Add drop authorization signing examples and fixtures

[punk6529]

Summary

• Add a no-secret operator guide for EIP-712 drop authorization signing, covering fixed-price drops, auction drops, replay controls, and ERC-1271 contract signers.
• Add deterministic fixed-price, auction, and ERC-1271 mock signer fixtures with expected domain/message fields, digests, signatures, and failure expectations.
• Add local/CI fixture validation plus unit coverage, and wire the guide/fixtures into tooling, audit, incident-response, release-readiness, release manifest, and checksum surfaces.

Validation

• python scripts\test_drop_authorization_fixtures.py
• python scripts\check_drop_authorization_fixtures.py
• python scripts\test_audit_package.py
• python scripts\check_audit_package.py
• python scripts\test_incident_response.py
• python scripts\check_incident_response.py
• python scripts\test_release_readiness.py
• python scripts\check_release_readiness.py
• python scripts\test_release_manifest.py
• python scripts\generate_release_manifest.py --check
• python scripts\test_release_checksums.py
• python scripts\generate_release_checksums.py --check
• git diff --check
• make check

Closes #177

Summary by CodeRabbit

• New Features

  • Deterministic drop-authorization signing examples for EOA and ERC-1271 signers; no-secret local signing fixtures for fixed-price and auction flows

• Documentation

  • Comprehensive drop-authorization signing guide with failure cases, verification commands, and operator checklist; cross-linked from readiness/audit docs

• Tests

  • Automated fixture validation and unit tests verifying signing artifacts and rejection cases

• Chores

  • CI, build and release flows updated to run fixture checks and include fixtures in release evidence/checksums

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a no-secret drop-authorization signing guide, three deterministic EIP-712/ERC-1271 JSON fixtures, a pure‑Python validator with Keccak/ABI encoders, a unittest harness, CI/Makefile wiring, and updates release manifests, checks, and documentation to validate and publish these artifacts.

Changes

Drop Authorization Signing Examples and Fixtures

Layer / File(s)	Summary
Cryptographic validator and EIP-712 schema checker scripts/check_drop_authorization_fixtures.py	Implements validator with repo-safe link checks, JSON schema/type validators, pure‑Python Keccak-256, ABI static encoding, deterministic derived-value computation, no-secret policy scanning, expected-value/signature-kind checks, failure-case coverage aggregation, guide validation, and CLI.
Unittest harness and fixture generation scripts/test_drop_authorization_fixtures.py	Unittest module that imports the checker, seeds minimal guide and deterministic fixtures, asserts keccak vector parity, validates committed and seeded fixtures, and asserts targeted rejection cases.
Concrete JSON fixtures test/fixtures/drop-authorization/*.json	Three no-secret fixtures (fixed-price EOA, auction EOA, ERC-1271 contract-signer) with full EIP-712 typed-data, expected derived hashes/digest/signature examples, call metadata, and negative failure-case specifications.
Release manifest and checksum integration scripts/generate_release_manifest.py, scripts/generate_release_checksums.py, release-artifacts/latest/*	Adds signing guide to governance docs, includes fixture path in default covered paths, and updates SHA256SUMS, release-checksums.json, and release-manifest.json with fixture checksum entries and refreshed metadata.
CI and build system wiring .github/workflows/ci.yml, Makefile, scripts/check.sh, scripts/check.ps1	Adds the new scripts to repository hygiene py_compile, adds a CI step running fixture tests/checks (logs to ci-logs/), adds drop-authorization-fixtures-check Make target and wires it into check/release-manifest*, and runs tests/checks in check scripts.
Validation framework and test helpers scripts/check_audit_package.py, scripts/check_incident_response.py, scripts/check_release_readiness.py, test helpers	Extends existing checkers to require the fixture test/check commands and guide link target; updates test templates/helpers to include fixture paths and guide when seeding.
Documentation, changelog, ops state updates docs/*, CHANGELOG.md, ops/*	Adds docs/drop-authorization-signing.md and updates audit-package, incident-response, known-blockers, release-readiness, tooling, ROADMAP, AUTONOMOUS_RUN, and changelog entries to reference the guide and fixture verification commands.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• 6529-Collections/6529Stream#159: Introduced the audit-package checker framework extended here to require drop-authorization fixture checks.
• 6529-Collections/6529Stream#175: Related incident-response checker work that this PR builds on by adding drop-authorization commands and guide links.
• 6529-Collections/6529Stream#106: Related release-manifest generation wiring that overlaps Makefile target changes.

