@typeberry/lib 0.5.10-ca4935b → 0.5.10-ec38e0b

package/packages/jam/jam-host-calls/general/fetch.js

@@ -14,7 +14,7 @@ import { HostCallResult } from "./results.js";
  * Ω_Y signature: Ω_Y(ρ, φ, μ, p, n, r, i, ī, x̄, 𝐢, ...)
  *
  * Context parameter mapping
- *   Is-Authorized: Ω_Y(ρ, φ, μ, 𝐩, ∅, ∅, ∅, ∅, ∅, ∅, ∅)
+ *   IsAuthorized: Ω_Y(ρ, φ, μ, 𝐩, ∅, ∅, ∅, ∅, ∅, ∅, ∅)
  *   https://graypaper.fluffylabs.dev/#/ab2cdbd/2e43012e4301?v=0.7.2
  *   Refine:        Ω_Y(ρ, φ, μ, p, H₀, r, i, ī, x̄, ∅, (m,e))
  *   https://graypaper.fluffylabs.dev/#/ab2cdbd/2fe0012fe001?v=0.7.2
@@ -22,13 +22,13 @@ import { HostCallResult } from "./results.js";
  *   https://graypaper.fluffylabs.dev/#/ab2cdbd/30c00030c000?v=0.7.2
  *
  * Kind availability per context:
- *   Kind 0  (constants)      — all contexts
- *   Kind 1  (n)              — Refine (H₀), Accumulate (η'₀)
- *   Kind 2  (r)              — Refine only
- *   Kind 3-4 (x̄ extrinsics) — Refine only
- *   Kind 5-6 (ī imports)     — Refine only
- *   Kind 7-13 (p work pkg)   — Is-Authorized, Refine
- *   Kind 14-15 (𝐢 acc items) — Accumulate only
+ *   Kind 0  (constants)      - all contexts
+ *   Kind 1  (n)              - Refine (H₀), Accumulate (η'₀)
+ *   Kind 2  (r)              - Refine only
+ *   Kind 3-4 (x̄ extrinsics)  - Refine only
+ *   Kind 5-6 (ī imports)     - Refine only
+ *   Kind 7-13 (p work pkg)   - IsAuthorized, Refine
+ *   Kind 14-15 (𝐢 acc items) - Accumulate only
  */
 export var FetchContext;
 (function (FetchContext) {
@@ -76,25 +76,25 @@ export class Fetch {
     }
     getValue(kind, regs) {
         const ext = this.fetch;
-        // Kind 0: constants — all contexts
+        // Kind 0: constants - all contexts
         if (kind === FetchKind.Constants) {
             return ext.constants();
         }
-        // Kind 1: entropy — Refine, Accumulate
+        // Kind 1: entropy - Refine, Accumulate
         if (kind === FetchKind.Entropy) {
             if (ext.context === FetchContext.IsAuthorized) {
                 return null;
             }
             return ext.entropy();
         }
-        // Kind 2: authorizer trace — Refine only
+        // Kind 2: authorizer trace - Refine only
         if (kind === FetchKind.AuthorizerTrace) {
             if (ext.context !== FetchContext.Refine) {
                 return null;
             }
             return ext.authorizerTrace();
         }
-        // Kind 3: other work item extrinsics — Refine only
+        // Kind 3: other work item extrinsics - Refine only
         if (kind === FetchKind.OtherWorkItemExtrinsics) {
             if (ext.context !== FetchContext.Refine) {
                 return null;
@@ -103,7 +103,7 @@ export class Fetch {
             const index = regs.get(12);
             return ext.workItemExtrinsic(workItem, index);
         }
-        // Kind 4: my extrinsics — Refine only
+        // Kind 4: my extrinsics - Refine only
         if (kind === FetchKind.MyExtrinsics) {
             if (ext.context !== FetchContext.Refine) {
                 return null;
@@ -111,7 +111,7 @@ export class Fetch {
             const index = regs.get(11);
             return ext.workItemExtrinsic(null, index);
         }
-        // Kind 5: other work item imports — Refine only
+        // Kind 5: other work item imports - Refine only
         if (kind === FetchKind.OtherWorkItemImports) {
             if (ext.context !== FetchContext.Refine) {
                 return null;
@@ -120,7 +120,7 @@ export class Fetch {
             const index = regs.get(12);
             return ext.workItemImport(workItem, index);
         }
-        // Kind 6: my imports — Refine only
+        // Kind 6: my imports - Refine only
         if (kind === FetchKind.MyImports) {
             if (ext.context !== FetchContext.Refine) {
                 return null;
@@ -128,42 +128,42 @@ export class Fetch {
             const index = regs.get(11);
             return ext.workItemImport(null, index);
         }
-        // Kind 7: work package — Is-Authorized, Refine
+        // Kind 7: work package - IsAuthorized, Refine
         if (kind === FetchKind.WorkPackage) {
             if (ext.context === FetchContext.Accumulate) {
                 return null;
             }
             return ext.workPackage();
         }
-        // Kind 8: authorizer — Is-Authorized, Refine
-        if (kind === FetchKind.Authorizer) {
+        // Kind 8: auth configuration - IsAuthorized, Refine
+        if (kind === FetchKind.AuthConfiguration) {
             if (ext.context === FetchContext.Accumulate) {
                 return null;
             }
-            return ext.authorizer();
+            return ext.authConfiguration();
         }
-        // Kind 9: authorization token — Is-Authorized, Refine
-        if (kind === FetchKind.AuthorizationToken) {
+        // Kind 9: authorization token - IsAuthorized, Refine
+        if (kind === FetchKind.AuthToken) {
             if (ext.context === FetchContext.Accumulate) {
                 return null;
             }
-            return ext.authorizationToken();
+            return ext.authToken();
         }
-        // Kind 10: refine context — Is-Authorized, Refine
+        // Kind 10: refine context - IsAuthorized, Refine
         if (kind === FetchKind.RefineContext) {
             if (ext.context === FetchContext.Accumulate) {
                 return null;
             }
             return ext.refineContext();
         }
-        // Kind 11: all work items — Is-Authorized, Refine
+        // Kind 11: all work items - IsAuthorized, Refine
         if (kind === FetchKind.AllWorkItems) {
             if (ext.context === FetchContext.Accumulate) {
                 return null;
             }
             return ext.allWorkItems();
         }
-        // Kind 12: one work item — Is-Authorized, Refine
+        // Kind 12: one work item - IsAuthorized, Refine
         if (kind === FetchKind.OneWorkItem) {
             if (ext.context === FetchContext.Accumulate) {
                 return null;
@@ -171,7 +171,7 @@ export class Fetch {
             const workItem = regs.get(11);
             return ext.oneWorkItem(workItem);
         }
-        // Kind 13: work item payload — Is-Authorized, Refine
+        // Kind 13: work item payload - IsAuthorized, Refine
         if (kind === FetchKind.WorkItemPayload) {
             if (ext.context === FetchContext.Accumulate) {
                 return null;
@@ -179,14 +179,14 @@ export class Fetch {
             const workItem = regs.get(11);
             return ext.workItemPayload(workItem);
         }
-        // Kind 14: all transfers and operands — Accumulate only
+        // Kind 14: all transfers and operands - Accumulate only
         if (kind === FetchKind.AllTransfersAndOperands) {
             if (ext.context !== FetchContext.Accumulate) {
                 return null;
             }
             return ext.allTransfersAndOperands();
         }
-        // Kind 15: one transfer or operand — Accumulate only
+        // Kind 15: one transfer or operand - Accumulate only
         if (kind === FetchKind.OneTransferOrOperand) {
             if (ext.context !== FetchContext.Accumulate) {
                 return null;
@@ -207,8 +207,8 @@ export var FetchKind;
     FetchKind[FetchKind["OtherWorkItemImports"] = 5] = "OtherWorkItemImports";
     FetchKind[FetchKind["MyImports"] = 6] = "MyImports";
     FetchKind[FetchKind["WorkPackage"] = 7] = "WorkPackage";
-    FetchKind[FetchKind["Authorizer"] = 8] = "Authorizer";
-    FetchKind[FetchKind["AuthorizationToken"] = 9] = "AuthorizationToken";
+    FetchKind[FetchKind["AuthConfiguration"] = 8] = "AuthConfiguration";
+    FetchKind[FetchKind["AuthToken"] = 9] = "AuthToken";
     FetchKind[FetchKind["RefineContext"] = 10] = "RefineContext";
     FetchKind[FetchKind["AllWorkItems"] = 11] = "AllWorkItems";
     FetchKind[FetchKind["OneWorkItem"] = 12] = "OneWorkItem";

