trac-msb 0.2.4 → 0.2.6

package/tests/helpers/transactionPayloads.mjs

@@ -0,0 +1,78 @@
+import b4a from "b4a";
+import tracCrypto from "trac-crypto-api";
+
+import { $TNK } from "../../src/core/state/utils/balance.js";
+import { createMessage } from "../../src/utils/buffer.js";
+import { blake3Hash } from "../../src/utils/crypto.js";
+import { OperationType, NETWORK_ID } from "../../src/utils/constants.js";
+import { addressToBuffer } from "../../src/core/state/utils/address.js";
+
+/**
+ * Build a base64-encoded transfer payload and matching tx hash
+ * that are compatible with MSB's PartialTransfer validator.
+ *
+ * This helper mirrors the hashing/signing logic used by
+ * PartialOperation.validateSignature, so that tests broadcast
+ * transactions the node will accept without touching consensus code.
+ *
+ * @param {import("trac-wallet").default} wallet - Writer wallet used for signing.
+ * @param {import("../../src/core/state/State.js").default} state - MSB state instance.
+ * @param {bigint} [amountTnk=1n] - Transfer amount in TNK units.
+ * @returns {Promise<{ payload: string, txHashHex: string }>}
+ */
+export async function buildRpcSelfTransferPayload(wallet, state, amountTnk = 1n) {
+    const txvBuffer = await state.getIndexerSequenceState();
+    const txvHex = b4a.toString(txvBuffer, "hex");
+
+    const txData = await tracCrypto.transaction.preBuild(
+        wallet.address,
+        wallet.address,
+        b4a.toString($TNK(amountTnk), "hex"),
+        txvHex
+    );
+
+    const nonceHex = b4a.toString(txData.nonce, "hex");
+    const amountHex = txData.amount;
+    const toAddress = txData.to;
+
+    const txvBuf = b4a.from(txData.validity, "hex");
+    const nonceBuf = b4a.from(nonceHex, "hex");
+    const amountBuf = b4a.from(amountHex, "hex");
+    const toBuf = addressToBuffer(toAddress);
+
+    const message = createMessage(
+        NETWORK_ID,
+        txvBuf,
+        toBuf,
+        amountBuf,
+        nonceBuf,
+        OperationType.TRANSFER
+    );
+
+    const messageHash = await blake3Hash(message);
+    const signature = wallet.sign(messageHash);
+
+    const payloadObject = {
+        type: OperationType.TRANSFER,
+        address: wallet.address,
+        tro: {
+            tx: b4a.toString(messageHash, "hex"),
+            txv: txData.validity,
+            in: nonceHex,
+            to: toAddress,
+            am: amountHex,
+            is: b4a.toString(signature, "hex")
+        }
+    };
+
+    const payload = b4a.toString(
+        b4a.from(JSON.stringify(payloadObject)),
+        "base64"
+    );
+
+    return {
+        payload,
+        txHashHex: b4a.toString(messageHash, "hex")
+    };
+}
+

