trac-msb 0.2.4 → 0.2.6

package/tests/unit/state/apply/appendWhitelist/appendWhitelistHappyPathScenario.js

@@ -0,0 +1,55 @@
+import { test } from 'brittle';
+import b4a from 'b4a';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import nodeEntryUtils from '../../../../../src/core/state/utils/nodeEntry.js';
+import { safeDecodeApplyOperation } from '../../../../../src/utils/protobuf/operationHelpers.js';
+import setupAppendWhitelistScenario, {
+	buildAppendWhitelistPayload,
+	selectReaderPeer,
+	assertReaderWhitelisted
+} from './appendWhitelistScenarioHelpers.js';
+
+export default function appendWhitelistHappyPathScenario() {
+	test('State.apply appendWhitelist registers reader nodes and assigns licenses - happy path', async t => {
+		const context = await setupAppendWhitelistScenario(t);
+		const adminNode = context.adminBootstrap;
+		const readerPeer = selectReaderPeer(context);
+
+		const adminNodeEntryBefore = await adminNode.base.view.get(adminNode.wallet.address);
+		t.ok(adminNodeEntryBefore, 'admin node entry exists');
+		const decodedAdminBefore = nodeEntryUtils.decode(adminNodeEntryBefore.value);
+		t.ok(decodedAdminBefore, 'admin node entry decodes');
+		const adminBalanceSnapshot = decodedAdminBefore.balance && b4a.from(decodedAdminBefore.balance);
+
+		const payload = await buildAppendWhitelistPayload(context, readerPeer.wallet.address);
+		const decodedPayload = safeDecodeApplyOperation(payload);
+		t.ok(decodedPayload, 'payload decodes');
+		const whitelistTxHash = decodedPayload?.aco?.tx?.toString('hex');
+		t.ok(whitelistTxHash, 'whitelist tx hash extracted');
+
+		await adminNode.base.append(payload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		await assertReaderWhitelisted(t, adminNode.base, readerPeer.wallet.address, {
+			expectedLicenseCount: 2
+		});
+
+		const adminNodeEntryAfter = await adminNode.base.view.get(adminNode.wallet.address);
+		const decodedAdminAfter = nodeEntryUtils.decode(adminNodeEntryAfter.value);
+		t.ok(decodedAdminAfter, 'admin node entry decodes after whitelist append');
+		t.ok(
+			b4a.equals(decodedAdminAfter.balance, adminBalanceSnapshot),
+			'admin balance remains unchanged while initialization enabled'
+		);
+
+		const txEntry = await adminNode.base.view.get(whitelistTxHash);
+		t.ok(txEntry, 'whitelist transaction recorded to prevent replays');
+
+		await context.sync();
+
+		await assertReaderWhitelisted(t, readerPeer.base, readerPeer.wallet.address, {
+			expectedLicenseCount: 2
+		});
+	});
+}

package/tests/unit/state/apply/appendWhitelist/appendWhitelistInsufficientAdminBalanceScenario.js

@@ -0,0 +1,103 @@
+import b4a from 'b4a';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import OperationValidationScenarioBase from '../common/base/OperationValidationScenarioBase.js';
+import nodeEntryUtils, { ZERO_BALANCE } from '../../../../../src/core/state/utils/nodeEntry.js';
+import setupAppendWhitelistScenario, {
+	buildAppendWhitelistPayload,
+	selectReaderPeer,
+	assertAppendWhitelistFailureState
+} from './appendWhitelistScenarioHelpers.js';
+import { buildDisableInitializationPayload } from '../disableInitialization/disableInitializationScenarioHelpers.js';
+
+export default function appendWhitelistInsufficientAdminBalanceScenario() {
+	new OperationValidationScenarioBase({
+		title: 'State.apply appendWhitelist aborts when admin balance cannot cover the fee',
+		setupScenario: setupAppendWhitelistScenario,
+		buildValidPayload: context => buildAppendWhitelistPayload(context),
+		mutatePayload: passThroughPayload,
+		applyInvalidPayload: createApplyWithDepletedAdmin(),
+		assertStateUnchanged: (t, context) =>
+			assertAppendWhitelistFailureState(t, context, {
+				readerAddress: selectReaderPeer(context).wallet.address,
+				expectedLicenseCount: 1,
+				skipSync: true
+			}),
+		expectedLogs: ['Insufficient admin balance.']