package/packages/jam/jam-host-calls/general/fetch.test.js

@@ -35,9 +35,12 @@ describe("Fetch", () => {
     it("should write empty result and set IN_OUT_REG to NONE if fetch returns null", async () => {
         const currentServiceId = tryAsServiceId(10_000);
         const fetchMock = new RefineFetchMock();
-        // authorizerTraceResponse is null by default — Kind 2 legitimately returns null
+        // oneWorkItem returns null when the work item index has no mock response registered
         const blob = BytesBlob.blobFromNumbers([]);
-        const { registers, memory, readBack } = prepareRegsAndMemory(blob, FetchKind.AuthorizerTrace);
+        const { registers, memory, readBack } = prepareRegsAndMemory(blob, FetchKind.OneWorkItem);
+        // set work item index to one that has no response → oneWorkItem returns null
+        registers.set(11, tryAsU64(999));
+        fetchMock.oneWorkItemResponses.set("999", null);
         const fetch = new Fetch(currentServiceId, fetchMock);
         const result = await fetch.execute(gas, registers, memory);
         assert.strictEqual(result, undefined);
@@ -203,7 +206,7 @@ describe("Fetch", () => {
         const blob = BytesBlob.blobFromNumbers([201, 202, 203]);
         const fetchMock = new RefineFetchMock();
         fetchMock.authorizerResponse = blob;
-        const { registers, memory, readBack, expectedLength } = prepareRegsAndMemory(blob, FetchKind.Authorizer);
+        const { registers, memory, readBack, expectedLength } = prepareRegsAndMemory(blob, FetchKind.AuthConfiguration);
         const fetch = new Fetch(currentServiceId, fetchMock);
         const result = await fetch.execute(gas, registers, memory);
         assert.strictEqual(result, undefined);
@@ -215,7 +218,7 @@ describe("Fetch", () => {
         const blob = BytesBlob.blobFromNumbers([210, 211, 212]);
         const fetchMock = new RefineFetchMock();
         fetchMock.authorizationTokenResponse = blob;
-        const { registers, memory, readBack, expectedLength } = prepareRegsAndMemory(blob, FetchKind.AuthorizationToken);
+        const { registers, memory, readBack, expectedLength } = prepareRegsAndMemory(blob, FetchKind.AuthToken);
         const fetch = new Fetch(currentServiceId, fetchMock);
         const result = await fetch.execute(gas, registers, memory);
         assert.strictEqual(result, undefined);
@@ -314,8 +317,8 @@ describe("Fetch", () => {
             FetchKind.OtherWorkItemImports,
             FetchKind.MyImports,
             FetchKind.WorkPackage,
-            FetchKind.Authorizer,
-            FetchKind.AuthorizationToken,
+            FetchKind.AuthConfiguration,
+            FetchKind.AuthToken,
             FetchKind.RefineContext,
             FetchKind.AllWorkItems,
             FetchKind.OneWorkItem,
@@ -373,14 +376,14 @@ class RefineFetchMock {
     workItemPayloadData = [];
     constantsResponse = null;
     entropyResponse = null;
-    authorizerTraceResponse = null;
+    authorizerTraceResponse = BytesBlob.empty();
     workItemExtrinsicResponses = new Map();
     workItemImportResponses = new Map();
-    workPackageResponse = null;
-    authorizerResponse = null;
-    authorizationTokenResponse = null;
-    refineContextResponse = null;
-    allWorkItemsResponse = null;
+    workPackageResponse = BytesBlob.empty();
+    authorizerResponse = BytesBlob.empty();
+    authorizationTokenResponse = BytesBlob.empty();
+    refineContextResponse = BytesBlob.empty();
+    allWorkItemsResponse = BytesBlob.empty();
     oneWorkItemResponses = new Map();
     workItemPayloadResponses = new Map();
     constants() {
@@ -417,10 +420,10 @@ class RefineFetchMock {
     workPackage() {
         return this.workPackageResponse;
     }
-    authorizer() {
+    authConfiguration() {
         return this.authorizerResponse;
     }
-    authorizationToken() {
+    authToken() {
         return this.authorizationTokenResponse;
     }
     refineContext() {