package/tests/unit/network/NetworkWalletFactory.test.js

@@ -0,0 +1,156 @@
+import { test } from 'brittle';
+import sinon from 'sinon';
+import b4a from 'b4a';
+
+import PeerWallet from 'trac-wallet';
+import { TRAC_NETWORK_MSB_MAINNET_PREFIX } from 'trac-wallet/constants.js';
+
+import NetworkWalletFactory, { EphemeralWallet } from '../../../src/core/network/identity/NetworkWalletFactory.js';
+import { errorMessageIncludes } from '../../helpers/regexHelper.js';
+import { testKeyPair1, testKeyPair2 } from '../../fixtures/apply.fixtures.js';
+
+test('NetworkWalletFactory.provide returns wallet when enabled', async t => {
+    const publicKey = b4a.from(testKeyPair2.publicKey, 'hex');
+    const address = PeerWallet.encodeBech32m(TRAC_NETWORK_MSB_MAINNET_PREFIX, publicKey);
+    const signResult = b4a.from('abcd', 'hex');
+    const wallet = {
+        publicKey,
+        address,
+        sign: sinon.stub().returns(signResult),
+        verify: sinon.stub().returns(true)
+    };
+
+    const provider = NetworkWalletFactory.provide({ wallet, enableWallet: true });
+    const message = b4a.from('00112233', 'hex');
+    const signature = provider.sign(message);
+
+    t.alike(provider.publicKey, publicKey);
+    t.is(provider.address, address);
+    t.alike(signature, signResult);
+    t.ok(wallet.sign.calledOnceWithExactly(message));
+
+    const verifyResult = provider.verify(signature, message);
+    t.ok(verifyResult);
+    t.ok(wallet.verify.calledOnceWithExactly(signature, message));
+
+    sinon.restore();
+});
+
+test('NetworkWalletFactory.provide requires both public and secret keys when wallet disabled', async t => {
+    const publicKey = b4a.from(testKeyPair1.publicKey, 'hex');
+    await t.exception(
+        () => NetworkWalletFactory.provide({ enableWallet: false, keyPair: { publicKey } }),
+        errorMessageIncludes('keyPair with publicKey and secretKey is required')
+    );
+});
+
+test('NetworkWalletFactory.provide rejects non-buffer inputs', async t => {
+    const secretKey = b4a.from(testKeyPair1.secretKey, 'hex');
+    await t.exception(
+        () =>
+            NetworkWalletFactory.provide({
+                enableWallet: false,
+                keyPair: { publicKey: 'not-a-buffer', secretKey }
+            }),
+        errorMessageIncludes('must be a Buffer')
+    );
+});
+
+test('NetworkWalletFactory.provide propagates invalid public key length errors', async t => {
+    const secretKey = b4a.from(testKeyPair1.secretKey, 'hex');
+    const invalidPublicKey = b4a.alloc(10);
+
+    await t.exception(
+        () =>
+            NetworkWalletFactory.provide({
+                enableWallet: false,
+                keyPair: { publicKey: invalidPublicKey, secretKey },
+                networkPrefix: TRAC_NETWORK_MSB_MAINNET_PREFIX
+            }),
+        errorMessageIncludes('Invalid public key')
+    );
+});
+
+test('NetworkWalletFactory.provide derives address and signs payloads from keyPair', async t => {
+    const keyPair = {
+        publicKey: b4a.from(testKeyPair1.publicKey, 'hex'),
+        secretKey: b4a.from(testKeyPair1.secretKey, 'hex')
+    };
+    const provider = NetworkWalletFactory.provide({
+        enableWallet: false,
+        keyPair,
+        networkPrefix: TRAC_NETWORK_MSB_MAINNET_PREFIX
+    });
+    const message = b4a.from('123455555', 'hex');
+    const signature = provider.sign(message);
+
+    t.is(
+        provider.address,
+        PeerWallet.encodeBech32m(TRAC_NETWORK_MSB_MAINNET_PREFIX, provider.publicKey)
+    );
+    t.ok(PeerWallet.verify(signature, message, provider.publicKey));
+    t.ok(provider.verify(signature, message));
+});
+
+test('NetworkWalletFactory handles falsy address derivation results', async t => {
+    const keyPair = {
+        publicKey: b4a.from(testKeyPair1.publicKey, 'hex'),
+        secretKey: b4a.from(testKeyPair1.secretKey, 'hex')
+    };
+
+    const stub = sinon.stub(PeerWallet, 'encodeBech32m').returns(null);
+    await t.exception(
+        () =>
+            NetworkWalletFactory.provide({
+                enableWallet: false,
+                keyPair,
+                networkPrefix: TRAC_NETWORK_MSB_MAINNET_PREFIX
+            }),
+        errorMessageIncludes('failed to derive address')
+    );
+    stub.restore();
+    sinon.restore();
+});
+
+test('NetworkWalletFactory propagates encoder exceptions', async t => {
+    const keyPair = {
+        publicKey: b4a.from(testKeyPair1.publicKey, 'hex'),
+        secretKey: b4a.from(testKeyPair1.secretKey, 'hex')
+    };
+
+    const stub = sinon.stub(PeerWallet, 'encodeBech32m').throws(new Error('test exception'));
+    await t.exception(
+        () =>
+            NetworkWalletFactory.provide({
+                enableWallet: false,
+                keyPair,
+                networkPrefix: TRAC_NETWORK_MSB_MAINNET_PREFIX
+            }),
+        errorMessageIncludes('test exception')
+    );
+    stub.restore();
+    sinon.restore();
+});
+
+test('EphemeralWallet exposes wallet like interface', async t => {
+    const keyPair = {
+        publicKey: b4a.from(testKeyPair1.publicKey, 'hex'),
+        secretKey: b4a.from(testKeyPair1.secretKey, 'hex')
+    };
+    const wallet = new EphemeralWallet(keyPair, TRAC_NETWORK_MSB_MAINNET_PREFIX);
+    const message = b4a.from('feedface', 'hex');
+    const signature = wallet.sign(message);
+
+    t.alike(wallet.publicKey, keyPair.publicKey);
+    t.is(wallet.address, PeerWallet.encodeBech32m(TRAC_NETWORK_MSB_MAINNET_PREFIX, keyPair.publicKey));
+    t.ok(PeerWallet.verify(signature, message, wallet.publicKey));
+    t.ok(wallet.verify(signature, message));
+});
+
+test('EphemeralWallet requires both public and secret keys', async t => {
+    const publicKey = b4a.from(testKeyPair1.publicKey, 'hex');
+    await t.exception(
+        () => new EphemeralWallet({ publicKey }, TRAC_NETWORK_MSB_MAINNET_PREFIX),
+        errorMessageIncludes('keyPair with publicKey and secretKey is required')
+    );
+});

