Skip to content

feat(taco): Add nestedAbiDecode schema for selectorless ABI validation#766

Draft
theref wants to merge 303 commits intonucypher:signing-epicfrom
theref:feat/nested-abi-decode
Draft

feat(taco): Add nestedAbiDecode schema for selectorless ABI validation#766
theref wants to merge 303 commits intonucypher:signing-epicfrom
theref:feat/nested-abi-decode

Conversation

@theref
Copy link
Copy Markdown
Contributor

@theref theref commented Mar 5, 2026
edited
Loading

Add abiDecodeValidationSchema and update abiParameterValidationSchema to support a third option alongside returnValueTest and nestedAbiValidation. Used for batch execution payloads.

The real work is in nucypher/nucypher#3723

theref and others added 30 commits July 8, 2025 13:57
@theref @derekpierre
🐛 fix(porter): send signing request data in body instead of query params
fcb6515 
- change signUserOp method to use 'data' instead of 'params' for POST request
- aligns with other Porter methods that send data in request body
- fixes 400 Bad Request error when signing user operations
@theref @derekpierre
✅ test: update signing tests to expect base64-encoded requests
1808914 
- update test expectations to match new base64-encoded signing request format
- tests now expect btoa(JSON.stringify(...)) instead of JSON.stringify(...)
@theref @derekpierre
🔧 refactor: match Python signing request format
ed8ee02 
- change signing request structure to match Python implementation
- use snake_case field names (cohort_id, chain_id, signature_type)
- serialize userOp as 'data' field instead of direct embedding
- update tests to match new request format
@theref @derekpierre
Fix TACo signing request format for Porter API
0df991f 
- Use sorted JSON keys for user operations to match Python implementation
- Update signing request structure with proper field names
- Add error logging for debugging Porter API responses
- Update tests to match new request format
@theref @derekpierre
Move UserOperation types and signing utilities to shared package
5e49104 
- Add UserOperation type, UserOperationSignatureRequest class, and convertUserOperationToPython utility to shared/src/types.ts
- Export new types and classes in shared/src/index.ts
- Update taco/src/types.ts to re-export UserOperation from shared package
- Eliminates duplication of UserOperation type definitions across packages
@theref @derekpierre
Implement clean UserOperation signing with shared utilities
4fefca9 
- Fix Porter client to use POST data instead of query params for /sign endpoint
- Fix SigningCoordinator.getThreshold() to use signingCohorts(cohortId).threshold
- Update signUserOp() to use shared conversion utilities and proper base64 encoding
- Update tests to use shared conversion function and correct signature_type 'userOp'
- Remove console.log statements and simplify integration test
- All functionality now uses centralized types from shared package
@theref @derekpierre
Update TACo signing implementation with improved error handling
8ada213 
- Updated SignResponse type to match new API response format with separated signatures and errors
- Enhanced PorterClient.sign() with better error handling and response structure validation
- Added debug logging to signing integration test
- Fixed signer key mapping from operator to provider in signUserOp
- Removed debug code for porter ursulas endpoint
@theref @derekpierre
🔧 chore(test): update integration test configuration
99896fd 
- Remove private key security risk and use dummy address
- Switch to Ethereum Sepolia testnet (chain ID 11155111)
- Update RPC provider URL to publicnode.com
- Change ritual ID to 1
- Fix test skip condition for CI environment
@theref @claude @derekpierre
Fix UserOperation signing request format and type errors
698ae4c 
- Fix UserOperationSignatureRequest constructor to accept objects instead of strings
- Remove double JSON stringification that caused address encoding errors
- Update convertUserOperationToPython to handle null/empty values properly
- Fix test expectations to match new data format and provider addresses
- Resolve AddressEncoder errors by ensuring proper hex address format

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@theref @KPrasch @derekpierre
✅ test(taco): fix UserOperation signing tests and address validation
232f11a 
- Update test expectations to use JSON.stringify for user_op field serialization
- Rename digest field to messageHash in SignResult interface and all related code
- Implement strict address validation that fails fast on invalid checksums
- Fix Porter test mock response structure to match API format
- Update integration test to use properly checksummed addresses

Co-Authored-By: Kieran <kieranprasch@gmail.com>
@theref @derekpierre
refactor(shared): simplify signing error handling to follow tacoDecry…
05e59e1 
…pt pattern

