Skip to content

feat!: demote auth registry to non-protocol contract#23106

Draft
dbanks12 wants to merge 11 commits into
dbanks12/public-checks-to-aztec-nrfrom
cb/e468a77822a0
Draft

feat!: demote auth registry to non-protocol contract#23106
dbanks12 wants to merge 11 commits into
dbanks12/public-checks-to-aztec-nrfrom
cb/e468a77822a0

Conversation

@dbanks12
Copy link
Copy Markdown
Contributor

@dbanks12 dbanks12 commented May 8, 2026
edited
Loading

Demotes auth_registry from protocol contract. Introduces canonical_addresses Noir crate and @aztec/canonical-contracts TS package.

Stacked on #23216.

@dbanks12 dbanks12 changed the title feat(auth_registry): demote to non-protocol contract via two-pass build [messing around...] feat(auth_registry): demote to non-protocol contract via two-pass build May 8, 2026
@dbanks12 dbanks12 marked this pull request as ready for review May 8, 2026 18:21
@dbanks12 dbanks12 removed request for LeilaWang and nventuro May 8, 2026 18:21
@dbanks12 dbanks12 changed the title [messing around...] feat(auth_registry): demote to non-protocol contract via two-pass build [messing around... for ci] feat(auth_registry): demote to non-protocol contract via two-pass build May 8, 2026
@dbanks12 dbanks12 changed the title [messing around... for ci] feat(auth_registry): demote to non-protocol contract via two-pass build feat(auth_registry): demote to non-protocol contract via two-pass build May 8, 2026
@dbanks12 dbanks12 changed the title feat(auth_registry): demote to non-protocol contract via two-pass build feat(auth_registry): demote to non-protocol contract May 11, 2026
@dbanks12 dbanks12 marked this pull request as draft May 11, 2026 16:03
@dbanks12 dbanks12 changed the title feat(auth_registry): demote to non-protocol contract [NOT READY] feat(auth_registry): demote to non-protocol contract May 11, 2026
@dbanks12 dbanks12 changed the title [NOT READY] feat(auth_registry): demote to non-protocol contract [NOT READY - CLAUDE GENERATED] feat(auth_registry): demote to non-protocol contract May 11, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 11, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednpm/​vite@​7.3.3961008298100
Addednpm/​@​aztec/​standard-contracts@​0.0.0-use.local100100100100100
Updatednpm/​@​aztec/​noir-noir_js@​1.0.0-beta.21 ⏵ 1.0.0-beta.20100100100100100

View full report

@dbanks12 dbanks12 changed the base branch from next to merge-train/fairies May 12, 2026 14:21
This was referenced May 12, 2026
Draft
Merged
@dbanks12 Graphite App
Copy link
Copy Markdown
Contributor Author

dbanks12 commented May 12, 2026
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

@dbanks12 dbanks12 changed the title [NOT READY - CLAUDE GENERATED] feat(auth_registry): demote to non-protocol contract feat(auth_registry): demote to non-protocol contract May 12, 2026
@dbanks12 dbanks12 changed the base branch from merge-train/fairies to dbanks12/autogen-canonical-interfaces May 12, 2026 18:19
@dbanks12 dbanks12 mentioned this pull request May 12, 2026
Draft
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 12, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Medium
Medium CVE: npm bn.js affected by an infinite loop

CVE: GHSA-378v-28hj-76wf bn.js affected by an infinite loop (MODERATE)

Affected versions: < 4.12.3; >= 5.0.0 < 5.2.3

Patched version: 4.12.3

From: ?npm/crypto-browserify@3.12.1npm/@ethersproject/wallet@5.8.0npm/bn.js@4.12.0

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/bn.js@4.12.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: npm bn.js affected by an infinite loop

CVE: GHSA-378v-28hj-76wf bn.js affected by an infinite loop (MODERATE)

Affected versions: < 4.12.3; >= 5.0.0 < 5.2.3

Patched version: 5.2.3

From: ?npm/crypto-browserify@3.12.1npm/@ethersproject/wallet@5.8.0npm/bn.js@5.2.1

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/bn.js@5.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: npm bn.js affected by an infinite loop

CVE: GHSA-378v-28hj-76wf bn.js affected by an infinite loop (MODERATE)

Affected versions: < 4.12.3; >= 5.0.0 < 5.2.3

Patched version: 5.2.3

From: ?npm/@nethermindeth/discv5@9.0.0-backport-306-v4npm/@nethermindeth/enr@3.0.0-backport-306-v4npm/bn.js@5.2.2

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/bn.js@5.2.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono has CSS Declaration Injection via Style Object Values in JSX SSR

CVE: GHSA-qp7p-654g-cw7p Hono has CSS Declaration Injection via Style Object Values in JSX SSR (MODERATE)

Affected versions: < 4.12.18

Patched version: 4.12.18

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

CVE: GHSA-p77w-8qqv-26rm Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage (MODERATE)