package/tests/unit/state/apply/addAdmin/addAdminHappyPathScenario.js

@@ -0,0 +1,38 @@
+import { test } from 'brittle';
+import {
+	eventFlush,
+	deriveIndexerSequenceState
+} from '../../../../helpers/autobaseTestHelpers.js';
+import nodeEntryUtils from '../../../../../src/core/state/utils/nodeEntry.js';
+import { toTerm } from '../../../../../src/core/state/utils/balance.js';
+import CompleteStateMessageOperations from '../../../../../src/messages/completeStateMessages/CompleteStateMessageOperations.js';
+
+import { setupAddAdminScenario, assertAdminState } from './addAdminScenarioHelpers.js';
+
+export default function addAdminHappyPathScenario() {
+	test('State.apply addAdmin bootstraps admin node - happy path', async t => {
+		const networkContext = await setupAddAdminScenario(t);
+		const adminNode = networkContext.adminBootstrap;
+		const readerNodes = networkContext.peers.slice(1);
+		const reader = readerNodes[0];
+
+		const txValidity = await deriveIndexerSequenceState(adminNode.base);
+		const addAdminPayload = await CompleteStateMessageOperations.assembleAddAdminMessage(
+			adminNode.wallet,
+			adminNode.base.local.key,
+			txValidity
+		);
+
+		await adminNode.base.append(addAdminPayload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		await assertAdminState(t, adminNode.base, adminNode.wallet, adminNode.base.local.key, addAdminPayload);
+
+		await networkContext.sync();
+		await assertAdminState(t, reader.base, adminNode.wallet, adminNode.base.local.key, addAdminPayload);
+
+		const readerNodeEntry = await reader.base.view.get(reader.wallet.address);
+		t.is(readerNodeEntry, null, 'reader node remains without any role');
+	});
+}