package/packages/jam/jamnp-s/protocol/ce-133-work-package-submission.d.ts

@@ -29,8 +29,8 @@ export declare class CoreWorkPackage extends WithDebug {
                 lookupAnchorSlot: import("@typeberry/codec").Descriptor<number & import("@typeberry/numbers").WithBytesRepresentation<4> & import("@typeberry/utils").WithOpaque<"TimeSlot[u32]">, import("@typeberry/bytes").Bytes<4>>;
                 prerequisites: import("@typeberry/codec").Descriptor<(import("@typeberry/bytes").Bytes<32> & import("@typeberry/utils").WithOpaque<"WorkPackageHash">)[], import("@typeberry/codec").SequenceView<import("@typeberry/bytes").Bytes<32> & import("@typeberry/utils").WithOpaque<"WorkPackageHash">, import("@typeberry/bytes").Bytes<32>>>;
             }>>;
-            authorization: import("@typeberry/codec").Descriptor<BytesBlob, BytesBlob>;
-            parametrization: import("@typeberry/codec").Descriptor<BytesBlob, BytesBlob>;
+            authToken: import("@typeberry/codec").Descriptor<BytesBlob, BytesBlob>;
+            authConfiguration: import("@typeberry/codec").Descriptor<BytesBlob, BytesBlob>;
             items: import("@typeberry/codec").Descriptor<import("@typeberry/collections").FixedSizeArray<import("@typeberry/block").WorkItem, import("@typeberry/numbers").U8>, import("@typeberry/codec").SequenceView<import("@typeberry/block").WorkItem, import("@typeberry/codec").ViewOf<import("@typeberry/block").WorkItem, {
                 service: import("@typeberry/codec").Descriptor<number & import("@typeberry/numbers").WithBytesRepresentation<4> & import("@typeberry/utils").WithOpaque<"ServiceId[u32]">, import("@typeberry/bytes").Bytes<4>>;
                 codeHash: import("@typeberry/codec").Descriptor<import("@typeberry/bytes").Bytes<32> & import("@typeberry/utils").WithOpaque<"CodeHash">, import("@typeberry/bytes").Bytes<32>>;

package/packages/jam/transition/accumulate/accumulation-result-merge-utils.js

@@ -44,47 +44,56 @@ function mergePrivilegedServices(mergeContext, [serviceId, { stateUpdate }]) {
     const currentDelegator = currentPrivilegedServices.delegator;
     const currentAssigners = currentPrivilegedServices.assigners;
     const { privilegedServices } = stateUpdate;
-    if (privilegedServices !== null) {
-        if (outputState.privilegedServices === null) {
-            outputState.privilegedServices = PrivilegedServices.create({
-                ...currentPrivilegedServices,
-            });
-        }
-        if (serviceId === currentManager) {
-            outputState.privilegedServices = PrivilegedServices.create({
-                ...privilegedServices,
-            });
-        }
-        if (serviceId === currentRegistrar) {
-            const newRegistrar = updatePrivilegedService(currentPrivilegedServices.registrar, privilegedServicesUpdatedByManager.registrar, privilegedServices.registrar);
-            outputState.privilegedServices = PrivilegedServices.create({
-                ...outputState.privilegedServices,
-                registrar: newRegistrar,
-            });
-        }
-        if (serviceId === currentDelegator) {
-            const newDelegator = updatePrivilegedService(currentPrivilegedServices.delegator, privilegedServicesUpdatedByManager.delegator, privilegedServices.delegator);
-            outputState.privilegedServices = PrivilegedServices.create({
-                ...outputState.privilegedServices,
-                delegator: newDelegator,
-            });
-        }
-        let shouldUpdateAssigners = false;
-        const newAssigners = currentAssigners.map((currentAssigner, coreIndex) => {
-            if (serviceId === currentAssigner) {
-                const newAssigner = updatePrivilegedService(currentPrivilegedServices.assigners[coreIndex], privilegedServicesUpdatedByManager.assigners[coreIndex], privilegedServices.assigners[coreIndex]);
-                shouldUpdateAssigners = shouldUpdateAssigners || newAssigner !== currentAssigner;
-                return newAssigner;
-            }
-            return currentAssigner;
+    if (privilegedServices === null) {
+        return;
+    }
+    // initial value (ignore the update, because it might not be authorized)
+    if (outputState.privilegedServices === null) {
+        outputState.privilegedServices = PrivilegedServices.create({
+            ...currentPrivilegedServices,
+        });
+    }
+    // manager can override everything and it always takes precedence over
+    // everything else
+    if (serviceId === currentManager) {
+        outputState.privilegedServices = PrivilegedServices.create({
+            ...privilegedServices,
+        });
+    }
+    // current registrar can transfer out it's permissions, but only if
+    // it wasn't overwritten by manager in current run
+    if (serviceId === currentRegistrar) {
+        const newRegistrar = updatePrivilegedService(currentPrivilegedServices.registrar, privilegedServicesUpdatedByManager.registrar, privilegedServices.registrar);
+        outputState.privilegedServices = PrivilegedServices.create({
+            ...outputState.privilegedServices,
+            registrar: newRegistrar,
         });
-        if (shouldUpdateAssigners) {
-            const newAssignersPerCore = tryAsPerCore(newAssigners, chainSpec);
-            outputState.privilegedServices = PrivilegedServices.create({
-                ...outputState.privilegedServices,
-                assigners: newAssignersPerCore,
-            });
+    }
+    // current delegator can transfer out it's permissions, but only if
+    // it wasn't overwritten by manager in current run
+    if (serviceId === currentDelegator) {
+        const newDelegator = updatePrivilegedService(currentPrivilegedServices.delegator, privilegedServicesUpdatedByManager.delegator, privilegedServices.delegator);
+        outputState.privilegedServices = PrivilegedServices.create({
+            ...outputState.privilegedServices,
+            delegator: newDelegator,
+        });
+    }
+    let shouldUpdateAssigners = false;
+    // same with assigners - they are free to transfer out their core
+    const newAssigners = currentAssigners.map((currentAssigner, coreIndex) => {
+        if (serviceId === currentAssigner) {
+            const newAssigner = updatePrivilegedService(currentPrivilegedServices.assigners[coreIndex], privilegedServicesUpdatedByManager.assigners[coreIndex], privilegedServices.assigners[coreIndex]);
+            shouldUpdateAssigners = shouldUpdateAssigners || newAssigner !== currentAssigner;
+            return newAssigner;
         }
+        return currentAssigner;
+    });
+    if (shouldUpdateAssigners) {
+        const newAssignersPerCore = tryAsPerCore(newAssigners, chainSpec);
+        outputState.privilegedServices = PrivilegedServices.create({
+            ...outputState.privilegedServices,
+            assigners: newAssignersPerCore,
+        });
     }
 }
 function mergeValidatorsData(mergeContext, [serviceId, { stateUpdate }]) {

