trac-msb 0.2.4 → 0.2.6

package/tests/unit/state/apply/addAdmin/nonBootstrapNodeScenario.js

@@ -0,0 +1,68 @@
+import { test } from 'brittle';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+
+import {
+	setupAddAdminScenario,
+	buildAddAdminRequesterPayload,
+	assertAddAdminRequesterFailureStateLocal
+} from './addAdminScenarioHelpers.js';
+
+/**
+ * Verifies that ADD_ADMIN rejects payloads appended by any node other than the bootstrap writer.
+ *
+ * Only the bootstrap node has permission to run this operation. During the test we let the bootstrap
+ * append a valid payload, but intercept the ensuing `State.apply` call and mutate `node.from.key`
+ * so that the handler thinks the operation was produced by a reader node. That should trigger the
+ * "Node is not a bootstrap node." guard, and the state must remain untouched.
+ */
+export default function addAdminNonBootstrapNodeScenario() {
+	test('State.apply addAdmin rejects non-bootstrap requesters', async t => {
+		const networkContext = await setupAddAdminScenario(t);
+		const adminNode = networkContext.adminBootstrap;
+		const readerNode = networkContext.peers[1];
+
+		const originalApply = adminNode.base._handlers.apply;
+		let shouldMutateNextCall = true;
+
+		adminNode.base._handlers.apply = async (nodes, view, baseCtx) => {
+			if (!shouldMutateNextCall) {
+				return originalApply(nodes, view, baseCtx);
+			}
+
+			shouldMutateNextCall = false;
+			adminNode.base._handlers.apply = originalApply;
+
+			const readerKey = readerNode.base.local.key;
+			const mutatedNodes = nodes.map(node => {
+				if (!node?.from) return node;
+				return {
+					...node,
+				from: new Proxy(node.from, {
+						// We only need to fake node.from.key. A Proxy lets us override just that property
+						// while Reflect delegates every other access to the original object, so the node
+						// shape Autobase expects stays untouched.
+						get(target, prop, receiver) {
+							if (prop === 'key') {
+								return readerKey;
+							}
+							return Reflect.get(target, prop, receiver);
+						}
+					})
+				};
+			});
+
+			return originalApply(mutatedNodes, view, baseCtx);
+		};
+
+		t.teardown(() => {
+			adminNode.base._handlers.apply = originalApply;
+		});
+
+		const payload = await buildAddAdminRequesterPayload(networkContext);
+		await adminNode.base.append(payload);
+		await adminNode.base.update();
+		await eventFlush();
+
+		await assertAddAdminRequesterFailureStateLocal(t, networkContext);
+	});
+}