+	}).performScenario();
+}
+
+function passThroughPayload(_t, payload) {
+	return payload;
+}
+
+function createApplyWithDepletedAdmin() {
+	return async (context, payload) => {
+		const adminNode = context.adminBootstrap;
+		const adminAddressKey = adminNode.wallet.address;
+
+		const disablePayload = await buildDisableInitializationPayload(context);
+		await adminNode.base.append(disablePayload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		const cleanup = patchAdminBalanceToZero(adminNode.base, adminAddressKey);
+		try {
+			await adminNode.base.append(payload);
+			await adminNode.base.update();
+			await eventFlush();
+		} finally {
+			await cleanup();
+		}
+	};
+}
+
+function patchAdminBalanceToZero(base, adminAddressKey) {
+	const originalApply = base._handlers.apply;
+	let shouldPatchNextApply = true;
+
+	base._handlers.apply = async (nodes, view, baseCtx) => {
+		if (!shouldPatchNextApply) {
+			return originalApply(nodes, view, baseCtx);
+		}
+
+		shouldPatchNextApply = false;
+		const previousBatch = view.batch;
+		const boundBatch = previousBatch.bind(view);
+
+		view.batch = function patchedBatch(...args) {
+			const batch = boundBatch(...args);
+			const originalGet = batch.get?.bind(batch);
+			if (typeof originalGet === 'function') {
+				let mutated = false;
+				batch.get = async key => {
+					if (mutated || key !== adminAddressKey) {
+						return originalGet(key);
+					}
+
+					const adminEntry = await originalGet(key);
+					if (!adminEntry?.value) return adminEntry;
+
+					const depletedEntryBuffer = nodeEntryUtils.setBalance(
+						b4a.from(adminEntry.value),
+						ZERO_BALANCE
+					);
+
+					if (!depletedEntryBuffer) return adminEntry;
+					mutated = true;
+					return { ...adminEntry, value: depletedEntryBuffer };
+				};
+			}
+			return batch;
+		};
+
+		try {
+			return await originalApply(nodes, view, baseCtx);
+		} finally {
+			view.batch = previousBatch;
+		}
+	};
+
+	return async () => {
+		base._handlers.apply = originalApply;
+	};
+}

package/tests/unit/state/apply/appendWhitelist/appendWhitelistNodeAlreadyWhitelistedScenario.js

@@ -0,0 +1,60 @@
+import { test } from 'brittle';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import setupAppendWhitelistScenario, {
+	buildAppendWhitelistPayload,
+	selectReaderPeer,
+	assertReaderWhitelisted
+} from './appendWhitelistScenarioHelpers.js';
+
+export default function appendWhitelistNodeAlreadyWhitelistedScenario() {
+	test('State.apply appendWhitelist rejects nodes that are already whitelisted', async t => {
+		const context = await setupAppendWhitelistScenario(t);
+		const adminNode = context.adminBootstrap;
+		const readerPeer = selectReaderPeer(context);
+
+		const firstPayload = await buildAppendWhitelistPayload(
+			context,
+			readerPeer.wallet.address
+		);
+		await adminNode.base.append(firstPayload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		await assertReaderWhitelisted(t, adminNode.base, readerPeer.wallet.address, {
+			expectedLicenseCount: 2
+		});
+
+		const duplicatePayload = await buildAppendWhitelistPayload(
+			context,
+			readerPeer.wallet.address
+		);
+
+		const capturedLogs = [];
+		const originalConsoleError = console.error;
+		console.error = (...args) => {
+			capturedLogs.push(args);
+			originalConsoleError(...args);
+		};
+
+		try {
+			await adminNode.base.append(duplicatePayload);
+			await adminNode.base.update();
+			await eventFlush();
+		} finally {
+			console.error = originalConsoleError;
+		}
+
+		await assertReaderWhitelisted(t, adminNode.base, readerPeer.wallet.address, {
+			expectedLicenseCount: 2
+		});
+		await context.sync();
+		await assertReaderWhitelisted(t, readerPeer.base, readerPeer.wallet.address, {
+			expectedLicenseCount: 2
+		});
+
+		const foundLog = capturedLogs.some(args =>
+			args.some(arg => typeof arg === 'string' && arg.includes('Node already whitelisted.'))