package/packages/jam/transition/externalities/accumulate-externalities.d.ts

@@ -2,7 +2,7 @@ import { type CodeHash, type CoreIndex, type PerValidator, type ServiceGas, type
 import type { PreimageHash } from "#@typeberry/block/preimage.js";
 import type { AuthorizerHash } from "#@typeberry/block/refine-context.js";
 import { Bytes, type BytesBlob } from "#@typeberry/bytes";
-import type { FixedSizeArray } from "#@typeberry/collections";
+import { type FixedSizeArray } from "#@typeberry/collections";
 import type { ChainSpec } from "#@typeberry/config";
 import { type Blake2b, type OpaqueHash } from "#@typeberry/hash";
 import { AccumulationStateUpdate, EjectError, ForgetPreimageError, type general, NewServiceError, type PartiallyUpdatedState, type PartialState, type PreimageStatus, ProvidePreimageError, RequestPreimageError, type TRANSFER_MEMO_BYTES, TransferError, UnprivilegedError, UpdatePrivilegesError } from "#@typeberry/jam-host-calls";
@@ -64,7 +64,7 @@ export declare class AccumulateExternalities implements PartialState, general.Ac
     upgradeService(codeHash: CodeHash, gas: U64, allowance: U64): void;
     updateValidatorsData(validatorsData: PerValidator<ValidatorData>): Result<OK, UnprivilegedError>;
     checkpoint(): void;
-    updateAuthorizationQueue(coreIndex: CoreIndex, authQueue: FixedSizeArray<AuthorizerHash, AUTHORIZATION_QUEUE_SIZE>, assigners: ServiceId | null): Result<OK, UpdatePrivilegesError>;
+    updateAuthorizationQueue(coreIndex: CoreIndex, authQueue: FixedSizeArray<AuthorizerHash, AUTHORIZATION_QUEUE_SIZE>, newAssigner: ServiceId | null): Result<OK, UpdatePrivilegesError>;
     updatePrivilegedServices(manager: ServiceId | null, assigners: PerCore<ServiceId>, delegator: ServiceId | null, registrar: ServiceId | null, autoAccumulateServices: Map<ServiceId, ServiceGas>): Result<OK, UpdatePrivilegesError>;
     yield(hash: OpaqueHash): void;
     providePreimage(serviceId: ServiceId | null, preimage: BytesBlob): Result<OK, ProvidePreimageError>;