package/tests/unit/state/apply/addAdmin/state.apply.addAdmin.test.js

@@ -0,0 +1,155 @@
+import {
+	setupAddAdminScenario,
+	buildAddAdminRequesterPayload,
+	assertAddAdminRequesterFailureState,
+	assertAddAdminRequesterFailureStateLocal,
+	mutateAddAdminPayloadForInvalidSchema,
+	assertAdminStatePersists,
+	bypassAddAdminReplayGuardsOnce
+} from './addAdminScenarioHelpers.js';
+import addAdminHappyPathScenario from './addAdminHappyPathScenario.js';
+import RequesterAddressValidationScenario from '../common/requesterAddressValidationScenario.js';
+import createRequesterPublicKeyValidationScenario from '../common/requesterPublicKeyValidationScenario.js';
+import InvalidHashValidationScenario from '../common/payload-structure/invalidHashValidationScenario.js';
+import InvalidSignatureValidationScenario, { SignatureMutationStrategy } from '../common/payload-structure/invalidSignatureValidationScenario.js';
+import InvalidMessageComponentValidationScenario, { MessageComponentStrategy } from '../common/invalidMessageComponentValidationScenario.js';
+import InvalidPayloadValidationScenario from '../common/payload-structure/invalidPayloadValidationScenario.js';
+import WriterKeyExistsValidationScenario from '../common/writerKeyExistsValidationScenario.js';
+import OperationAlreadyAppliedScenario from '../common/operationAlreadyAppliedScenario.js';
+import TransactionValidityMismatchScenario from '../common/transactionValidityMismatchScenario.js';
+import IndexerSequenceStateInvalidScenario from '../common/indexer/indexerSequenceStateInvalidScenario.js';
+import CompleteStateMessageOperations from '../../../../../src/messages/completeStateMessages/CompleteStateMessageOperations.js';
+import addAdminEntryExistsScenario from './adminEntryExistsScenario.js';
+import addAdminNonBootstrapNodeScenario from './nonBootstrapNodeScenario.js';
+import addAdminNodeEntryInitializationFailureScenario from './nodeEntryInitializationFailureScenario.js';
+import addAdminEntryEncodingFailureScenario from './adminEntryEncodingFailureScenario.js';
+
+// happy path
+addAdminHappyPathScenario();
+
+addAdminEntryExistsScenario();
+
+addAdminNodeEntryInitializationFailureScenario();
+addAdminEntryEncodingFailureScenario();
+
+// common invalid scenarios
+new InvalidPayloadValidationScenario({
+	title: 'State.apply addAdmin rejects payloads that fail schema validation',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	mutatePayload: mutateAddAdminPayloadForInvalidSchema,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	expectedLogs: ['Contract schema validation failed.']
+}).performScenario();
+
+new RequesterAddressValidationScenario({
+	title: 'State.apply addAdmin requester address is invalid',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	expectedLogs: ['Requester address is invalid.']
+}).performScenario();
+
+createRequesterPublicKeyValidationScenario({
+	title: 'State.apply addAdmin requester public key is invalid',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	expectedLogs: ['Error while decoding requester public key.']
+}).performScenario();
+
+addAdminNonBootstrapNodeScenario();
+
+new InvalidHashValidationScenario({
+	title: 'State.apply addAdmin requester message hash mismatch',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	expectedLogs: ['Message hash does not match the tx_hash.']
+}).performScenario();
+
+
+new InvalidMessageComponentValidationScenario({
+	title: 'State.apply addAdmin transaction validity mismatch',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	strategy: MessageComponentStrategy.TX_VALIDITY,
+	expectedLogs: ['Message hash does not match the tx_hash.']
+}).performScenario();
+
+new InvalidMessageComponentValidationScenario({
+	title: 'State.apply addAdmin requester nonce mismatch',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	strategy: MessageComponentStrategy.NONCE,
+	expectedLogs: ['Message hash does not match the tx_hash.']
+}).performScenario();
+
+new InvalidSignatureValidationScenario({
+	title: 'State.apply addAdmin requester signature is invalid (foreign signature)',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	expectedLogs: ['Failed to verify message signature.']
+}).performScenario();
+
+new InvalidSignatureValidationScenario({
+	title: 'State.apply addAdmin requester signature is invalid (zero fill)',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	strategy: SignatureMutationStrategy.ZERO_FILL,
+	expectedLogs: ['Failed to verify message signature.']
+}).performScenario();
+
+new InvalidSignatureValidationScenario({
+	title: 'State.apply addAdmin requester signature is invalid (type mismatch)',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	strategy: SignatureMutationStrategy.TYPE_MISMATCH,
+	expectedLogs: ['Failed to verify message signature.']
+}).performScenario();
+
+new IndexerSequenceStateInvalidScenario({
+	title: 'State.apply addAdmin rejects payload when indexer sequence state is invalid',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: (t, context) => assertAddAdminRequesterFailureStateLocal(t, context),
+	expectedLogs: ['Indexer sequence state is invalid.']
+}).performScenario();
+
+new TransactionValidityMismatchScenario({
+	title: 'State.apply addAdmin rejects payload when cao.txv does not match indexer state',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAddAdminRequesterFailureState,
+	rebuildPayloadWithTxValidity: ({ context, mutatedTxValidity }) => {
+		const adminNode = context.adminBootstrap;
+		return CompleteStateMessageOperations.assembleAddAdminMessage(
+			adminNode.wallet,
+			adminNode.base.local.key,
+			mutatedTxValidity
+		);
+},
+	expectedLogs: ['Transaction was not executed.']
+}).performScenario();
+
+new WriterKeyExistsValidationScenario({
+	title: 'State.apply addAdmin writer key already exists',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAdminStatePersists,
+	expectedLogs: ['Writer key already exists.']
+}).performScenario();
+
+new OperationAlreadyAppliedScenario({
+	title: 'State.apply addAdmin rejects duplicate operations',
+	setupScenario: setupAddAdminScenario,
+	buildValidPayload: buildAddAdminRequesterPayload,
+	assertStateUnchanged: assertAdminStatePersists,
+	beforeInvalidApply: ({ context }) => bypassAddAdminReplayGuardsOnce(context),
+	expectedLogs: ['Operation has already been applied.']
+}).performScenario();