"🐰 Deterministic hashes now sing,
No secrets in the fixtures ring,
EIP‑712 fields align,
Validators check each line,
Drop auth proof—ready for spring!" 🌱

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add drop authorization signing examples and fixtures' directly and clearly describes the main changes: addition of signing examples and deterministic fixtures for drop authorization.
Linked Issues check	✅ Passed	The PR implements all required changes from issue #177: operator guide with EIP-712 domain fields, EOA and ERC-1271 examples, deterministic JSON fixtures, lightweight checker/test, documentation links across specified files, and refreshed release artifacts.
Out of Scope Changes check	✅ Passed	All changes are in scope: documentation and fixtures for drop authorization signing, validation tooling, CI/Makefile integration, and release artifact updates directly support issue #177 requirements.
Docstring Coverage	✅ Passed	Docstring coverage is 92.73% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/drop-authorization-signing-examples

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[punk6529]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/check_drop_authorization_fixtures.py`:
- Around line 534-561: Add a check that message["poster"] is non-zero for both
sale modes: when sale_mode == 1 and when sale_mode == 2 ensure
message["poster"].lower() != zero_address and raise
DropAuthorizationFixtureError(f"{fixture_id}.poster must be non-zero") if it is
zero; place this validation alongside the existing recipient/payer checks (using
the same fixture_id, zero_address, and error type), so both fixed-price and
auction branches reject a zero poster during message validation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 360f0312-2c4e-4ae2-8985-16a4f4a2fef1

📥 Commits

Reviewing files that changed from the base of the PR and between 0122e67 and 5a33544.

📒 Files selected for processing (29)

• .github/workflows/ci.yml
• CHANGELOG.md
• Makefile
• docs/audit-package.md
• docs/drop-authorization-signing.md
• docs/incident-response.md
• docs/known-blockers.md
• docs/release-readiness.md
• docs/tooling.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• scripts/check.ps1
• scripts/check.sh
• scripts/check_audit_package.py
• scripts/check_drop_authorization_fixtures.py
• scripts/check_incident_response.py
• scripts/check_release_readiness.py
• scripts/generate_release_checksums.py
• scripts/generate_release_manifest.py
• scripts/test_drop_authorization_fixtures.py
• scripts/test_release_checksums.py
• scripts/test_release_manifest.py
• scripts/test_release_readiness.py
• test/fixtures/drop-authorization/auction-eoa.json
• test/fixtures/drop-authorization/erc1271-contract-signer.json
• test/fixtures/drop-authorization/fixed-price-eoa.json

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

scripts/check_drop_authorization_fixtures.py (2)

659-667: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Reject duplicate failure_cases[].id values inside a fixture.

found is a set, so repeated ids are silently deduplicated. Combined with the union-only check in validate_all, a fixture can list the same case twice and still pass if another fixture happens to cover the missing id. Fail fast when an id repeats within the same file.

Suggested fix

 def validate_failure_cases(fixture: dict[str, Any], fixture_id: str) -> set[str]:
     """Validate failure case entries and return their IDs."""
     cases = require_list(fixture.get("failure_cases"), f"{fixture_id}.failure_cases")
     found = set()
     for index, case in enumerate(cases):
         item = require_dict(case, f"{fixture_id}.failure_cases[{index}]")
         case_id = require_string(item.get("id"), f"{fixture_id}.failure_cases[{index}].id")
         require_string(item.get("expected_revert"), f"{fixture_id}.failure_cases[{index}].expected_revert")
         require_string(item.get("notes"), f"{fixture_id}.failure_cases[{index}].notes")
+        if case_id in found:
+            raise DropAuthorizationFixtureError(
+                f"{fixture_id}.failure_cases[{index}].id duplicates {case_id}"
+            )
         found.add(case_id)
     return found

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check_drop_authorization_fixtures.py` around lines 659 - 667, The
current loop silently deduplicates repeated failure case ids because `found` is
a set; modify the loop that iterates `cases` (using `require_list`,
`require_dict`, `require_string`) to detect and fail on duplicate `case_id`
within the same fixture: after computing `case_id` check `if case_id in found:`
and raise an error (ValueError or a clear exception) including `fixture_id` and
`case_id` so the test fails fast; otherwise add to `found` as before. Ensure
`validate_all` behaviour remains unchanged.