package/packages/jam/transition/externalities/accumulate-externalities.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"accumulate-externalities.d.ts","sourceRoot":"","sources":["../../../../../../packages/jam/transition/externalities/accumulate-externalities.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,QAAQ,EAId,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,KAAK,EAAE,KAAK,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,KAAK,OAAO,EAAa,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EACL,uBAAuB,EAEvB,UAAU,EACV,mBAAmB,EACnB,KAAK,OAAO,EACZ,eAAe,EACf,KAAK,qBAAqB,EAC1B,KAAK,YAAY,EAEjB,KAAK,cAAc,EAEnB,oBAAoB,EACpB,oBAAoB,EAEpB,KAAK,mBAAmB,EACxB,aAAa,EACb,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAsC,KAAK,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EACL,KAAK,wBAAwB,EAE7B,KAAK,OAAO,EAGZ,kBAAkB,EAClB,KAAK,UAAU,EAGf,KAAK,aAAa,EACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAsB,EAAE,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAmBlE,qBAAa,uBACX,YAAW,YAAY,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,cAAc;IAOhH,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,YAAY;IACZ,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IAEjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAXlC,OAAO,CAAC,iBAAiB,CAA0B;IACnD,qDAAqD;IACrD,OAAO,CAAC,gBAAgB,CAAY;gBAGjB,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,OAAO,EAChB,YAAY,EAAE,qBAAqB;IACpD,YAAY;IACK,gBAAgB,EAAE,SAAS,EAC5C,yBAAyB,EAAE,SAAS,EACnB,eAAe,EAAE,QAAQ;IAW5C,iEAAiE;IACjE,eAAe,IAAI,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;IAIrE,yDAAyD;IACzD,mBAAmB;IAInB;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IAQ7B;;;;;;OAMG;IACH,cAAc,CAAC,WAAW,EAAE,SAAS,GAAG,IAAI,GAAG,kBAAkB,GAAG,IAAI;IAIxE;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,qBAAqB;IAY7B,+EAA+E;IAC/E,OAAO,CAAC,yBAAyB;IAiBjC,mBAAmB,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,GAAG,cAAc,GAAG,IAAI;IAU3E,eAAe,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM,CAAC,EAAE,EAAE,oBAAoB,CAAC;IAsElF,cAAc,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM,CAAC,EAAE,EAAE,mBAAmB,CAAC;IA2FhF,QAAQ,CACN,aAAa,EAAE,SAAS,GAAG,IAAI,EAC/B,MAAM,EAAE,GAAG,EACX,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,KAAK,CAAC,mBAAmB,CAAC,GAC/B,MAAM,CAAC,EAAE,EAAE,aAAa,CAAC;IAiD5B,UAAU,CACR,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,GAAG,EACf,gBAAgB,EAAE,UAAU,EAC5B,gBAAgB,EAAE,UAAU,EAC5B,aAAa,EAAE,GAAG,EAClB,eAAe,EAAE,GAAG,GACnB,MAAM,CAAC,SAAS,EAAE,eAAe,CAAC;IAiGrC,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,IAAI;IAclE,oBAAoB,CAAC,cAAc,EAAE,YAAY,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,EAAE,EAAE,iBAAiB,CAAC;IAgBhG,UAAU,IAAI,IAAI;IAKlB,wBAAwB,CACtB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,cAAc,CAAC,cAAc,EAAE,wBAAwB,CAAC,EACnE,SAAS,EAAE,SAAS,GAAG,IAAI,GAC1B,MAAM,CAAC,EAAE,EAAE,qBAAqB,CAAC;IA0BpC,wBAAwB,CACtB,OAAO,EAAE,SAAS,GAAG,IAAI,EACzB,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,EAC7B,SAAS,EAAE,SAAS,GAAG,IAAI,EAC3B,SAAS,EAAE,SAAS,GAAG,IAAI,EAC3B,sBAAsB,EAAE,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,GACjD,MAAM,CAAC,EAAE,EAAE,qBAAqB,CAAC;IAoBpC,KAAK,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAK7B,eAAe,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,EAAE,QAAQ,EAAE,SAAS,GAAG,MAAM,CAAC,EAAE,EAAE,oBAAoB,CAAC;IAuDnG,KAAK,CAAC,WAAW,EAAE,SAAS,GAAG,IAAI,EAAE,gBAAgB,EAAE,YAAY,GAAG,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC;IA8D5F,IAAI,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,GAAG,SAAS,GAAG,IAAI;IAOvE,KAAK,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,CAAC;IAyBhF,MAAM,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,EAAE,IAAI,EAAE,YAAY,GAAG,SAAS,GAAG,IAAI;CAO1E"}
+{"version":3,"file":"accumulate-externalities.d.ts","sourceRoot":"","sources":["../../../../../../packages/jam/transition/externalities/accumulate-externalities.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,QAAQ,EAId,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,KAAK,EAAE,KAAK,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAe,KAAK,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC1E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,KAAK,OAAO,EAAa,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EACL,uBAAuB,EAEvB,UAAU,EACV,mBAAmB,EACnB,KAAK,OAAO,EACZ,eAAe,EACf,KAAK,qBAAqB,EAC1B,KAAK,YAAY,EAEjB,KAAK,cAAc,EAEnB,oBAAoB,EACpB,oBAAoB,EAEpB,KAAK,mBAAmB,EACxB,aAAa,EACb,iBAAiB,EACjB,qBAAqB,EAEtB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAsC,KAAK,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAClF,OAAO,EACL,KAAK,wBAAwB,EAE7B,KAAK,OAAO,EAGZ,kBAAkB,EAClB,KAAK,UAAU,EAGf,KAAK,aAAa,EACnB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAsB,EAAE,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAmBlE,qBAAa,uBACX,YAAW,YAAY,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,cAAc;IAOhH,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,YAAY;IACZ,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IAEjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAXlC,OAAO,CAAC,iBAAiB,CAA0B;IACnD,qDAAqD;IACrD,OAAO,CAAC,gBAAgB,CAAY;gBAGjB,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,OAAO,EAChB,YAAY,EAAE,qBAAqB;IACpD,YAAY;IACK,gBAAgB,EAAE,SAAS,EAC5C,yBAAyB,EAAE,SAAS,EACnB,eAAe,EAAE,QAAQ;IAW5C,iEAAiE;IACjE,eAAe,IAAI,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;IAIrE,yDAAyD;IACzD,mBAAmB;IAInB;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IAQ7B;;;;;;OAMG;IACH,cAAc,CAAC,WAAW,EAAE,SAAS,GAAG,IAAI,GAAG,kBAAkB,GAAG,IAAI;IAIxE;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,qBAAqB;IAY7B,+EAA+E;IAC/E,OAAO,CAAC,yBAAyB;IAiBjC,mBAAmB,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,GAAG,cAAc,GAAG,IAAI;IAU3E,eAAe,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM,CAAC,EAAE,EAAE,oBAAoB,CAAC;IAsElF,cAAc,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,GAAG,MAAM,CAAC,EAAE,EAAE,mBAAmB,CAAC;IA2FhF,QAAQ,CACN,aAAa,EAAE,SAAS,GAAG,IAAI,EAC/B,MAAM,EAAE,GAAG,EACX,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,KAAK,CAAC,mBAAmB,CAAC,GAC/B,MAAM,CAAC,EAAE,EAAE,aAAa,CAAC;IAiD5B,UAAU,CACR,QAAQ,EAAE,QAAQ,EAClB,UAAU,EAAE,GAAG,EACf,gBAAgB,EAAE,UAAU,EAC5B,gBAAgB,EAAE,UAAU,EAC5B,aAAa,EAAE,GAAG,EAClB,eAAe,EAAE,GAAG,GACnB,MAAM,CAAC,SAAS,EAAE,eAAe,CAAC;IAiGrC,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,IAAI;IAclE,oBAAoB,CAAC,cAAc,EAAE,YAAY,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,EAAE,EAAE,iBAAiB,CAAC;IAgBhG,UAAU,IAAI,IAAI;IAKlB,wBAAwB,CACtB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,cAAc,CAAC,cAAc,EAAE,wBAAwB,CAAC,EACnE,WAAW,EAAE,SAAS,GAAG,IAAI,GAC5B,MAAM,CAAC,EAAE,EAAE,qBAAqB,CAAC;IAsCpC,wBAAwB,CACtB,OAAO,EAAE,SAAS,GAAG,IAAI,EACzB,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,EAC7B,SAAS,EAAE,SAAS,GAAG,IAAI,EAC3B,SAAS,EAAE,SAAS,GAAG,IAAI,EAC3B,sBAAsB,EAAE,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,GACjD,MAAM,CAAC,EAAE,EAAE,qBAAqB,CAAC;IAoBpC,KAAK,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAK7B,eAAe,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,EAAE,QAAQ,EAAE,SAAS,GAAG,MAAM,CAAC,EAAE,EAAE,oBAAoB,CAAC;IAuDnG,KAAK,CAAC,WAAW,EAAE,SAAS,GAAG,IAAI,EAAE,gBAAgB,EAAE,YAAY,GAAG,MAAM,CAAC,EAAE,EAAE,UAAU,CAAC;IA8D5F,IAAI,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,GAAG,SAAS,GAAG,IAAI;IAOvE,KAAK,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,CAAC;IAyBhF,MAAM,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,EAAE,IAAI,EAAE,YAAY,GAAG,SAAS,GAAG,IAAI;CAO1E"}