Affected versions: < 4.12.18

Patched version: 4.12.18

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: npm hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

CVE: GHSA-69xw-7hcm-h432 hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection (MODERATE)

Affected versions: < 4.12.16

Patched version: 4.12.16

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

CVE: GHSA-9vqf-7f2p-gf9v Hono: bodyLimit() can be bypassed for chunked / unknown-length requests (MODERATE)

Affected versions: < 4.12.16

Patched version: 4.12.16

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: npm hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

CVE: GHSA-458j-xx4x-4375 hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR (MODERATE)

Affected versions: < 4.12.14

Patched version: 4.12.14

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })

CVE: GHSA-v8w9-8mx6-g223 Hono vulnerable to Prototype Pollution possible through proto key allowed in parseBody({ dot: true }) (MODERATE)

Affected versions: < 4.12.7

Patched version: 4.12.7

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono missing validation of cookie name on write path in setCookie()

CVE: GHSA-26pp-8wgv-hjvm Hono missing validation of cookie name on write path in setCookie() (MODERATE)

Affected versions: < 4.12.12

Patched version: 4.12.12

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

CVE: GHSA-r5rp-j6wh-rvv4 Hono: Non-breaking space prefix bypass in cookie name handling in getCookie() (MODERATE)

Affected versions: < 4.12.12

Patched version: 4.12.12

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono: Middleware bypass via repeated slashes in serveStatic

CVE: GHSA-wmmm-f939-6g9c Hono: Middleware bypass via repeated slashes in serveStatic (MODERATE)

Affected versions: < 4.12.12

Patched version: 4.12.12

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

CVE: GHSA-xpcf-pg52-r92g Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses (MODERATE)

Affected versions: < 4.12.12

Patched version: 4.12.12

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Hono: Path traversal in toSSG() allows writing files outside the output directory

CVE: GHSA-xf4j-xp2r-rqqx Hono: Path traversal in toSSG() allows writing files outside the output directory (MODERATE)

Affected versions: >= 4.0.0 < 4.12.12

Patched version: 4.12.12

From: ?npm/eslint@9.26.0npm/hono@4.12.5

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hono@4.12.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Medium CVE: Vite Vulnerable to Path Traversal in Optimized Deps .map Handling

CVE: GHSA-4w7w-66w2-5vf9 Vite Vulnerable to Path Traversal in Optimized Deps .map Handling (MODERATE)

Affected versions: >= 8.0.0 < 8.0.5; >= 7.0.0 < 7.3.2; < 6.4.2

Patched version: 7.3.2

From: ?npm/vitest@4.0.18npm/vite@7.3.1

ℹ Read more on: This package | This alert | What is a medium CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known medium severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@7.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dbanks12 added a commit that referenced this pull request May 12, 2026
@dbanks12
feat(multi_call_entrypoint): demote to non-protocol contract
537bfaf 
Mirrors the auth_registry demotion (PR #23106):

- Moves the noir contract from contracts/protocol/ to contracts/canonical/.
- Removes MULTI_CALL_ENTRYPOINT_ADDRESS from constants.nr / aztec_constants.hpp / constants_gen.pil and drops the entry from protocol_contracts.json so the contract is no longer treated as a protocol contract.
- Adds a multi-call-entrypoint stamp sub-package under @aztec/canonical-contracts with TS-only address.gen.ts + freshness test (no Noir consumers of the address exist, so no Noir lib stamp is generated).
- Migrates consumers from ProtocolContractAddress.MultiCallEntrypoint / @aztec/protocol-contracts/multi-call-entrypoint to MULTI_CALL_ENTRYPOINT_ADDRESS and @aztec/canonical-contracts/multi-call-entrypoint: DefaultMultiCallEntrypoint, AztecNodeService.getProtocolContractAddresses, and the embedded wallet bundle/lazy providers.
- Drops the multi-call-entrypoint subdir from @aztec/protocol-contracts and the corresponding aztec.js re-export.
@dbanks12 dbanks12 force-pushed the dbanks12/autogen-canonical-interfaces branch from 214e5c4 to e5390ee Compare May 12, 2026 18:51
This was referenced May 12, 2026
Draft
Draft
Draft
@dbanks12 dbanks12 force-pushed the dbanks12/autogen-canonical-interfaces branch from e5390ee to b15e8d5 Compare May 12, 2026 19:24
@dbanks12 dbanks12 force-pushed the dbanks12/autogen-canonical-interfaces branch from b15e8d5 to d10c85a Compare May 12, 2026 19:28
@dbanks12 dbanks12 changed the base branch from dbanks12/autogen-canonical-interfaces to graphite-base/23106 May 13, 2026 17:27
@dbanks12 dbanks12 force-pushed the graphite-base/23106 branch from d10c85a to e5e600b Compare May 13, 2026 17:27
@dbanks12 dbanks12 mentioned this pull request May 13, 2026
Draft
@dbanks12 dbanks12 changed the base branch from graphite-base/23106 to dbanks12/public-checks-to-aztec-nr May 13, 2026 18:47
@dbanks12 dbanks12 changed the title feat(auth_registry): demote to non-protocol contract feat!: demote auth registry to non-protocol contract May 13, 2026
@dbanks12 dbanks12 mentioned this pull request May 13, 2026
Draft
@dbanks12
refactor(standard-contracts): mirror protocol-contracts generator str…
d8438b2 
…ucture