+		);
+		t.ok(foundLog, 'expected apply log "Node already whitelisted." was emitted');
+	});
+}

package/tests/unit/state/apply/appendWhitelist/appendWhitelistScenarioHelpers.js

@@ -0,0 +1,191 @@
+import b4a from 'b4a';
+import { setupStateNetwork } from '../../../../helpers/StateNetworkFactory.js';
+import {
+	seedBootstrapIndexer,
+	defaultOpenHyperbeeView,
+	deriveIndexerSequenceState,
+	eventFlush
+} from '../../../../helpers/autobaseTestHelpers.js';
+import CompleteStateMessageOperations from '../../../../../src/messages/completeStateMessages/CompleteStateMessageOperations.js';
+import { AUTOBASE_VALUE_ENCODING, EntryType } from '../../../../../src/utils/constants.js';
+import { safeDecodeApplyOperation, safeEncodeApplyOperation } from '../../../../../src/utils/protobuf/operationHelpers.js';
+import nodeEntryUtils, { ZERO_LICENSE } from '../../../../../src/core/state/utils/nodeEntry.js';
+import lengthEntryUtils from '../../../../../src/core/state/utils/lengthEntry.js';
+import addressUtils from '../../../../../src/core/state/utils/address.js';
+import { buildAddAdminRequesterPayload } from '../addAdmin/addAdminScenarioHelpers.js';
+
+export async function setupAppendWhitelistScenario(t, { nodes = 2 } = {}) {
+	const context = await setupStateNetwork({
+		nodes: Math.max(nodes, 2),
+		valueEncoding: AUTOBASE_VALUE_ENCODING,
+		open: defaultOpenHyperbeeView
+	});
+
+	seedBootstrapIndexer(context);
+
+	t.teardown(async () => {
+		await context.teardown();
+	});
+
+	await bootstrapAdmin(context);
+	return context;
+}
+
+export function selectReaderPeer(context, offset = 0) {
+	const readerPeers = context.peers.slice(1);
+	if (readerPeers.length === 0) {
+		throw new Error('Append whitelist scenarios require at least one reader node.');
+	}
+	return readerPeers[Math.min(offset, readerPeers.length - 1)];
+}
+
+
+export async function buildAppendWhitelistPayload(context, readerAddress = null) {
+	const adminNode = context.adminBootstrap;
+	const targetAddress = readerAddress ?? selectReaderPeer(context).wallet.address;
+	const txValidity = await deriveIndexerSequenceState(adminNode.base);
+	return CompleteStateMessageOperations.assembleAppendWhitelistMessages(
+		adminNode.wallet,
+		txValidity,
+		targetAddress
+	);
+}
+
+export async function buildAppendWhitelistPayloadWithTxValidity(
+	context,
+	txValidity,
+	readerAddress = null
+) {
+	const adminNode = context.adminBootstrap;
+	const targetAddress = readerAddress ?? selectReaderPeer(context).wallet.address;
+	return CompleteStateMessageOperations.assembleAppendWhitelistMessages(
+		adminNode.wallet,
+		txValidity,
+		targetAddress
+	);
+}
+
+export async function buildBanWriterPayload(context, readerAddress) {
+	const adminNode = context.adminBootstrap;
+	const txValidity = await deriveIndexerSequenceState(adminNode.base);
+	return CompleteStateMessageOperations.assembleBanWriterMessage(
+		adminNode.wallet,
+		readerAddress,
+		txValidity
+	);
+}
+
+export function mutateAppendWhitelistPayloadForInvalidSchema(t, validPayload) {
+	const decodedPayload = safeDecodeApplyOperation(validPayload);
+	t.ok(decodedPayload, 'fixtures decode');
+	decodedPayload.aco.tx = b4a.alloc(decodedPayload.aco.tx.length);
+	return safeEncodeApplyOperation(decodedPayload);
+}
+
+export async function assertAppendWhitelistFailureState(
+	t,
+	context,
+	{ skipSync = false, readerAddress = null, expectedLicenseCount = 1 } = {}
+) {
+	const adminNode = context.adminBootstrap;
+	const targetAddress = readerAddress ?? selectReaderPeer(context).wallet.address;
+
+	await assertReaderAbsent(t, adminNode.base, targetAddress);
+
+	if (typeof expectedLicenseCount === 'number') {
+		await assertLicenseCount(t, adminNode.base, expectedLicenseCount);
+	}
+
+	if (!skipSync) {
+		await context.sync();
+		for (const peer of context.peers) {
+			await assertReaderAbsent(t, peer.base, targetAddress);
+		}
+	}
+}
+
+export async function assertAppendWhitelistSuccessState(
+	t,
+	context,
