccessScopes) {
-  if (allowedScopes === 'ALL_SCOPES' || scope.equals(AztecAddress.ZERO)) {
+function assertAllowedScope(scope: AztecAddress, allowedScopes: AztecAddress[]) {
+  if (scope.equals(AztecAddress.ZERO)) {
     return;
   }
-  if (!allowedScopes.some(allowed => allowed.equals(scope))) {
+  if (!allowedScopes.some((allowed: AztecAddress) => allowed.equals(scope))) {
     throw new Error(
-      `Scope ${scope.toString()} is not in the allowed scopes list: [${allowedScopes.map(s => s.toString()).join(', ')}]. See https://docs.aztec.network/errors/10`,
+      `Scope ${scope.toString()} is not in the allowed scopes list: [${allowedScopes.map((s: AztecAddress) => s.toString()).join(', ')}]. See https://docs.aztec.network/errors/10`,
     );
   }
 }

package/src/storage/note_store/note_store.ts

@@ -106,7 +106,7 @@ export class NoteStore implements StagedStore {
    * returned once if this is the case)
    */
   getNotes(filter: NotesFilter, jobId: string): Promise<NoteDao[]> {
-    if (filter.scopes !== 'ALL_SCOPES' && filter.scopes.length === 0) {
+    if (filter.scopes.length === 0) {
       return Promise.resolve([]);
     }
 
@@ -180,10 +180,7 @@ export class NoteStore implements StagedStore {
           continue;
         }
 
-        if (
-          filter.scopes !== 'ALL_SCOPES' &&
-          note.scopes.intersection(new Set(filter.scopes.map(s => s.toString()))).size === 0
-        ) {
+        if (note.scopes.intersection(new Set(filter.scopes.map(s => s.toString()))).size === 0) {
           continue;
         }
 

package/dest/access_scopes.d.ts

@@ -1,9 +0,0 @@
-import type { AztecAddress } from '@aztec/stdlib/aztec-address';
-/**
- * Controls which accounts' private state and keys are accessible during execution.
- * - `'ALL_SCOPES'`: All registered accounts' private state and keys are accessible.
- * - `AztecAddress[]` with entries: Only the specified accounts' private state and keys are accessible.
- * - `[]` (empty array): Deny-all. No private state is visible and no keys are accessible.
- */
-export type AccessScopes = 'ALL_SCOPES' | AztecAddress[];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzX3Njb3Blcy5kLnRzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2FjY2Vzc19zY29wZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEVBQUUsWUFBWSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFFaEU7Ozs7O0dBS0c7QUFDSCxNQUFNLE1BQU0sWUFBWSxHQUFHLFlBQVksR0FBRyxZQUFZLEVBQUUsQ0FBQyJ9

package/dest/access_scopes.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"access_scopes.d.ts","sourceRoot":"","sources":["../src/access_scopes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAEhE;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,YAAY,EAAE,CAAC"}

package/dest/access_scopes.js

@@ -1,6 +0,0 @@
-/**
- * Controls which accounts' private state and keys are accessible during execution.
- * - `'ALL_SCOPES'`: All registered accounts' private state and keys are accessible.
- * - `AztecAddress[]` with entries: Only the specified accounts' private state and keys are accessible.
- * - `[]` (empty array): Deny-all. No private state is visible and no keys are accessible.
- */ export { };

package/src/access_scopes.ts

@@ -1,9 +0,0 @@
-import type { AztecAddress } from '@aztec/stdlib/aztec-address';
-
-/**
- * Controls which accounts' private state and keys are accessible during execution.
- * - `'ALL_SCOPES'`: All registered accounts' private state and keys are accessible.
- * - `AztecAddress[]` with entries: Only the specified accounts' private state and keys are accessible.
- * - `[]` (empty array): Deny-all. No private state is visible and no keys are accessible.
- */
-export type AccessScopes = 'ALL_SCOPES' | AztecAddress[];