- Decompose renderTsData into generateNames/generateSalts/generateAddresses/generateClassIdPreimages helpers, matching protocol-contracts pattern 1:1.
- Restore privateFunctions in ContractData and emit StandardContractPrivateFunctions in the data file; makeStandardContract now reads from it instead of hardcoding []. Required for contracts that have private functions (e.g. MultiCallEntrypoint upstack).
@dbanks12
fix(auth_registry): use AUTH_REGISTRY_ADDRESS from standard_addresses…
188e09e 
… crate

- Replace stale CANONICAL_AUTH_REGISTRY_ADDRESS references in aztec-nr authwit/auth.nr and test helpers with the demoted AUTH_REGISTRY_ADDRESS exported from the standard_addresses crate.
- Add standard_addresses dep to aztec-nr/aztec/Nargo.toml.
- Restore auth_registry_contract authwit imports to the pre-split aztec::authwit::auth path (the split lives in an upstack PR).
@dbanks12
refactor(auth_registry): collapse standard_addresses crate into aztec…
6185997 
…-nr module

The standard_addresses crate was originally introduced to break a dependency
cycle, but the authwit split makes the cycle structurally impossible. Inline
the generated address constants as a regular module in aztec-nr's aztec crate
(and a twin in aztec_sublib, which cannot depend on aztec) instead of carrying
a redundant single-file crate.
@dbanks12
feat(standard-contracts): fail loud on stale address drift at build time
c820e3c 
`generate_data.ts` now always regenerates `standard_contract_data.ts` plus the
two Noir `standard_addresses.nr` twins, compares each rewritten file against
its pre-write snapshot, and exits non-zero with a clear message if any drifted.
The new content is written either way, so re-running `./bootstrap.sh` once more
recompiles dependent Noir contracts against the freshly-stamped addresses.

The TS output is normalized through prettier before comparison so the check
doesn't false-positive on the bootstrap `format` step's later reformatting.

A new `standard_contract_data.test.ts` is a second line of defense: it iterates
`standardContracts[]`, re-derives each contract's data via the shared
`contract_data.ts` module, and asserts the result matches the committed values.
Skips gracefully (with a `console.warn`) when artifacts aren't built yet.

Adding a new standard contract is still a one-row change in
`standardContracts[]` — both the build-time check and the test pick it up
automatically.
@dbanks12 dbanks12 mentioned this pull request May 17, 2026
Draft
dbanks12 added 2 commits May 17, 2026 14:34
@dbanks12
refactor(standard-contracts): factor drift detection into shared modu…
34b31a6 
…le + only write on change

Move rendering, prettier formatting, and write-if-changed plumbing out of
`scripts/generate_data.ts` into a new `drift.ts` so the backup jest test can
reuse the same pipeline. The drift test now compares the committed
`standard_contract_data.ts` AND every committed `standard_addresses.nr` twin
against freshly re-rendered output — previously it only re-derived per-field
constants and never checked the Noir-side files. The generator no longer touches
mtimes when content is unchanged: it renders in memory, compares against the
existing bytes, and only writes (then exits non-zero) when something actually
drifted.
@dbanks12
feat(standard-contracts): wire generate:data into yarn-project bootstrap
7110e2f 
Adds standard-contracts to the parallel `yarn generate` list in
yarn-project/bootstrap.sh so the drift-detecting generator actually runs during
`./bootstrap.sh build yarn-project`. Previously the package was in the workspace
list but had no bootstrap wiring, so drift was only caught by the per-package
jest test at CI test time.

Expands the on-drift error to spell out the exact recovery sequence
(noir-contracts rebuild -> yarn-project rebuild) and notes the rewritten files
must be committed alongside the source change that triggered the drift.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MirandaWood MirandaWood Awaiting requested review from MirandaWood MirandaWood is a code owner

@jeanmon jeanmon Awaiting requested review from jeanmon jeanmon is a code owner

@IlyasRidhuan IlyasRidhuan Awaiting requested review from IlyasRidhuan IlyasRidhuan is a code owner

@nventuro nventuro Awaiting requested review from nventuro nventuro will be requested when the pull request is marked ready for review nventuro is a code owner

@LeilaWang LeilaWang Awaiting requested review from LeilaWang LeilaWang will be requested when the pull request is marked ready for review LeilaWang is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dbanks12