+	{ readerAddress = null, expectedLicenseCount = 2, skipSync = false } = {}
+) {
+	const adminNode = context.adminBootstrap;
+	const targetAddress = readerAddress ?? selectReaderPeer(context).wallet.address;
+
+	await assertReaderWhitelisted(t, adminNode.base, targetAddress, {
+		expectedLicenseCount
+	});
+
+	if (!skipSync) {
+		await context.sync();
+		const peer = findPeerByAddress(context, targetAddress);
+		if (peer) {
+			await assertReaderWhitelisted(t, peer.base, targetAddress, {
+				expectedLicenseCount
+			});
+		}
+	}
+}
+
+export async function assertReaderWhitelisted(
+	t,
+	base,
+	readerAddress,
+	{ expectedLicenseCount } = {}
+) {
+	const nodeEntryRecord = await base.view.get(readerAddress);
+	t.ok(nodeEntryRecord, 'reader node entry exists');
+
+	const decodedEntry = nodeEntryUtils.decode(nodeEntryRecord.value);
+	t.ok(decodedEntry, 'reader node entry decodes');
+	t.is(decodedEntry.isWhitelisted, true, 'reader flagged as whitelisted');
+	t.is(decodedEntry.isWriter, false, 'reader not flagged as writer');
+	t.is(decodedEntry.isIndexer, false, 'reader not flagged as indexer');
+	t.ok(!b4a.equals(decodedEntry.license, ZERO_LICENSE), 'reader license assigned');
+
+	const licenseId = lengthEntryUtils.decodeBE(decodedEntry.license);
+	const licenseIndexEntry = await base.view.get(`${EntryType.LICENSE_INDEX}${licenseId}`);
+	t.ok(licenseIndexEntry, 'license index entry exists for reader');
+	const readerAddressBuffer = addressUtils.addressToBuffer(readerAddress);
+	t.ok(readerAddressBuffer.length > 0, 'reader address encodes to buffer');
+	t.ok(
+		licenseIndexEntry && b4a.equals(licenseIndexEntry.value, readerAddressBuffer),
+		'license index stores reader address'
+	);
+
+	if (typeof expectedLicenseCount === 'number') {
+		await assertLicenseCount(t, base, expectedLicenseCount);
+	}
+
+	return { licenseId, decodedEntry };
+}
+
+async function bootstrapAdmin(context) {
+	const adminNode = context.adminBootstrap;
+	const payload = await buildAddAdminRequesterPayload(context);
+
+	await adminNode.base.append(payload);
+	await adminNode.base.update();
+	await eventFlush();
+}
+
+async function assertReaderAbsent(t, base, address) {
+	const nodeEntryRecord = await base.view.get(address);
+	t.is(nodeEntryRecord, null, 'reader node entry remains absent');
+}
+
+function findPeerByAddress(context, address) {
+	return context.peers.find(peer => peer.wallet?.address === address) ?? null;
+}
+
+async function assertLicenseCount(t, base, expected) {
+	const licenseCountEntry = await base.view.get(EntryType.LICENSE_COUNT);
+	t.ok(licenseCountEntry, 'license count entry exists');
+	const licenseCount = lengthEntryUtils.decodeBE(licenseCountEntry.value);
+	t.is(licenseCount, expected, 'license count matches expected value');
+}
+
+export default setupAppendWhitelistScenario;
+export {
+	assertReaderAbsent
+};

package/tests/unit/state/apply/appendWhitelist/state.apply.appendWhitelist.test.js

@@ -0,0 +1,220 @@
+import InvalidPayloadValidationScenario from '../common/payload-structure/invalidPayloadValidationScenario.js';
+import InvalidAddressValidationScenario from '../common/payload-structure/invalidAddressValidationScenario.js';
+import createAddressWithInvalidPublicKeyScenario from '../common/payload-structure/addressWithInvalidPublicKeyScenario.js';
+import AdminEntryMissingScenario from '../common/access-control/adminEntryMissingScenario.js';
+import AdminEntryDecodeFailureScenario from '../common/access-control/adminEntryDecodeFailureScenario.js';
+import AdminOnlyGuardScenario from '../common/access-control/adminOnlyGuardScenario.js';
+import AdminPublicKeyDecodeFailureScenario from '../common/access-control/adminPublicKeyDecodeFailureScenario.js';
+import AdminConsistencyMismatchScenario from '../common/access-control/adminConsistencyMismatchScenario.js';
+import InvalidHashValidationScenario from '../common/payload-structure/invalidHashValidationScenario.js';