package/packages/jam/transition/externalities/accumulate-externalities.js

@@ -1,6 +1,7 @@
 import { tryAsServiceGas, tryAsServiceId, tryAsTimeSlot, } from "#@typeberry/block";
 import { MIN_PUBLIC_SERVICE_INDEX } from "#@typeberry/block/gp-constants.js";
 import { Bytes } from "#@typeberry/bytes";
+import { asKnownSize } from "#@typeberry/collections";
 import { HASH_SIZE } from "#@typeberry/hash";
 import { AccumulationStateUpdate, clampU64ToU32, EjectError, ForgetPreimageError, NewServiceError, PendingTransfer, PreimageStatusKind, ProvidePreimageError, RequestPreimageError, slotsToPreimageStatus, TransferError, UnprivilegedError, UpdatePrivilegesError, writeServiceIdAsLeBytes, } from "#@typeberry/jam-host-calls";
 import { Logger } from "#@typeberry/logger";
@@ -354,19 +355,31 @@ export class AccumulateExternalities {
         /** https://graypaper.fluffylabs.dev/#/9a08063/362202362202?v=0.6.6 */
         this.checkpointedState = AccumulationStateUpdate.copyFrom(this.updatedState.stateUpdate);
     }
-    updateAuthorizationQueue(coreIndex, authQueue, assigners) {
+    updateAuthorizationQueue(coreIndex, authQueue, newAssigner) {
         /** https://graypaper.fluffylabs.dev/#/7e6ff6a/36a40136a401?v=0.6.7 */
         // NOTE `coreIndex` is already verified in the HC, so this is infallible.
-        const currentAssigners = this.updatedState.getPrivilegedServices().assigners[coreIndex];
-        if (currentAssigners !== this.currentServiceId) {
-            logger.trace `Current service id (${this.currentServiceId}) is not an auth manager of core ${coreIndex} (expected: ${currentAssigners}) and cannot update authorization queue.`;
-            return Result.error(UpdatePrivilegesError.UnprivilegedService, () => `Service ${this.currentServiceId} not assigner for core ${coreIndex} (expected: ${currentAssigners})`);
-        }
-        if (assigners === null) {
+        const privilegedServices = this.updatedState.getPrivilegedServices();
+        const currentAssigners = privilegedServices.assigners;
+        const assigner = currentAssigners[coreIndex];
+        if (assigner !== this.currentServiceId) {
+            logger.trace `Current service id (${this.currentServiceId}) is not an auth manager of core ${coreIndex} (expected: ${assigner}) and cannot update authorization queue.`;
+            return Result.error(UpdatePrivilegesError.UnprivilegedService, () => `Service ${this.currentServiceId} not assigner for core ${coreIndex} (expected: ${assigner})`);
+        }
+        if (newAssigner === null) {
             logger.trace `The new auth manager is not a valid service id.`;
             return Result.error(UpdatePrivilegesError.InvalidServiceId, () => `New auth manager is null for core ${coreIndex}`);
         }
+        // update the authorization queue
         this.updatedState.stateUpdate.authorizationQueues.set(coreIndex, authQueue);
+        // move permissions to the new assigner
+        const assigners = currentAssigners.slice();
+        assigners[coreIndex] = newAssigner;
+        this.updatedState.stateUpdate.privilegedServices = PrivilegedServices.create({
+            ...privilegedServices,
+            // since coreindex is validated, we do not alter the size,
+            // hence it's safe to convert back
+            assigners: asKnownSize(assigners),
+        });
         return Result.ok(OK);
     }
     updatePrivilegedServices(manager, assigners, delegator, registrar, autoAccumulateServices) {