package/tests/unit/state/apply/addAdmin/addAdminScenarioHelpers.js

@@ -0,0 +1,273 @@
+import b4a from 'b4a';
+import { setupStateNetwork } from '../../../../helpers/StateNetworkFactory.js';
+import {
+	seedBootstrapIndexer,
+	defaultOpenHyperbeeView,
+	deriveIndexerSequenceState,
+	eventFlush
+} from '../../../../helpers/autobaseTestHelpers.js';
+import CompleteStateMessageOperations from '../../../../../src/messages/completeStateMessages/CompleteStateMessageOperations.js';
+import {
+	safeDecodeApplyOperation,
+	safeEncodeApplyOperation
+} from '../../../../../src/utils/protobuf/operationHelpers.js';
+import {
+	AUTOBASE_VALUE_ENCODING,
+	EntryType,
+	ADMIN_INITIAL_BALANCE,
+	ADMIN_INITIAL_STAKED_BALANCE
+} from '../../../../../src/utils/constants.js';
+import { createSignature } from '../../../../helpers/createTestSignature.js';
+import adminEntryUtils from '../../../../../src/core/state/utils/adminEntry.js';
+import nodeEntryUtils from '../../../../../src/core/state/utils/nodeEntry.js';
+import lengthEntryUtils from '../../../../../src/core/state/utils/lengthEntry.js';
+import addressUtils from '../../../../../src/core/state/utils/address.js';
+import { safeWriteUInt32BE } from '../../../../../src/utils/buffer.js';
+
+export async function setupAddAdminScenario(t) {
+	const context = await setupStateNetwork({
+		nodes: 2,
+		valueEncoding: AUTOBASE_VALUE_ENCODING,
+		open: defaultOpenHyperbeeView
+	});
+
+	seedBootstrapIndexer(context);
+
+	t.teardown(async () => {
+		await context.teardown();
+	});
+	return context;
+}
+
+export async function buildAddAdminRequesterPayload(context) {
+	const adminNode = context.adminBootstrap;
+	const txValidity = await deriveIndexerSequenceState(adminNode.base);
+	return CompleteStateMessageOperations.assembleAddAdminMessage(
+		adminNode.wallet,
+		adminNode.base.local.key,
+		txValidity
+	);
+}
+
+export async function assertAddAdminRequesterFailureState(t, context) {
+	const adminNode = context.adminBootstrap;
+	const readerNodes = context.peers.slice(1);
+
+	const adminEntryRecord = await adminNode.base.view.get(EntryType.ADMIN);
+	t.is(adminEntryRecord, null, 'admin entry remains absent');
+
+	const initializationEntry = await adminNode.base.view.get(EntryType.INITIALIZATION);
+	t.is(initializationEntry, null, 'initialization flag not set');
+
+	const writerRegistry = await adminNode.base.view.get(
+		EntryType.WRITER_ADDRESS + adminNode.base.local.key.toString('hex')
+	);
+	t.is(writerRegistry, null, 'writer registry not created');
+
+	await context.sync();
+	for (const reader of readerNodes) {
+		const readerAdminEntry = await reader.base.view.get(EntryType.ADMIN);
+		t.is(readerAdminEntry, null, 'reader node never observes admin entry');
+	}
+}
+
+export async function assertAddAdminRequesterFailureStateLocal(t, context) {
+	const adminNode = context.adminBootstrap;
+
+	const adminEntryRecord = await adminNode.base.view.get(EntryType.ADMIN);
+	t.is(adminEntryRecord, null, 'admin entry remains absent');
+
+	const initializationEntry = await adminNode.base.view.get(EntryType.INITIALIZATION);
+	t.is(initializationEntry, null, 'initialization flag not set');
+
+	const writerRegistry = await adminNode.base.view.get(
+		EntryType.WRITER_ADDRESS + adminNode.base.local.key.toString('hex')
+	);
+	t.is(writerRegistry, null, 'writer registry not created');