package/tests/unit/state/apply/addIndexer/addIndexerHappyPathScenario.js

@@ -0,0 +1,39 @@
+import b4a from 'b4a';
+import { test } from 'brittle';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import {
+	setupAddIndexerScenario,
+	selectIndexerCandidatePeer,
+	buildAddIndexerPayload,
+	assertAddIndexerSuccessState
+} from './addIndexerScenarioHelpers.js';
+
+export default function addIndexerHappyPathScenario() {
+	test('State.apply addIndexer promotes active writer to indexer (happy path)', async t => {
+		const context = await setupAddIndexerScenario(t);
+		const adminPeer = context.adminBootstrap;
+		const writerPeer = selectIndexerCandidatePeer(context);
+
+		const writerEntryBefore = await adminPeer.base.view.get(writerPeer.wallet.address);
+		t.ok(writerEntryBefore, 'writer entry exists before addIndexer');
+		const adminEntryBefore = await adminPeer.base.view.get(adminPeer.wallet.address);
+		t.ok(adminEntryBefore, 'admin entry exists before addIndexer');
+
+		const payload = await buildAddIndexerPayload(context, {
+			writerPeer,
+			adminPeer
+		});
+
+		await adminPeer.base.append(payload);
+		await adminPeer.base.update();
+		await eventFlush();
+
+		await assertAddIndexerSuccessState(t, context, {
+			writerPeer,
+			adminPeer,
+			writerEntryBefore: { value: b4a.from(writerEntryBefore.value) },
+			adminEntryBefore: { value: b4a.from(adminEntryBefore.value) },
+			payload
+		});
+	});
+}

package/tests/unit/state/apply/addIndexer/addIndexerMultipleIndexersInTheNetworkScenario.js