+import InvalidSignatureValidationScenario, { SignatureMutationStrategy } from '../common/payload-structure/invalidSignatureValidationScenario.js';
+import TransactionValidityMismatchScenario from '../common/transactionValidityMismatchScenario.js';
+import IndexerSequenceStateInvalidScenario from '../common/indexer/indexerSequenceStateInvalidScenario.js';
+import OperationAlreadyAppliedScenario from '../common/operationAlreadyAppliedScenario.js';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import createAdminEntryUpdateFailureScenario from '../common/balances/adminEntryUpdateFailureScenario.js';
+import createNodeEntryInitializationFailureScenario from '../common/nodeEntryInitializationFailureScenario.js';
+import appendWhitelistHappyPathScenario from './appendWhitelistHappyPathScenario.js';
+import appendWhitelistExistingReaderHappyPathScenario from './appendWhitelistExistingReaderHappyPathScenario.js';
+import appendWhitelistBanAndReapplyScenario from './appendWhitelistBanAndReapplyScenario.js';
+import appendWhitelistFeeAfterDisableScenario from './appendWhitelistFeeAfterDisableScenario.js';
+import appendWhitelistNodeAlreadyWhitelistedScenario from './appendWhitelistNodeAlreadyWhitelistedScenario.js';
+import appendWhitelistInsufficientAdminBalanceScenario from './appendWhitelistInsufficientAdminBalanceScenario.js';
+import { buildDisableInitializationPayload } from '../disableInitialization/disableInitializationScenarioHelpers.js';
+import setupAppendWhitelistScenario, {
+	buildAppendWhitelistPayload,
+	buildAppendWhitelistPayloadWithTxValidity,
+	mutateAppendWhitelistPayloadForInvalidSchema,
+	assertAppendWhitelistFailureState,
+	assertAppendWhitelistSuccessState
+} from './appendWhitelistScenarioHelpers.js';
+
+appendWhitelistHappyPathScenario();
+appendWhitelistExistingReaderHappyPathScenario();
+appendWhitelistBanAndReapplyScenario();
+appendWhitelistFeeAfterDisableScenario();
+appendWhitelistNodeAlreadyWhitelistedScenario();
+
+new InvalidPayloadValidationScenario({
+	title: 'State.apply appendWhitelist rejects payloads that fail schema validation',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	mutatePayload: mutateAppendWhitelistPayloadForInvalidSchema,
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	expectedLogs: ['Contract schema validation failed.']
+}).performScenario();
+
+new InvalidAddressValidationScenario({
+	title: 'State.apply appendWhitelist recipient address is invalid',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	addressPath: ['address'],
+	expectedLogs: ['Recipient address is invalid.']
+}).performScenario();
+
+createAddressWithInvalidPublicKeyScenario({
+	title: 'State.apply appendWhitelist recipient public key is invalid',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	addressPath: ['address'],
+	expectedLogs: ['Failed to decode recipient public key.']
+}).performScenario();
+
+new AdminEntryMissingScenario({
+	title: 'State.apply appendWhitelist aborts when admin entry cannot be verified',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistFailureState(t, context, { skipSync: true }),
+	expectedLogs: ['Failed to verify admin entry.']
+}).performScenario();
+
+new AdminEntryDecodeFailureScenario({
+	title: 'State.apply appendWhitelist aborts when admin entry cannot be decoded',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistFailureState(t, context, { skipSync: true }),
+	expectedLogs: ['Failed to decode admin entry.']
+}).performScenario();
+
+new AdminOnlyGuardScenario({
+	title: 'State.apply appendWhitelist rejects non-admin nodes',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistFailureState(t, context, { skipSync: true }),
+	expectedLogs: ['Node is not allowed to perform this operation. (ADMIN ONLY)']
+}).performScenario();
+
+new AdminPublicKeyDecodeFailureScenario({
+	title: 'State.apply appendWhitelist aborts when admin public key cannot be decoded',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistFailureState(t, context, { skipSync: true }),
+	expectedLogs: ['Failed to decode admin public key.']