---

620-639: 🎯 Functional Correctness | 🟠 Major | 🏗️ Heavy lift

Validate the signature bytes, not just their shape.

For eoa_65_byte, any 65-byte hex blob passes here; for erc1271_mock_bytes, any hex blob paired with the magic value passes. So CI can still publish a fixture whose advertised expected.signature does not match expected.digest or expected.signer, even though this checker is supposed to gate deterministic signing examples. Either verify the EOA signature against the digest/signer and pin the ERC-1271 mock bytes, or stop treating expected.signature as validated output.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check_drop_authorization_fixtures.py` around lines 620 - 639, The
checker currently only checks shape of expected.signature (via signature, kind)
but not that the signature actually signs expected.digest by expected.signer;
update the validation in the block handling kind == "eoa_65_byte" to recover the
signer from expected.digest and the 65-byte signature (use the project’s
ecrecover utility or implement v/r/s recovery) and compare it to
require_string(expected.get("signer"), ...) (raise DropAuthorizationFixtureError
on mismatch), and in the "erc1271_mock_bytes" branch pin and validate the mock
signature bytes against the expected.erc1271_magic_value (ensure
expected.signature equals the agreed mock signature for fixture_id
"erc1271-contract-signer" or require a derived value from
expected.digest/signer), or alternatively stop treating expected.signature as
validated output by explicitly rejecting fixtures that don’t provide a
verifiable signature; use symbols require_hex, require_string,
DropAuthorizationFixtureError, fixture_id, expected.digest, and expected.signer
to locate and implement the changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@scripts/check_drop_authorization_fixtures.py`:
- Around line 659-667: The current loop silently deduplicates repeated failure
case ids because `found` is a set; modify the loop that iterates `cases` (using
`require_list`, `require_dict`, `require_string`) to detect and fail on
duplicate `case_id` within the same fixture: after computing `case_id` check `if
case_id in found:` and raise an error (ValueError or a clear exception)
including `fixture_id` and `case_id` so the test fails fast; otherwise add to
`found` as before. Ensure `validate_all` behaviour remains unchanged.
- Around line 620-639: The checker currently only checks shape of
expected.signature (via signature, kind) but not that the signature actually
signs expected.digest by expected.signer; update the validation in the block
handling kind == "eoa_65_byte" to recover the signer from expected.digest and
the 65-byte signature (use the project’s ecrecover utility or implement v/r/s
recovery) and compare it to require_string(expected.get("signer"), ...) (raise
DropAuthorizationFixtureError on mismatch), and in the "erc1271_mock_bytes"
branch pin and validate the mock signature bytes against the
expected.erc1271_magic_value (ensure expected.signature equals the agreed mock
signature for fixture_id "erc1271-contract-signer" or require a derived value
from expected.digest/signer), or alternatively stop treating expected.signature
as validated output by explicitly rejecting fixtures that don’t provide a
verifiable signature; use symbols require_hex, require_string,
DropAuthorizationFixtureError, fixture_id, expected.digest, and expected.signer
to locate and implement the changes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5199ad99-5590-47b5-8de4-cee63890546e

📥 Commits

Reviewing files that changed from the base of the PR and between 5a33544 and 99bf1f3.

📒 Files selected for processing (3)

• ops/AUTONOMOUS_RUN.md
• scripts/check_drop_authorization_fixtures.py
• scripts/test_drop_authorization_fixtures.py

✅ Files skipped from review due to trivial changes (1)

• ops/AUTONOMOUS_RUN.md

🚧 Files skipped from review as they are similar to previous changes (1)

• scripts/test_drop_authorization_fixtures.py