@@ -0,0 +1,167 @@
+import b4a from 'b4a';
+import { test } from 'brittle';
+import nodeEntryUtils from '../../../../../src/core/state/utils/nodeEntry.js';
+import {
+	setupAddIndexerScenario,
+	selectIndexerCandidatePeer,
+	buildAddIndexerPayload,
+	assertAddIndexerSuccessState
+} from './addIndexerScenarioHelpers.js';
+import { promotePeerToWriter } from '../addWriter/addWriterScenarioHelpers.js';
+import { initializeBalances, whitelistAddress } from '../common/commonScenarioHelper.js';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import lengthEntryUtils from '../../../../../src/core/state/utils/lengthEntry.js';
+import { EntryType } from '../../../../../src/utils/constants.js';
+
+export default function addIndexerMultipleIndexersInTheNetworkScenario() {
+	test('State.apply addIndexer adds multiple indexers sequentially', async t => {
+		const context = await setupAddIndexerScenario(t, { nodes: 4 });
+		const adminPeer = context.adminBootstrap;
+		const initialIndexerCount = getIndexerCount(adminPeer.base);
+		t.comment(`Network peers: ${context.peers.length}`);
+
+		const candidates = [
+			selectIndexerCandidatePeer(context, 0),
+			selectIndexerCandidatePeer(context, 1),
+			selectIndexerCandidatePeer(context, 2)
+		];
+		t.comment(
+			`Indexer candidates: ${candidates.map(peer => peer.wallet.address).join(', ')}`
+		);
+
+		for (const peer of candidates.slice(1)) {
+			await prepareWriterCandidate(t, context, peer);
+		}
+
+		const trackedIndexers = [];
+		for (const candidate of candidates) {
+			t.comment(`Promoting writer ${candidate.wallet.address} to indexer...`);
+			await promoteWriterToIndexer(t, context, candidate, trackedIndexers);
+		}
+
+		await context.sync();
+		await assertNetworkSeesIndexers(
+			t,
+			context,
+			trackedIndexers,
+			initialIndexerCount + trackedIndexers.length
+		);
+	});
+}
+
+async function prepareWriterCandidate(t, context, peer) {
+	const funding = context.addWriterScenario?.writerInitialBalance;
+	if (!funding) {
+		throw new Error('addIndexer scenarios require writerInitialBalance buffer.');
+	}
+	const expectedWriterIndex = await deriveNextWriterIndex(context.adminBootstrap.base);
+	await initializeBalances(context, [[peer.wallet.address, funding]]);
+	await whitelistAddress(context, peer.wallet.address);
+	await promotePeerToWriter(t, context, { readerPeer: peer, expectedWriterIndex });
+}
+
+async function promoteWriterToIndexer(t, context, writerPeer, trackedIndexers) {
+	const adminPeer = context.adminBootstrap;
+	const writerAddress = writerPeer.wallet.address;
+
+	const writerEntryBefore = await adminPeer.base.view.get(writerAddress);
+	t.ok(writerEntryBefore, 'writer entry exists before addIndexer');
+	const adminEntryBefore = await adminPeer.base.view.get(adminPeer.wallet.address);
+	t.ok(adminEntryBefore, 'admin entry exists before addIndexer');
+
+	const payload = await buildAddIndexerPayload(context, {
+		writerPeer,
+		adminPeer
+	});
+	t.comment(`Built addIndexer payload for ${writerAddress}`);
+
+	await adminPeer.base.append(payload);
+	await adminPeer.base.update();
+	await eventFlush();
+	t.comment(`Applied addIndexer payload for ${writerAddress}`);
+
+	await assertAddIndexerSuccessState(t, context, {
+		writerPeer,
+		adminPeer,
+		writerEntryBefore: { value: b4a.from(writerEntryBefore.value) },
+		adminEntryBefore: { value: b4a.from(adminEntryBefore.value) },
+		payload,
+		skipSync: true
+	});
+
+	const decodedBefore = nodeEntryUtils.decode(writerEntryBefore.value);
+	if (!decodedBefore) {
+		throw new Error('Failed to decode writer entry before addIndexer.');
+	}
+	trackedIndexers.push({
+		address: writerAddress,
+		writingKey: b4a.from(writerPeer.base.local.key),
+		balance: b4a.from(decodedBefore.balance),
+		stakedBalance: b4a.from(decodedBefore.stakedBalance),
+		license: b4a.from(decodedBefore.license)
+	});
+
+	t.comment(`Completed promotion for ${writerAddress}`);
+}
+
+async function assertNetworkSeesIndexers(t, context, trackedIndexers, expectedIndexerCount) {
+	for (const node of context.peers) {
+		await assertPeerObservesIndexers(t, node, trackedIndexers, expectedIndexerCount);
+	}
+}
+
+async function assertPeerObservesIndexers(t, node, trackedIndexers, expectedIndexerCount) {
+	const base = node.base;
+	const membership = Object.values(base.system.indexers ?? {});
+	t.is(
+		membership.length,
+		expectedIndexerCount,
+		`${node.name} observes expected indexer count`
+	);
+
+	for (const indexer of trackedIndexers) {
+		const entry = await base.view.get(indexer.address);
+		t.ok(entry, `${node.name} sees indexer entry for ${indexer.address}`);
+		const decoded = nodeEntryUtils.decode(entry.value);
+		t.ok(decoded, `${node.name} decodes indexer entry for ${indexer.address}`);
+		if (!decoded) continue;
+
+		t.is(decoded.isWhitelisted, true, `${node.name} keeps ${indexer.address} whitelisted`);
+		t.is(decoded.isWriter, true, `${node.name} keeps ${indexer.address} as writer`);
+		t.is(decoded.isIndexer, true, `${node.name} marks ${indexer.address} as indexer`);
+		t.ok(
+			b4a.equals(decoded.wk, indexer.writingKey),
+			`${node.name} sees unchanged writing key for ${indexer.address}`
+		);
+		t.ok(
+			b4a.equals(decoded.balance, indexer.balance),
+			`${node.name} sees unchanged balance for ${indexer.address}`
+		);
+		t.ok(
+			b4a.equals(decoded.stakedBalance, indexer.stakedBalance),
+			`${node.name} sees unchanged staked balance for ${indexer.address}`
+		);
+		t.ok(
+			b4a.equals(decoded.license, indexer.license),
+			`${node.name} sees unchanged license for ${indexer.address}`
+		);
+
+		const hasWritingKey = membership.some(entry => entry?.key && b4a.equals(entry.key, indexer.writingKey));
+		t.ok(
+			hasWritingKey,
+			`${node.name} records ${indexer.address} in validator set`
+		);
+	}
+}
+
+function getIndexerCount(base) {
+	return Object.values(base.system.indexers ?? {}).length;
+}
+
+async function deriveNextWriterIndex(base) {
+	const entry = await base.view.get(EntryType.WRITERS_LENGTH);
+	if (!entry?.value) {
+		return 0;
+	}
+	return lengthEntryUtils.decodeBE(entry.value);
+}