+}).performScenario();
+
+new AdminConsistencyMismatchScenario({
+	title: 'State.apply appendWhitelist rejects when admin key mismatch occurs',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistFailureState(t, context, { skipSync: true }),
+	expectedLogs: ['System admin and node public keys do not match.']
+}).performScenario();
+
+new InvalidAddressValidationScenario({
+	title: 'State.apply appendWhitelist node address is invalid',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	addressPath: ['aco', 'ia'],
+	expectedLogs: ['Failed to verify node address.']
+}).performScenario();
+
+createAddressWithInvalidPublicKeyScenario({
+	title: 'State.apply appendWhitelist node public key is invalid',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	addressPath: ['aco', 'ia'],
+	expectedLogs: ['Failed to decode node public key.']
+}).performScenario();
+
+new InvalidHashValidationScenario({
+	title: 'State.apply appendWhitelist requester message hash mismatch',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	expectedLogs: ['Message hash does not match the tx_hash.']
+}).performScenario();
+
+new InvalidSignatureValidationScenario({
+	title: 'State.apply appendWhitelist requester signature is invalid (foreign signature)',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	expectedLogs: ['Failed to verify message signature.']
+}).performScenario();
+
+new InvalidSignatureValidationScenario({
+	title: 'State.apply appendWhitelist requester signature is invalid (zero fill)',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	strategy: SignatureMutationStrategy.ZERO_FILL,
+	expectedLogs: ['Failed to verify message signature.']
+}).performScenario();
+
+new InvalidSignatureValidationScenario({
+	title: 'State.apply appendWhitelist requester signature is invalid (type mismatch)',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	strategy: SignatureMutationStrategy.TYPE_MISMATCH,
+	expectedLogs: ['Failed to verify message signature.']
+}).performScenario();
+
+new IndexerSequenceStateInvalidScenario({
+	title: 'State.apply appendWhitelist rejects payloads when indexer sequence state is invalid',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context, validPayload, invalidPayload) =>
+		assertAppendWhitelistFailureState(t, context, {
+			skipSync: true,
+			readerAddress: invalidPayload?.address
+		}),
+	expectedLogs: ['Indexer sequence state is invalid.']
+}).performScenario();
+
+new TransactionValidityMismatchScenario({
+	title: 'State.apply appendWhitelist rejects payload when tx validity mismatches indexer state',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: assertAppendWhitelistFailureState,
+	txValidityPath: ['aco', 'txv'],
+	rebuildPayloadWithTxValidity: ({ context, mutatedTxValidity }) =>
+		buildAppendWhitelistPayloadWithTxValidity(context, mutatedTxValidity),
+	expectedLogs: ['Transaction was not executed.']
+}).performScenario();
+
+new OperationAlreadyAppliedScenario({
+	title: 'State.apply appendWhitelist rejects duplicate operations',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistSuccessState(t, context),
+	expectedLogs: ['Operation has already been applied.']
+}).performScenario();
+
+appendWhitelistNodeAlreadyWhitelistedScenario();
+
+appendWhitelistInsufficientAdminBalanceScenario();
+
+createAdminEntryUpdateFailureScenario({
+	title: 'State.apply appendWhitelist rejects when admin entry update fails',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	beforeApply: async context => {
+		const adminNode = context.adminBootstrap;
+		const disablePayload = await buildDisableInitializationPayload(context);
+		await adminNode.base.append(disablePayload);
+		await adminNode.base.update();
+		await eventFlush();
+	},
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistFailureState(t, context, { skipSync: true })
+}).performScenario();
+
+createNodeEntryInitializationFailureScenario({
+	title: 'State.apply appendWhitelist rejects when node entry initialization fails',
+	setupScenario: setupAppendWhitelistScenario,
+	buildValidPayload: context => buildAppendWhitelistPayload(context),
+	assertStateUnchanged: (t, context) =>
+		assertAppendWhitelistFailureState(t, context, { expectedLicenseCount: 2, skipSync: true }),
+	selectNode: context => context.adminBootstrap
+}).performScenario();