+
+	for (const reader of context.peers.slice(1)) {
+		const readerAdminEntry = await reader.base.view.get(EntryType.ADMIN);
+		t.is(readerAdminEntry, null, 'reader node never observes admin entry');
+	}
+}
+
+export function mutateAddAdminPayloadForInvalidSchema(t, validPayload) {
+	const decodedPayload = safeDecodeApplyOperation(validPayload);
+	t.ok(decodedPayload, 'fixtures decode');
+
+	decodedPayload.cao.tx = b4a.alloc(decodedPayload.cao.tx.length);
+	return safeEncodeApplyOperation(decodedPayload);
+}
+
+export async function assertAdminState(t, base, wallet, writingKey, payload) {
+	const adminEntryRecord = await base.view.get(EntryType.ADMIN);
+	t.ok(adminEntryRecord, 'admin entry should exist');
+
+	const decodedAdminEntry = adminEntryUtils.decode(adminEntryRecord.value);
+	t.ok(decodedAdminEntry, 'admin entry decodes');
+	t.is(decodedAdminEntry.address, wallet.address, 'admin entry stores wallet address');
+	t.ok(b4a.equals(decodedAdminEntry.wk, writingKey), 'admin entry stores writing key');
+
+	const nodeEntryRecord = await base.view.get(wallet.address);
+	t.ok(nodeEntryRecord, 'node entry should exist for admin address');
+
+	const nodeEntry = nodeEntryUtils.decode(nodeEntryRecord.value);
+	t.ok(nodeEntry, 'node entry decodes');
+	t.is(nodeEntry.isWriter, true, 'node entry flagged as writer');
+	t.is(nodeEntry.isIndexer, true, 'node entry flagged as indexer');
+	t.ok(b4a.equals(nodeEntry?.wk, writingKey), 'node entry writing key matches');
+	t.ok(b4a.equals(nodeEntry?.balance, ADMIN_INITIAL_BALANCE), 'admin initial balance is set');
+	t.ok(
+		b4a.equals(nodeEntry?.stakedBalance, ADMIN_INITIAL_STAKED_BALANCE),
+		'admin initial staked balance is set'
+	);
+	t.ok(
+		b4a.equals(nodeEntry?.license, lengthEntryUtils.encodeBE(1)),
+		'admin license id assigned'
+	);
+
+	const adminAddressBuffer = addressUtils.addressToBuffer(wallet.address);
+	t.ok(adminAddressBuffer.length > 0, 'admin address encoded as buffer');
+	const writerRegistry = await base.view.get(EntryType.WRITER_ADDRESS + writingKey.toString('hex'));
+	t.ok(writerRegistry, 'writer registry entry exists');
+	t.ok(
+		b4a.equals(writerRegistry.value, adminAddressBuffer),
+		'writer registry links writing key to admin'
+	);
+
+	const writersLengthEntry = await base.view.get(EntryType.WRITERS_LENGTH);
+	t.ok(writersLengthEntry, 'writers length entry exists');
+	const writersLength = lengthEntryUtils.decodeBE(writersLengthEntry.value);
+	t.is(writersLength, 1, 'writers length increments to 1');
+
+	const writerIndexEntry = await base.view.get(`${EntryType.WRITERS_INDEX}0`);
+	t.ok(writerIndexEntry, 'writer index entry exists');
+	t.is(
+		writerIndexEntry.value.toString('ascii'),
+		adminAddressBuffer.toString('ascii'),
+		'writer index 0 stores admin address'
+	);
+
+	const licenseCountEntry = await base.view.get(EntryType.LICENSE_COUNT);
+	t.ok(licenseCountEntry, 'license count entry exists');
+	const licenseCount = lengthEntryUtils.decodeBE(licenseCountEntry.value);
+	t.is(licenseCount, 1, 'license count increments to 1');
+
+	const licenseIndexEntry = await base.view.get(`${EntryType.LICENSE_INDEX}1`);
+	t.ok(licenseIndexEntry, 'license index entry exists');
+	t.is(
+		licenseIndexEntry.value.toString('ascii'),
+		adminAddressBuffer.toString('ascii'),
+		'license index 1 stores admin address'
+	);
+