package/tests/unit/state/apply/addIndexer/addIndexerPretenderAlreadyIndexerScenario.js

@@ -0,0 +1,21 @@
+import OperationValidationScenarioBase from '../common/base/OperationValidationScenarioBase.js';
+import nodeRoleUtils from '../../../../../src/core/state/utils/roles.js';
+import {
+	setupAddIndexerScenario,
+	buildAddIndexerPayload,
+	assertAddIndexerFailureState,
+	applyWithPretenderRoleMutation
+} from './addIndexerScenarioHelpers.js';
+
+export default function addIndexerPretenderAlreadyIndexerScenario() {
+	new OperationValidationScenarioBase({
+		title: 'State.apply addIndexer rejects payloads when target is already an indexer',
+		setupScenario: setupAddIndexerScenario,
+		buildValidPayload: context => buildAddIndexerPayload(context),
+		mutatePayload: (_t, payload) => payload,
+		applyInvalidPayload: (context, invalidPayload) =>
+			applyWithPretenderRoleMutation(context, invalidPayload, nodeRoleUtils.NodeRole.INDEXER),
+		assertStateUnchanged: (t, context) => assertAddIndexerFailureState(t, context, { skipSync: true }),
+		expectedLogs: ['Node must be a writer, and cannot already be an indexer.']
+	}).performScenario();
+}

package/tests/unit/state/apply/addIndexer/addIndexerPretenderNotWriterScenario.js

@@ -0,0 +1,21 @@
+import OperationValidationScenarioBase from '../common/base/OperationValidationScenarioBase.js';
+import nodeRoleUtils from '../../../../../src/core/state/utils/roles.js';
+import {
+	setupAddIndexerScenario,
+	buildAddIndexerPayload,
+	assertAddIndexerFailureState,
+	applyWithPretenderRoleMutation
+} from './addIndexerScenarioHelpers.js';
+
+export default function addIndexerPretenderNotWriterScenario() {
+	new OperationValidationScenarioBase({
+		title: 'State.apply addIndexer rejects payloads when target is not a writer',
+		setupScenario: setupAddIndexerScenario,
+		buildValidPayload: context => buildAddIndexerPayload(context),
+		mutatePayload: (_t, payload) => payload,
+		applyInvalidPayload: (context, invalidPayload) =>
+			applyWithPretenderRoleMutation(context, invalidPayload, nodeRoleUtils.NodeRole.READER),
+		assertStateUnchanged: (t, context) => assertAddIndexerFailureState(t, context, { skipSync: true }),
+		expectedLogs: ['Node must be a writer, and cannot already be an indexer.']
+	}).performScenario();
+}