package/packages/jam/transition/externalities/accumulate-externalities.test.js

@@ -6,7 +6,7 @@ import { asKnownSize, FixedSizeArray, HashDictionary } from "#@typeberry/collect
 import { tinyChainSpec } from "#@typeberry/config";
 import { BANDERSNATCH_KEY_BYTES, BLS_KEY_BYTES, ED25519_KEY_BYTES } from "#@typeberry/crypto";
 import { Blake2b, HASH_SIZE } from "#@typeberry/hash";
-import { EjectError, ForgetPreimageError, NewServiceError, PartiallyUpdatedState, PendingTransfer, PreimageStatusKind, ProvidePreimageError, RequestPreimageError, TRANSFER_MEMO_BYTES, TransferError, UnprivilegedError, UpdatePrivilegesError, writeServiceIdAsLeBytes, } from "#@typeberry/jam-host-calls";
+import { CURRENT_SERVICE_ID, EjectError, ForgetPreimageError, NewServiceError, PartiallyUpdatedState, PendingTransfer, PreimageStatusKind, ProvidePreimageError, RequestPreimageError, TRANSFER_MEMO_BYTES, TransferError, UnprivilegedError, UpdatePrivilegesError, writeServiceIdAsLeBytes, } from "#@typeberry/jam-host-calls";
 import { tryAsU32, tryAsU64 } from "#@typeberry/numbers";
 import { AUTHORIZATION_QUEUE_SIZE, InMemoryService, InMemoryState, LookupHistoryItem, PreimageItem, PrivilegedServices, ServiceAccountInfo, StorageItem, tryAsLookupHistorySlots, tryAsPerCore, UpdatePreimage, UpdateService, VALIDATOR_META_BYTES, ValidatorData, } from "#@typeberry/state";
 import { testState } from "#@typeberry/state/test.utils.js";
@@ -663,16 +663,28 @@ describe("PartialState.upgradeService", () => {
     });
 });
 describe("PartialState.updateAuthorizationQueue", () => {
-    it("should update the authorization queue for a given core index", () => {
+    it("should update the authorization queue and transfer the assigner for the given core", () => {
         const state = partiallyUpdatedState();
+        const initialPrivileged = state.state.privilegedServices;
         const partialState = new AccumulateExternalities(tinyChainSpec, blake2b, state, tryAsServiceId(0), tryAsServiceId(10), tryAsTimeSlot(16));
         const coreIndex = tryAsCoreIndex(0);
-        const assigners = tryAsServiceId(0);
+        const newAssigner = tryAsServiceId(99);
         const queue = FixedSizeArray.new(Array.from({ length: AUTHORIZATION_QUEUE_SIZE }, () => Bytes.fill(HASH_SIZE, 0xee).asOpaque()), AUTHORIZATION_QUEUE_SIZE);
         // when
-        partialState.updateAuthorizationQueue(coreIndex, queue, assigners);
+        const result = partialState.updateAuthorizationQueue(coreIndex, queue, newAssigner);
         // then
+        deepEqual(result, Result.ok(OK));
         assert.deepStrictEqual(state.stateUpdate.authorizationQueues.get(coreIndex), queue);
+        // the privilegedServices update must be written, with only the targeted
+        // core's assigner transferred; all other fields must be preserved.
+        const updated = state.stateUpdate.privilegedServices;
+        assert.ok(updated !== null, "stateUpdate.privilegedServices should be written");
+        assert.strictEqual(updated.assigners[0], newAssigner);
+        assert.strictEqual(updated.assigners[1], initialPrivileged.assigners[1]);
+        assert.strictEqual(updated.manager, initialPrivileged.manager);
+        assert.strictEqual(updated.delegator, initialPrivileged.delegator);
+        assert.strictEqual(updated.registrar, initialPrivileged.registrar);
+        assert.strictEqual(updated.autoAccumulateServices, initialPrivileged.autoAccumulateServices);
     });
     it("should return InvalidServiceId when given auth manager is invalid", () => {
         const state = partiallyUpdatedState();
@@ -685,6 +697,8 @@ describe("PartialState.updateAuthorizationQueue", () => {
         // then
         deepEqual(result, Result.error(UpdatePrivilegesError.InvalidServiceId, () => "New auth manager is null for core 0"));
         assert.deepStrictEqual(state.stateUpdate.authorizationQueues.get(coreIndex), undefined);
+        // no partial privilegedServices write on error
+        assert.strictEqual(state.stateUpdate.privilegedServices, null);
     });
     it("should return UnprivilegedService when current service is not privileged", () => {
         const state = partiallyUpdatedState();
@@ -701,6 +715,8 @@ describe("PartialState.updateAuthorizationQueue", () => {
         // then
         deepEqual(result, Result.error(UpdatePrivilegesError.UnprivilegedService, () => "Service 0 not assigner for core 0 (expected: 1)"));
         assert.deepStrictEqual(state.stateUpdate.authorizationQueues.get(coreIndex), undefined);
+        // no partial privilegedServices write on error
+        assert.strictEqual(state.stateUpdate.privilegedServices, null);
     });
     it("should return UnprivilegedService before InvalidServiceId if given auth manager is incorrect, but current servis is also unprivileged", () => {
         const state = partiallyUpdatedState();
@@ -717,6 +733,60 @@ describe("PartialState.updateAuthorizationQueue", () => {
         // then
         deepEqual(result, Result.error(UpdatePrivilegesError.UnprivilegedService, () => "Service 0 not assigner for core 0 (expected: 1)"));
         assert.deepStrictEqual(state.stateUpdate.authorizationQueues.get(coreIndex), undefined);
+        // no partial privilegedServices write on error
+        assert.strictEqual(state.stateUpdate.privilegedServices, null);
+    });
+    it("should succeed on a self-transfer using CURRENT_SERVICE_ID", () => {
+        const state = partiallyUpdatedState();
+        // inject a service info for CURRENT_SERVICE_ID so it can act as the
+        // current (and assigning) service on core 0
+        const baseService = state.state.services.get(tryAsServiceId(0));
+        if (baseService === undefined) {
+            throw new Error("Invalid service!");
+        }
+        state.state.services.set(CURRENT_SERVICE_ID, new InMemoryService(CURRENT_SERVICE_ID, {
+            info: baseService.data.info,
+            preimages: HashDictionary.new(),
+            lookupHistory: HashDictionary.new(),
+            storage: new Map(),
+        }));
+        state.state.privilegedServices = PrivilegedServices.create({
+            ...state.state.privilegedServices,
+            assigners: asOpaqueType(FixedSizeArray.new([CURRENT_SERVICE_ID, tryAsServiceId(0)], tinyChainSpec.coresCount)),
+        });
+        const partialState = new AccumulateExternalities(tinyChainSpec, blake2b, state, CURRENT_SERVICE_ID, tryAsServiceId(10), tryAsTimeSlot(16));
+        const coreIndex = tryAsCoreIndex(0);
+        const queue = FixedSizeArray.new(Array.from({ length: AUTHORIZATION_QUEUE_SIZE }, () => Bytes.fill(HASH_SIZE, 0xee).asOpaque()), AUTHORIZATION_QUEUE_SIZE);
+        // when
+        const result = partialState.updateAuthorizationQueue(coreIndex, queue, CURRENT_SERVICE_ID);
+        // then
+        deepEqual(result, Result.ok(OK));
+        assert.deepStrictEqual(state.stateUpdate.authorizationQueues.get(coreIndex), queue);
+        const updated = state.stateUpdate.privilegedServices;
+        assert.ok(updated !== null, "stateUpdate.privilegedServices should be written");
+        assert.strictEqual(updated.assigners[0], CURRENT_SERVICE_ID);
+        assert.strictEqual(updated.assigners[1], tryAsServiceId(0));
+    });
+    it("should prevent the previous assigner from re-assigning after transfer", () => {
+        const state = partiallyUpdatedState();
+        const partialState = new AccumulateExternalities(tinyChainSpec, blake2b, state, tryAsServiceId(0), tryAsServiceId(10), tryAsTimeSlot(16));
+        const coreIndex = tryAsCoreIndex(0);
+        const newAssigner = tryAsServiceId(99);
+        const firstQueue = FixedSizeArray.new(Array.from({ length: AUTHORIZATION_QUEUE_SIZE }, () => Bytes.fill(HASH_SIZE, 0xee).asOpaque()), AUTHORIZATION_QUEUE_SIZE);
+        const secondQueue = FixedSizeArray.new(Array.from({ length: AUTHORIZATION_QUEUE_SIZE }, () => Bytes.fill(HASH_SIZE, 0xff).asOpaque()), AUTHORIZATION_QUEUE_SIZE);
+        // when: first call succeeds and transfers the assigner to service 99
+        const first = partialState.updateAuthorizationQueue(coreIndex, firstQueue, newAssigner);
+        // and the previous assigner (service 0) immediately tries to re-assign
+        const second = partialState.updateAuthorizationQueue(coreIndex, secondQueue, tryAsServiceId(0));
+        // then
+        deepEqual(first, Result.ok(OK));
+        deepEqual(second, Result.error(UpdatePrivilegesError.UnprivilegedService, () => "Service 0 not assigner for core 0 (expected: 99)"));
+        // the first queue remains — the failing second call must not overwrite it
+        assert.deepStrictEqual(state.stateUpdate.authorizationQueues.get(coreIndex), firstQueue);
+        // and the transferred assigner is still in place
+        const updated = state.stateUpdate.privilegedServices;
+        assert.ok(updated !== null);
+        assert.strictEqual(updated.assigners[0], newAssigner);
     });
 });
 describe("PartialState.updatePrivilegedServices", () => {