+	const initializationEntry = await base.view.get(EntryType.INITIALIZATION);
+	t.ok(initializationEntry, 'initialization entry exists');
+	t.ok(
+		b4a.equals(initializationEntry.value, safeWriteUInt32BE(1, 0)),
+		'initialization flag set to 1'
+	);
+
+	const decodedOperation = safeDecodeApplyOperation(payload);
+	t.ok(decodedOperation?.cao?.tx, 'operation decodes');
+	const txKey = decodedOperation.cao.tx.toString('hex');
+	const txEntry = await base.view.get(txKey);
+	t.ok(txEntry, 'operation hash stored to prevent replays');
+}
+
+export async function assertAdminStatePersists(t, context, payload) {
+	const adminNode = context.adminBootstrap;
+	const reader = context.peers[1];
+
+	await assertAdminState(t, adminNode.base, adminNode.wallet, adminNode.base.local.key, payload);
+
+	await eventFlush();
+	await context.sync();
+
+	await assertAdminState(t, reader.base, adminNode.wallet, adminNode.base.local.key, payload);
+}
+
+export function bypassAddAdminReplayGuardsOnce(context) {
+	const adminNode = context.adminBootstrap;
+	if (!adminNode?.base) {
+		throw new Error('AddAdmin replay guard bypass requires an admin bootstrap node.');
+	}
+
+	const writerRegistryKey = EntryType.WRITER_ADDRESS + adminNode.base.local.key.toString('hex');
+	const keysToBypass = new Set([writerRegistryKey, EntryType.ADMIN]);
+
+	return patchViewGetOnce(adminNode.base, keysToBypass);
+}
+
+export function bypassBalanceInitializationAdminConsistencyOnce(context) {
+	const adminNode = context.adminBootstrap;
+	if (!adminNode?.base) {
+		throw new Error('Admin consistency bypass requires an admin bootstrap node.');
+	}
+
+	const keysToBypass = new Set([EntryType.ADMIN]);
+
+	return patchViewGetOnce(adminNode.base, keysToBypass, {
+		mutateAdminEntry: async entryPromise => {
+			const entry = await entryPromise;
+			if (!entry?.value) return entry;
+			const mutated = b4a.from(entry.value);
+			mutated[mutated.length - 1] ^= 0xff;
+			return { ...entry, value: mutated };
+		}
+	});
+}
+
+function patchViewGetOnce(base, keysToBypass, { mutateAdminEntry } = {}) {
+	const originalApply = base._handlers.apply;
+	let shouldPatchNextApply = true;
+
+	base._handlers.apply = async (nodes, view, baseCtx) => {
+		if (!shouldPatchNextApply) {
+			return originalApply(nodes, view, baseCtx);
+		}
+
+		shouldPatchNextApply = false;
+		const previousBatch = view.batch;
+		const boundBatch = previousBatch.bind(view);
+
+		view.batch = function patchedBatch(...args) {
+			const batch = boundBatch(...args);
+			const originalGet = batch.get?.bind(batch);
+			if (typeof originalGet === 'function') {
+				batch.get = async key => {
+					const identifier = resolveKeyIdentifier(key);
+				if (keysToBypass.has(identifier)) {
+					if (identifier === EntryType.ADMIN && typeof mutateAdminEntry === 'function') {
+						return mutateAdminEntry(originalGet(key));
+					}
+					return null;
+				}
+					return originalGet(key);
+				};
+			}
+			return batch;
+		};
+
+		try {
+			return await originalApply(nodes, view, baseCtx);
+		} finally {
+			view.batch = previousBatch;
+			base._handlers.apply = originalApply;
+		}
+	};
+
+	return () => {
+		base._handlers.apply = originalApply;
+	};
+}
+
+function resolveKeyIdentifier(key) {
+	if (typeof key === 'string') {
+		return key;
+	}
+	if (b4a.isBuffer(key)) {
+		return key.toString('utf8');
+	}
+	return `${key}`;
+}

