fix: fail pk and plaintext ag err path [skip-line-limit]

[hmzakhalid]

close #1536

Summary by CodeRabbit

• New Features

  • Added explicit terminal failure event (E3Failed) and enriched aggregation outputs to include full public keys, commitments, per-node proof bundles, and decryption-aggregation proofs.

• Bug Fixes

  • Stronger error handling: compute/aggregation errors now route to terminal failures, normalize internal state, and prevent invalid continuation; mixed/missing proof cases treated as failures.

• Documentation

  • Updated protocol flow-trace docs with refreshed DKG/decryption workflows and failure behavior.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
crisp	Skipped		May 18, 2026 10:59am
enclave-docs	Skipped		May 18, 2026 10:59am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ac414dcf-0d8c-4d1e-a5eb-c3b72c2a2eec

📥 Commits

Reviewing files that changed from the base of the PR and between 1e5d70d and 1fa49bd.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• agent/flow-trace/00_INDEX.md
• agent/flow-trace/04_DKG_AND_COMPUTATION.md
• crates/aggregator/Cargo.toml
• crates/aggregator/src/publickey_aggregator.rs
• crates/aggregator/src/threshold_plaintext_aggregator.rs

✅ Files skipped from review due to trivial changes (2)

• crates/aggregator/Cargo.toml
• agent/flow-trace/00_INDEX.md

🚧 Files skipped from review as they are similar to previous changes (1)

• crates/aggregator/src/threshold_plaintext_aggregator.rs

---

📝 Walkthrough

Walkthrough

This PR adds correlation-tracked async compute error handling and explicit E3Failed terminal failures for DKG/public-key aggregation and threshold plaintext decryption aggregation, updates flow-trace docs, adds tests, and adds a dev test helper dependency.

Changes

Aggregation Explicit Failure Paths

Layer / File(s)	Summary
Protocol documentation agent/flow-trace/00_INDEX.md, agent/flow-trace/04_DKG_AND_COMPUTATION.md	Docs updated to describe permissionless publishCommittee(), CommitteePublished payload changes, correlation tracking for multi-stage compute requests, E3Failed terminal failures, and new failure-bridge entries for PublicKeyAggregator and ThresholdPlaintextAggregator.
PublicKeyAggregator error handling crates/aggregator/src/publickey_aggregator.rs	Adds try_dispatch_dkg_aggregation mixed-proof failure routing to emit E3Failed, introduces handle_compute_request_error and Handler<TypedEvent<ComputeRequestError>>, forwards EnclaveEventData::ComputeRequestError into typed-event handling, changes termination to Handler<Die>, and adds tests.
ThresholdPlaintextAggregator correlation & failure tracking crates/aggregator/src/threshold_plaintext_aggregator.rs	Adds threshold_decryption_correlation, correlation-aware dispatch/response/error handling, tightens C6/C7 and d_commitment checks to call fail_decryption_round which emits E3Failed and clears state, and adds tests.
Dev dependency for tests crates/aggregator/Cargo.toml	Adds e3-test-helpers as a workspace dev-dependency to support new tests.
Tests & validation crates/aggregator/src/publickey_aggregator.rs, crates/aggregator/src/threshold_plaintext_aggregator.rs	New/expanded tests covering compute request errors, mixed DKG proof failures, insufficient honest shares, decryption-aggregation mismatches, and state cleanup on failures.

Sequence Diagram

sequenceDiagram
  participant Agg as PublicKeyAggregator/ThresholdPlaintextAggregator
  participant Worker as ComputeWorker
  participant Event as E3 Event System

  Agg->>Agg: Create ComputeRequest with CorrelationId
  Agg->>Worker: Dispatch DkgAggregation or CalculateDecryption
  Note over Worker: Compute step fails
  Worker-->>Agg: ComputeRequestError

  rect rgba(255, 100, 100, 0.5)
    Agg->>Agg: handle_compute_request_error / fail_decryption_round (match correlation)
    Agg->>Agg: Clear in-flight state (correlation, proofs, pending flags)
    Agg->>Event: Emit E3Failed with failure reason
  end

  Event-->>Agg: Event published
  Agg->>Agg: Round halted explicitly with clear failure signal

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly Related PRs

• gnosisguild/enclave#1500: Related changes in threshold plaintext aggregation and C6 commitment verification.
• gnosisguild/enclave#1470: Related correlation checks and fold-proof gating in plaintext aggregation.
• gnosisguild/enclave#142: Related actor termination/Handler patterns in aggregator actors.

Suggested Reviewers

• ctrlc03
• 0xjei

"🐰 I stitched the round with careful thread,
when proofs go dark I sound the dread:
E3Failed bell rings loud and clear,
so broken rounds no longer steer. ✨"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.81% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title refers to fixing error paths for public key and plaintext aggregation to fail explicitly, which is the primary intent of the PR.
Linked Issues check	✅ Passed	The PR fully addresses both HLT-006 and HLT-007 requirements: PublicKeyAggregator now routes ComputeRequestError to E3Failed, and ThresholdPlaintextAggregator implements comprehensive error handling with explicit failure signals.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing PK and plaintext aggregation error paths; documentation updates support protocol understanding and dev-dependency addition enables test infrastructure.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/e3-halt-hlt-006-hlt-007

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@agent/flow-trace/04_DKG_AND_COMPUTATION.md`:
- Around line 47-52: The doc claims computation-stage failures from
ThresholdKeyshare (GenPkShareAndSkSss, GenEsiSss, CalculateDecryptionKey,
CalculateDecryptionShare) emit E3Failed, but the code currently propagates
errors via the ? operator into trap() producing EnclaveError and
ThresholdKeyshare also doesn't subscribe to ComputeRequestError; fix by wiring
these computation-response handlers to explicitly emit E3Failed events instead
of using ? into trap() and ensure ThresholdKeyshare subscribes to
ComputeRequestError; update the four handler implementations (functions handling
GenPkShareAndSkSss, GenEsiSss, CalculateDecryptionKey, CalculateDecryptionShare)
to convert errors into the E3Failed emission path, and add subscription for
ComputeRequestError in the ThresholdKeyshare setup so computation failures
trigger the E3Failed path rather than EnclaveError.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0f300a69-6c5f-4e64-960b-0ce6f2acb056

📥 Commits

Reviewing files that changed from the base of the PR and between c7e9802 and 1e5d70d.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• agent/flow-trace/00_INDEX.md
• agent/flow-trace/04_DKG_AND_COMPUTATION.md
• crates/aggregator/Cargo.toml
• crates/aggregator/src/publickey_aggregator.rs
• crates/aggregator/src/threshold_plaintext_aggregator.rs

[0xjei]

utACK!