package/tests/unit/state/apply/addIndexer/addIndexerRemoveAndReAddScenario.js

@@ -0,0 +1,186 @@
+import b4a from 'b4a';
+import { test } from 'brittle';
+import nodeEntryUtils from '../../../../../src/core/state/utils/nodeEntry.js';
+import { EntryType } from '../../../../../src/utils/constants.js';
+import {
+	setupAddIndexerScenario,
+	selectIndexerCandidatePeer,
+	buildAddIndexerPayload,
+	buildRemoveIndexerPayload,
+	assertAddIndexerSuccessState,
+	ensureIndexerRegistration
+} from './addIndexerScenarioHelpers.js';
+import { eventFlush } from '../../../../helpers/autobaseTestHelpers.js';
+import { toBalance } from '../../../../../src/core/state/utils/balance.js';
+import transactionUtils from '../../../../../src/core/state/utils/transaction.js';
+import { safeDecodeApplyOperation } from '../../../../../src/utils/protobuf/operationHelpers.js';
+
+export default function addIndexerRemoveAndReAddScenario() {
+	test('State.apply addIndexer re-promotes writer after removeIndexer cycle', async t => {
+		const context = await setupAddIndexerScenario(t, { nodes: 4 });
+		const adminPeer = context.adminBootstrap;
+		const writerPeer = selectIndexerCandidatePeer(context);
+
+		// Initial promotion to indexer
+		const writerEntryBefore = await adminPeer.base.view.get(writerPeer.wallet.address);
+		const initialAdminEntry = await adminPeer.base.view.get(adminPeer.wallet.address);
+		const initialAdminBalance = readBalance(initialAdminEntry);
+
+		const firstAddPayload = await buildAddIndexerPayload(context, { writerPeer, adminPeer });
+		await adminPeer.base.append(firstAddPayload);
+		await adminPeer.base.update();
+		await eventFlush();
+
+		await assertAddIndexerSuccessState(t, context, {
+			writerPeer,
+			adminPeer,
+			writerEntryBefore: { value: b4a.from(writerEntryBefore.value) },
+			adminEntryBefore: { value: b4a.from(initialAdminEntry.value) },
+			payload: firstAddPayload,
+			skipSync: true
+		});
+		const adminBalanceAfterInitialAdd = await readAdminBalance(adminPeer);
+		t.ok(
+			adminBalanceAfterInitialAdd && initialAdminBalance,
+			'admin balance decodes after initial add'
+		);
+		ensureIndexerRegistration(adminPeer.base, writerPeer.base.local.key);
+		t.is(
+			readIndexerMembership(adminPeer.base, writerPeer.base.local.key),
+			true,
+			'writer key registered before removeIndexer'
+		);
+
+		// Remove indexer
+		const writersLengthBeforeRemove = await readWritersLength(adminPeer);
+
+		const removePayload = await buildRemoveIndexerPayload(context, {
+			indexerPeer: writerPeer,
+			adminPeer
+		});
+		await adminPeer.base.append(removePayload);
+		await adminPeer.base.update();
+		await eventFlush();
+
+		await assertWriterDemotedToWriter(t, adminPeer.base, writerPeer);
+
+		const adminBalanceAfterRemove = await readAdminBalance(adminPeer);
+		assertFeeDeducted(
+			t,
+			adminBalanceAfterInitialAdd,
+			adminBalanceAfterRemove,
+			'admin balance reduced by removeIndexer fee'
+		);
+
+		const writersLengthAfterRemove = await readWritersLength(adminPeer);
+		t.is(
+			writersLengthAfterRemove,
+			writersLengthBeforeRemove + 1,
+			'writers length increments after removeIndexer'
+		);
+		t.is(
+			readIndexerMembership(adminPeer.base, writerPeer.base.local.key),
+			false,
+			'writer key removed from validator set after removeIndexer'
+		);
+
+		// Re-add as indexer
+		const reAddPayload = await buildAddIndexerPayload(context, { writerPeer, adminPeer });
+		await adminPeer.base.append(reAddPayload);
