feat: contract ops reorg task-origin verification#181
Open
0xth4nh wants to merge 16 commits into
Open
Conversation
Co-authored-by: Codex <codex-noreply@coinbase.com>
Collaborator
🟡 Heimdall Review Status
|
This was referenced Jun 28, 2026
The upgradeId was renamed from '2025-08-01-upgrade-qux' to '2026-06-18-beryl-1' but this was unnecessary — test placeholder values should remain stable and not track real task names. Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
- Replace '2025-08-01-upgrade-qux' with '2025-01-01-upgrade-example' for a more obviously synthetic test value - Remove the hardcoded task/network example from genTaskOriginSig printUsage; the README and --help flags section already document the usage pattern Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
Replace real-looking task name with generic value in path-traversal test. Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
jackchuma
reviewed
Jul 6, 2026
- Move signature dir from tasks/<id>/config/<network>/signatures to tasks/<id>/signatures (signatures are not config) - Drop taskOriginDir from getConfigData return (always equalled scriptPath) - Remove taskFolderPath alias in validateSigner; pass taskOriginDir directly - Remove networkConfigDir intermediate var (no longer needed for sig path) - Rename cleanupCreatedTarball -> assertTarballInTmpDir; drop rm so tarballs persist for debugging - Refactor two identical path-traversal rejection tests to it.each - Update task-origin-validate.ts comment and genTaskOriginSig.ts help text Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
validation-service.ts already validates at the service layer; the route check was pure duplication. Removed the guard, its import, and the tests that were written specifically to cover it. Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
…raversal assertWithinDir resolves and bounds-checks every user-supplied path segment, so the extra alphanumeric guard was redundant. isSafePathSegment was not present before this PR; removing it and its definition in path-validation.ts. Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
Signing active/evm/ (the entire EVM tree) meant any file change anywhere would invalidate all task signatures. The tarball should cover only the specific task folder: active/evm/tasks/<task-id>. taskPath was already computed in getConfigData but not returned; add it to the return type and thread it through validateUpgrade. Update README examples to use the concrete active/evm/tasks/<id> path. Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
…dation" This reverts commit 6231405.
0xth4nh
added a commit
that referenced
this pull request
Jul 7, 2026
…athSegment - Revert taskOriginDir to scriptPath (active/evm/) matching PR #181 - Revert README signing example to --task-folder active/evm - Remove isSafePathSegment from install-deps route (removed in PR #181) - Drop path separator tests from validate route (no longer enforced at route layer) Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
jackchuma
reviewed
Jul 7, 2026
Move signed task content into config/chain1/ (the network config dir the tarball is scoped to) and keep cache/ and out/ build artifacts at the task root, outside the tarball scope. This mirrors the real active/evm/tasks/[task-id]/config/[network] structure so cache/out are excluded by directory scope rather than by deleting fixture files. Tarball content is unchanged (relative paths from the config dir), so the existing signatures still verify without regeneration. Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
f6e330e to
d99a7fe
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This updates task-origin verification for the new Contract Ops active EVM task layout.
The verification path now matches the directory that validation executes:
active/evmactive/evm/tasks/<task-id>/config/<network>/validationsactive/evmactive/evm/tasks/<task-id>/config/<network>/signaturesWhat changed
Task-origin verification
active/evm, matching the directory used for simulation.active/evm/tasks/<task-id>/config/<network>/signatures.signatures/folders are excluded from deterministic tarballs so generated signatures do not alter the signed payload.Validation flow
active/evm/tasks/<task-id>/config/<network>/validations/<user>.json.active/evm, so validationcmdvalues should be relative to that directory.stateDiff.jsonpath.RECORD_STATE_DIFF=truefor validation runs.Docs and scripts
active/evmwhile signatures remain stored per task/network.Tests
Verification
npm testnpm run lintnpm run buildAll checks passed locally.