package/packages/jam/transition/externalities/index.d.ts

@@ -1,5 +1,6 @@
 export * from "./accumulate-externalities.js";
 export * from "./accumulate-fetch-externalities.js";
 export * from "./fetch-externalities.js";
+export * from "./is-authorized-fetch-externalities.js";
 export * from "./refine-fetch-externalities.js";
 //# sourceMappingURL=index.d.ts.map

package/packages/jam/transition/externalities/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../packages/jam/transition/externalities/index.ts"],"names":[],"mappings":"AAAA,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qCAAqC,CAAC;AACpD,cAAc,0BAA0B,CAAC;AACzC,cAAc,iCAAiC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../packages/jam/transition/externalities/index.ts"],"names":[],"mappings":"AAAA,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qCAAqC,CAAC;AACpD,cAAc,0BAA0B,CAAC;AACzC,cAAc,wCAAwC,CAAC;AACvD,cAAc,iCAAiC,CAAC"}

package/packages/jam/transition/externalities/index.js

@@ -1,4 +1,5 @@
 export * from "./accumulate-externalities.js";
 export * from "./accumulate-fetch-externalities.js";
 export * from "./fetch-externalities.js";
+export * from "./is-authorized-fetch-externalities.js";
 export * from "./refine-fetch-externalities.js";

package/packages/jam/transition/externalities/is-authorized-fetch-externalities.d.ts

@@ -0,0 +1,22 @@
+import { BytesBlob } from "#@typeberry/bytes";
+import type { ChainSpec } from "#@typeberry/config";
+import { general } from "#@typeberry/jam-host-calls";
+import type { U64 } from "#@typeberry/numbers";
+export declare class IsAuthorizedFetchExternalities implements general.IIsAuthorizedFetch {
+    private readonly chainSpec;
+    private readonly params;
+    readonly context = general.FetchContext.IsAuthorized;
+    constructor(chainSpec: ChainSpec, params: {
+        authToken: BytesBlob;
+        authConfiguration: BytesBlob;
+    });
+    constants(): BytesBlob;
+    workPackage(): BytesBlob;
+    authConfiguration(): BytesBlob;
+    authToken(): BytesBlob;
+    refineContext(): BytesBlob;
+    allWorkItems(): BytesBlob;
+    oneWorkItem(_workItem: U64): BytesBlob | null;
+    workItemPayload(_workItem: U64): BytesBlob | null;
+}
+//# sourceMappingURL=is-authorized-fetch-externalities.d.ts.map

package/packages/jam/transition/externalities/is-authorized-fetch-externalities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"is-authorized-fetch-externalities.d.ts","sourceRoot":"","sources":["../../../../../../packages/jam/transition/externalities/is-authorized-fetch-externalities.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAG9C,qBAAa,8BAA+B,YAAW,OAAO,CAAC,kBAAkB;IAI7E,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IAJzB,QAAQ,CAAC,OAAO,qCAAqC;gBAGlC,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE;QACvB,SAAS,EAAE,SAAS,CAAC;QACrB,iBAAiB,EAAE,SAAS,CAAC;KAC9B;IAGH,SAAS,IAAI,SAAS;IAKtB,WAAW,IAAI,SAAS;IAIxB,iBAAiB,IAAI,SAAS;IAI9B,SAAS,IAAI,SAAS;IAKtB,aAAa,IAAI,SAAS;IAK1B,YAAY,IAAI,SAAS;IAKzB,WAAW,CAAC,SAAS,EAAE,GAAG,GAAG,SAAS,GAAG,IAAI;IAK7C,eAAe,CAAC,SAAS,EAAE,GAAG,GAAG,SAAS,GAAG,IAAI;CAGlD"}