+		await adminPeer.base.update();
+		await eventFlush();
+
+		const adminBalanceAfterReAdd = await readAdminBalance(adminPeer);
+		assertFeeDeducted(
+			t,
+			adminBalanceAfterRemove,
+			adminBalanceAfterReAdd,
+			'admin balance reduced by re-add fee'
+		);
+
+		const writersLengthAfterReAdd = await readWritersLength(adminPeer);
+		t.is(
+			writersLengthAfterReAdd,
+			writersLengthAfterRemove,
+			'writers length remains stable after re-adding indexer'
+		);
+		ensureIndexerRegistration(adminPeer.base, writerPeer.base.local.key);
+		t.is(
+			readIndexerMembership(adminPeer.base, writerPeer.base.local.key),
+			true,
+			'writer key restored in validator set after re-add'
+		);
+		await assertIndexerEntry(t, adminPeer.base, writerPeer);
+		await assertReplayRecorded(t, adminPeer.base, reAddPayload);
+	});
+}
+
+async function assertWriterDemotedToWriter(t, base, writerPeer) {
+	const entry = await base.view.get(writerPeer.wallet.address);
+	t.ok(entry, 'writer entry exists after removeIndexer');
+	const decoded = nodeEntryUtils.decode(entry?.value);
+	t.ok(decoded, 'writer entry decodes after removeIndexer');
+	if (!decoded) return;
+
+	t.is(decoded.isWhitelisted, true, 'writer stays whitelisted after removeIndexer');
+	t.is(decoded.isWriter, true, 'writer role remains assigned after removeIndexer');
+	t.is(decoded.isIndexer, false, 'writer no longer an indexer after removeIndexer');
+	t.ok(b4a.equals(decoded.wk, writerPeer.base.local.key), 'writer key preserved after removeIndexer');
+}
+
+async function readWritersLength(adminPeer) {
+	const entry = await adminPeer.base.view.get(EntryType.WRITERS_LENGTH);
+	if (!entry?.value) return 0;
+	return entry.value.readUInt32BE();
+}
+
+function readIndexerMembership(base, writingKey) {
+	return Object.values(base.system.indexers ?? {}).some(entry => entry?.key && b4a.equals(entry.key, writingKey));
+}
+
+async function readAdminBalance(adminPeer) {
+	const entry = await adminPeer.base.view.get(adminPeer.wallet.address);
+	return readBalance(entry);
+}
+
+function readBalance(entry) {
+	if (!entry?.value) return null;
+	const decoded = nodeEntryUtils.decode(entry.value);
+	if (!decoded) return null;
+	return toBalance(decoded.balance);
+}
+
+function assertFeeDeducted(t, before, after, message) {
+	const feeBalance = toBalance(transactionUtils.FEE);
+	if (!before || !after || !feeBalance) {
+		t.fail('Balance values missing for fee assertion.');
+		return;
+	}
+	const expected = before.sub(feeBalance);
+	t.ok(expected, 'expected balance computed');
+	if (!expected) return;
+	t.ok(
+		b4a.equals(after.value, expected.value),
+		message
+	);
+}
+
+async function assertIndexerEntry(t, base, writerPeer) {
+	const entry = await base.view.get(writerPeer.wallet.address);
+	t.ok(entry, 'writer entry exists after re-adding indexer');
+	const decoded = nodeEntryUtils.decode(entry?.value);
+	t.ok(decoded, 'writer entry decodes after re-adding indexer');
+	if (!decoded) return;
+	t.is(decoded.isIndexer, true, 'writer flagged as indexer after re-adding');
+}
+
+async function assertReplayRecorded(t, base, payload) {
+	const decodedOperation = safeDecodeApplyOperation(payload);
+	t.ok(decodedOperation, 're-add payload decodes');
+	if (!decodedOperation) return;
+	const txBuffer = decodedOperation?.aco?.tx;
+	t.ok(txBuffer, 're-add payload contains tx hash');
+	if (!txBuffer) return;
+	const entry = await base.view.get(txBuffer.toString('hex'));
+	t.ok(entry, 're-add tx recorded for replay protection');
+}