- Remove complex try-catch blocks and manual error checking in signUserOp
- Use direct destructuring of errors from Porter response
- Trust Porter's response structure instead of adding validation overhead
- Update tests to match new error handling pattern
- Follow same approach as tacoDecrypt for consistent error handling
@theref @derekpierre
Rename Signingcoordinator to signing-coordinator
05099ed
@theref @derekpierre
✨ feat(shared): add getSigningCohortConditions method to SigningCoord…
e26273b 
…inatorAgent
@theref @derekpierre
✨ feat(taco): add forSigningCohort method to ConditionContext
c38c151 
- Add async forSigningCohort static method to build context from signing cohort conditions
- Fix import ordering and add missing ethers import
- Update integration test to use new signing context method with await
@theref @derekpierre
✅ test(taco): add comprehensive tests for forSigningCohort method
0f62cec 
- Add tests for happy path scenario with valid cohort conditions
- Add error handling tests for network failures and invalid responses
- Add tests for invalid hex decoding and JSON parsing errors
- Add tests for complex compound condition structures
- Add tests for invalid condition schema validation
- Fix hex decoding in forSigningCohort method to handle contract responses
@theref @derekpierre
♻️ refactor(shared): remove returnAggregated option and add message h…
b4e3fe6 
…ash validation

- Remove returnAggregated option from SigningOptions type
- Remove unused options parameter from signUserOp method
- Add validation to ensure all Ursulas return same message hash
- Throw error if message hashes don't match across signatures
@theref @derekpierre
✅ test(shared): update tests for signUserOp changes and add message h…
89e11f8 
…ash validation test

- Remove returnAggregated options from existing tests
- Add test case to verify error thrown when message hashes don't match
- Update test calls to match new signUserOp signature
@theref @derekpierre
♻️ refactor(taco): update signUserOp function to match new shared int…
7860aeb 
…erface

- Remove SigningOptions import as no longer needed
- Remove options parameter from signUserOp function signature
- Update porter.signUserOp call to remove options parameter
@theref @derekpierre
♻️ refactor(taco): remove unused INTERNAL_SIGNING_CONDITION from context
b0b63fc 
- Remove unused INTERNAL_SIGNING_CONDITION constant
- Update RESERVED_CONTEXT_PARAMS to only include USER_ADDRESS_PARAM_DEFAULT
@theref @derekpierre
✅ test(taco): update signUserOp tests for new function signature
4cd372d 
- Remove returnAggregated options from test calls
- Update function calls to match new signUserOp signature
- Remove unused options variable from test
@theref @derekpierre
✅ test(taco): update integration test for new signUserOp signature
6283f49 
- Remove returnAggregated option from signUserOp call in integration test
@theref @derekpierre
🔒 fix(shared): only aggregate signatures when threshold met
fafbec8 
- Change aggregation logic from length > 0 to length >= threshold
- Ensures aggregated signature only provided with sufficient signatures
@theref @derekpierre
✅ test(shared): update tests for threshold-based aggregation
f46ce28 
- Fix existing test expectation for insufficient signatures case
- Add new test to verify no aggregation when threshold not met
- Ensure test coverage for both threshold met and unmet scenarios
@theref @derekpierre
♻️ refactor(shared): follow tacoDecrypt pattern for error handling
42c735d 
- Remove throw for mismatched message hashes
- Include signature processing errors in result errors instead
- Add try-catch for signature decoding failures
- Continue processing other signatures when one fails
- Let caller decide how to handle errors based on SignResult
@theref @derekpierre
✅ test(shared): update test for new error handling pattern
c76db80 
- Change mismatched hash test to expect error in result instead of thrown
- Verify result contains partial signatures and error details
- Test that processing continues with valid signatures despite errors
@theref @derekpierre
✨ feat(shared): add optimistic signing option to signUserOp
c6d64e6 
- Add SigningOptions parameter with optimistic flag
- Extract signature decoding logic to eliminate duplication
- Optimistic mode: skip hash validation, use all signatures
- Non-optimistic mode: validate hashes, only aggregate when threshold+ nodes agree
- All signatures included in signingResults regardless of mode
- Add comprehensive test coverage for new optimistic signing logic
- Update existing test expectations for new signing behavior
@derekpierre
Remove unused parameter when decoding a signature.
3d5cb01
@derekpierre
Set message hash for non-optimistic case.
09700b2
@derekpierre
Remove extra returnAggregated value from test.
c92c677 
Run pnpm fix.
@derekpierre
Initial set up of signing attribute condition.
b6ffe79
theref and others added 23 commits February 10, 2026 14:56
@theref
test(taco): Include create2 in missing-value parametrized test
baa1281 
Remove OBJECT_VALUE_OPERATIONS exclusion list so create2 is covered
by the regression backstop test for operations requiring a value.
Use toContain assertion since create2 produces multiple errors.
@theref
docs(taco): Regenerate schema docs for create2 changes
ff3ed24
@derekpierre @theref
Separation of responsibilities between common variable operations sch…
825bb04 
…ema and the create2 operation schema.