package/tests/unit/state/apply/addAdmin/adminEntryEncodingFailureScenario.js

@@ -0,0 +1,30 @@
+import { test } from 'brittle';
+import b4a from 'b4a';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import {
+	setupAddAdminScenario,
+	buildAddAdminRequesterPayload,
+	assertAddAdminRequesterFailureStateLocal
+} from './addAdminScenarioHelpers.js';
+import adminEntryUtils from '../../../../../src/core/state/utils/adminEntry.js';
+
+export default function addAdminEntryEncodingFailureScenario() {
+	test('State.apply addAdmin aborts when admin entry encoding fails', async t => {
+		const context = await setupAddAdminScenario(t);
+		const adminNode = context.adminBootstrap;
+		const payload = await buildAddAdminRequesterPayload(context);
+
+		const originalEncode = adminEntryUtils.encode;
+		adminEntryUtils.encode = () => b4a.alloc(0);
+
+		t.teardown(() => {
+			adminEntryUtils.encode = originalEncode;
+		});
+
+		await adminNode.base.append(payload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		await assertAddAdminRequesterFailureStateLocal(t, context);
+	});
+}

package/tests/unit/state/apply/addAdmin/adminEntryExistsScenario.js

@@ -0,0 +1,78 @@
+import { test } from 'brittle';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import { EntryType } from '../../../../../src/utils/constants.js';
+
+import {
+	setupAddAdminScenario,
+	buildAddAdminRequesterPayload,
+	assertAdminStatePersists
+} from './addAdminScenarioHelpers.js';
+
+/**
+ * This test simulates the bootstrap resubmitting a valid ADD_ADMIN operation after the admin
+ * was already created.
+ *
+ * In the real handler the `adminEntryExists` guard blocks that attempt, but earlier validation
+ * (`writer key already exists`) fires first. To reach the admin-entry branch we temporarily patch
+ * the Hyperbee view used by State.apply and return `null` only for the `EntryType.WRITER_ADDRESS + iw`
+ * lookup. That allows the writer-key check to pass and execution continues until the admin-entry check.
+ *
+ * After the duplicate operation is rejected, `assertAdminStatePersists` confirms that the admin entry
+ * and all related registries remain unchanged on both the bootstrap and the reader node.
+ */
+export default function addAdminEntryExistsScenario() {
+	test('State.apply addAdmin rejects attempts when admin already exists', async t => {
+		const networkContext = await setupAddAdminScenario(t);
+		const adminNode = networkContext.adminBootstrap;
+
+		const initialPayload = await buildAddAdminRequesterPayload(networkContext);
+		await adminNode.base.append(initialPayload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		const writerRegistryKey = EntryType.WRITER_ADDRESS + adminNode.base.local.key.toString('hex');
+		const originalApplyHandler = adminNode.base._handlers.apply;
+		let shouldPatchNextApply = true;
+
+		adminNode.base._handlers.apply = async (nodes, view, baseCtx) => {
+			if (!shouldPatchNextApply) {
+				return originalApplyHandler(nodes, view, baseCtx);
+			}
+
+			shouldPatchNextApply = false;
+			const previousBatch = view.batch;
+			const boundBatch = previousBatch.bind(view);
+
+			view.batch = function patchedBatch(...args) {
+				const batch = boundBatch(...args);
+				const originalGet = batch.get?.bind(batch);
+				if (typeof originalGet === 'function') {
+					batch.get = async key => {
+						if (key === writerRegistryKey) {
+							return null;
+						}
+						return originalGet(key);
+					};
+				}
+				return batch;
+			};
+
+			try {
+				return await originalApplyHandler(nodes, view, baseCtx);
+			} finally {
+				view.batch = previousBatch;
+			}
+		};
+
+		t.teardown(() => {
+			adminNode.base._handlers.apply = originalApplyHandler;
+		});
+
+		const duplicatePayload = await buildAddAdminRequesterPayload(networkContext);
+		await adminNode.base.append(duplicatePayload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		await assertAdminStatePersists(t, networkContext, initialPayload);
+	});
+}

package/tests/unit/state/apply/addAdmin/nodeEntryInitializationFailureScenario.js

@@ -0,0 +1,30 @@
+import { test } from 'brittle';
+import b4a from 'b4a';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import {
+	setupAddAdminScenario,
+	buildAddAdminRequesterPayload,
+	assertAddAdminRequesterFailureStateLocal
+} from './addAdminScenarioHelpers.js';
+import nodeEntryUtils from '../../../../../src/core/state/utils/nodeEntry.js';
+
+export default function addAdminNodeEntryInitializationFailureScenario() {
+	test('State.apply addAdmin aborts when node entry initialization fails', async t => {
+		const context = await setupAddAdminScenario(t);
+		const adminNode = context.adminBootstrap;
+		const payload = await buildAddAdminRequesterPayload(context);
+
+		const originalInit = nodeEntryUtils.init;
+		nodeEntryUtils.init = () => b4a.alloc(0);
+
+		t.teardown(() => {
+			nodeEntryUtils.init = originalInit;
+		});
+
+		await adminNode.base.append(payload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		await assertAddAdminRequesterFailureStateLocal(t, context);
+	});
+}