Revert change to test since no longer needed.
@theref
docs(taco): Regenerate schema docs for union approach
ee51c53
@theref
test(taco): Verify non-create2 ops reject create2 values
daa7f42 
Add parametrized test ensuring all non-unary, non-create2 operations
reject create2-shaped object values.
@theref
feat(taco): Add create2 operation for local address computation (nucy…
e6028d7 
…pher#759)
@theref
chore(release): release @nucypher/shared:0.6.0-alpha.11
7fc4715 
via [HAPI](https://hapi.run)

Co-Authored-By: HAPI <noreply@hapi.run>
@theref
chore(release): release @nucypher/taco-auth:0.4.0-alpha.11
c308347 
via [HAPI](https://hapi.run)

Co-Authored-By: HAPI <noreply@hapi.run>
@theref
chore(release): release @nucypher/taco:0.7.0-alpha.11
c6571fb 
via [HAPI](https://hapi.run)

Co-Authored-By: HAPI <noreply@hapi.run>
@theref
feat(shared): Add in-memory cache to SigningCoordinatorAgent
673cd02 
Caches getParticipants and getThreshold results with a 10-second TTL
to avoid redundant contract reads during short time windows. Cache is
keyed by domain and cohortId, with a public clearCache() method for
manual invalidation.

via [HAPI](https://hapi.run)

Co-Authored-By: HAPI <noreply@hapi.run>
@theref
test(shared): Add tests for SigningCoordinatorAgent cache
5f1a01c 
Covers cache hits, TTL expiry, per-domain and per-cohortId isolation,
and manual cache clearing.

via [HAPI](https://hapi.run)

Co-Authored-By: HAPI <noreply@hapi.run>
@theref
refactor(shared): Extract TtlCache to utility module
d22395f 
Move cache logic from SigningCoordinatorAgent into a reusable
TtlCache class. Bump TTL from 10s to 60s per review feedback.

via [HAPI](https://hapi.run)

Co-Authored-By: HAPI <noreply@hapi.run>
@theref
refactor(shared): Use helper method for cache key construction
de74786 
Reorder cache keys from field:domain:cohortId to domain:cohortId:field
(broader to specific) and extract a cacheKey() helper to keep key
structure consistent, per review feedback.
@theref
refactor(conditions): Extract nullAddress string literal into constant
d7cbd4c 
Replace ':nullAddress' string literals with NULL_ADDRESS_CONTEXT_VAR
constant defined in conditions/const.ts, used in both
AUTOMATICALLY_INJECTED_CONTEXT_PARAMS and RESERVED_CONTEXT_PARAMS.
@derekpierre
feat(conditions): add :nullAddress as automatically injected context …
8d7b037 
…variable (nucypher#738)
@theref
refactor(shared): Use toHexString utility for hex conversion in test
1230a43 
Replace Buffer.from(...).toString('hex') with the existing toHexString
utility from @nucypher/shared for consistency with the rest of the
codebase.
@derekpierre
Add in-memory cache to SigningCoordinatorAgent (nucypher#762)
2511c7d
@theref
refactor(taco): Use undefined instead of null in resolveTypeWithSubIn…
dd235cf 
…dices

Idiomatic TypeScript prefers undefined over null for absent values.
Addresses PR review feedback.
@theref
feat(taco): Replace indexWithinTuple with unified subIndices for ABI …
e965738 
…validation (nucypher#753)
@theref
chore(release): release @nucypher/shared:0.6.0-alpha.12
ec77f32
@theref
chore(release): release @nucypher/taco-auth:0.4.0-alpha.12
a0390d6
@theref
chore(release): release @nucypher/taco:0.7.0-alpha.12
5e72a50
@theref
feat(taco): Add nestedAbiDecode schema for selectorless ABI validation
da7b8a3 
Add abiDecodeValidationSchema and update abiParameterValidationSchema
to support a third option alongside returnValueTest and
nestedAbiValidation. Used for ERC-7579 batch execution payloads.
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 5, 2026

Codecov Report

❌ Patch coverage is 93.75000% with 3 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (signing-epic@5e72a50). Learn more about missing BASE report.

Files with missing lines Patch % Lines
packages/taco/src/conditions/schemas/signing.ts 93.75% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@               Coverage Diff               @@
##             signing-epic     #766   +/-   ##
===============================================
  Coverage                ?   90.82%           
===============================================
  Files                   ?       98           
  Lines                   ?     8673           
  Branches                ?      568           
===============================================
  Hits                    ?     7877           
  Misses                  ?      752           
  Partials                ?       44

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@theref theref self-assigned this Mar 5, 2026
@derekpierre derekpierre marked this pull request as draft March 26, 2026 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@derekpierre derekpierre Awaiting requested review from derekpierre

@KPrasch KPrasch Awaiting requested review from KPrasch

@cygnusv cygnusv Awaiting requested review from cygnusv

Assignees

@theref theref

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@theref @codecov-commenter @derekpierre @KPrasch @Muhammad-Altabba