feat(sdk): add client-side validation to state transition construction methods

[thepastaclaw]

Problem

SDK construction methods for state transitions don't validate the transition structure before returning. Invalid transitions silently construct and broadcast, only to be rejected by the network with confusing errors.

For example:

• Creating a TRANSFER key with HIGH security level (instead of CRITICAL) in IdentityUpdateTransition — rejected on broadcast with no clear indication why
• Address-based transitions with mismatched input/witness counts — rejected after a network round-trip

Fix

Add client-side validation calls during transition construction, before signing and broadcasting. This reuses existing validation logic from rs-dpp (which Platform already uses server-side in rs-drive-abci).

Changes in two parts:

1. Public key security level validation (originally reported by @thephez):

• IdentityUpdateTransition::try_from_identity_with_signer() — validates key purpose/security level compatibility
• IdentityCreateTransition::try_from_identity_with_signer() — same validation
• IdentityCreateFromAddressesTransition::try_from_inputs_with_signer() — same validation

What gets validated:

• TRANSFER keys must use CRITICAL security level
• ENCRYPTION / DECRYPTION keys must use MEDIUM security level
• No duplicate key IDs or key data
• Max key count limits

2. Full validate_structure() on remaining state transitions (per shumkov's review):

State Transition	Construction Method
AddressCreditWithdrawalTransition	try_from_inputs_with_signer
AddressFundingFromAssetLockTransition	try_from_asset_lock_with_signer
AddressFundsTransferTransition	try_from_inputs_with_signer
IdentityCreateFromAddressesTransition	try_from_inputs_with_signer
IdentityCreditTransferToAddressesTransition	try_from_identity
IdentityTopUpFromAddressesTransition	try_from_inputs_with_signer

All use the same pattern:

let validation_result = transition.validate_structure(platform_version);
if !validation_result.is_valid() {
    let first_error = validation_result.errors.into_iter().next().unwrap();
    return Err(ProtocolError::ConsensusError(Box::new(first_error)));
}

Validation is placed after the transition is fully constructed (witnesses set, signatures applied) so validate_structure() sees the complete state.

Context

• Originally reported by @thephez (key security level issue)
• Extended per @shumkov's review to cover all remaining transitions
• Consolidates feat(sdk): add client-side validate_structure() to remaining state transitions #3098 (now closed)

/cc @QuantumExplorer

Summary by CodeRabbit

• Bug Fixes

  • Stronger client-side validation for identity public keys and structural checks for multiple state transitions to prevent malformed transactions.

• Tests

  • Tests updated to exercise new validation paths, manual/on-demand signing flows, and explicit fee-strategy scenarios.

[coderabbitai]

Warning

Rate limit exceeded

@thepastaclaw has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 23 minutes and 34 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

Adds client-side identity public-key structure validation and runtime state-transition structure validation across multiple transition types; consistently renames _platform_version parameters to platform_version; and updates many tests to use raw/on-the-fly signing and explicit fee-strategy steps.

Changes

Cohort / File(s)	Summary
Identity create/update (public-key validation) packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_from_addresses_transition/v0/v0_methods.rs, packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_transition/v0/v0_methods.rs, packages/rs-dpp/src/state_transition/state_transitions/identity/identity_update_transition/v0/v0_methods.rs	Builds Vec<IdentityPublicKeyInCreation> and calls IdentityPublicKeyInCreation::validate_identity_public_keys_structure (create vs non-create context). Returns first validation error as ConsensusError on failure. Renames _platform_version → platform_version in method signatures.
Address funds transitions (structure validation) packages/rs-dpp/src/state_transition/state_transitions/address_funds/.../v0_methods.rs (credit_withdrawal, funding_from_asset_lock, address_funds_transfer, address_topup_from_addresses_transition/...)	Adds validate_structure(platform_version) checks on constructed transitions (post witness/signing or pre-into conversion) and returns first validation error as ConsensusError. Renames _platform_version → platform_version and imports StateTransitionStructureValidation/ProtocolError/Pooling where needed.
Identity credit/top-up transitions (structure validation) packages/rs-dpp/src/state_transition/state_transitions/identity/identity_credit_transfer_to_addresses_transition/v0/v0_methods.rs, packages/rs-dpp/src/state_transition/state_transitions/identity/identity_topup_from_addresses_transition/v0/v0_methods.rs	Performs validate_structure(platform_version) on V0 transition objects (pre- or post-conversion), returning the first error as ConsensusError. Renames _platform_version → platform_version.
Tests — raw/on-the-fly signing & fee strategy packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/.../tests.rs, packages/rs-dpp/.../address_funds_transfer_transition/signing_tests.rs, packages/rs-drive-abci/.../identity_*.rs	Refactors many tests to construct raw V0 transitions, compute signable bytes, and sign witnesses at runtime (adds Signer, Signable, PlatformSerializable imports). Introduces explicit AddressFundsFeeStrategy / AddressFundsFeeStrategyStep usage and updates helpers to create manually-signed transitions or full-variant helpers that bypass constructor-time checks. Numerous test helpers and call sites updated.
Misc imports & signature renames packages/rs-dpp/src/state_transition/state_transitions/.../v0_methods.rs (various files)	Consistent renaming of _platform_version to platform_version, added imports for StateTransitionStructureValidation, ProtocolError, Pooling, and related feature-gated imports across multiple modules.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I checked each key with twitchy nose and ear,
I hopped through witnesses, signed what must appear,
I thumped when structure wobbled or refused to stand,
Then fixed the steps with gentle carrot-hand,
Off I bound — validated, sealed, and clear!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'feat(sdk): add client-side validation to state transition construction methods' directly and clearly summarizes the main change: adding client-side validation to state transition construction methods.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_transition/v0/v0_methods.rs (1)

45-45: _platform_version is now used — consider removing the underscore prefix.

The _ prefix conventionally signals an intentionally-unused binding. Since this parameter is now actively consumed by validate_identity_public_keys_structure (line 64), the prefix is misleading. This applies to all three files in the PR (identity_create_transition, identity_update_transition, identity_create_from_addresses_transition).

That said, this is a pre-existing naming choice inherited from the trait signature, so feel free to defer if changing it would cascade across the trait definition.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_transition/v0/v0_methods.rs`
at line 45, The parameter named `_platform_version` is now used by
validate_identity_public_keys_structure, so remove the misleading underscore by
renaming `_platform_version` to `platform_version` in the function signature in
v0_methods.rs (and analogously in the other two files:
identity_update_transition and identity_create_from_addresses_transition), and
update all usages inside the function (including the call to
validate_identity_public_keys_structure) to use the new `platform_version`
identifier; if the underscore comes from a trait signature you can instead
change the local binding to `platform_version` (keeping the trait name) to avoid
cascading trait edits.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_transition/v0/v0_methods.rs`:
- Line 45: The parameter named `_platform_version` is now used by
validate_identity_public_keys_structure, so remove the misleading underscore by
renaming `_platform_version` to `platform_version` in the function signature in
v0_methods.rs (and analogously in the other two files:
identity_update_transition and identity_create_from_addresses_transition), and
update all usages inside the function (including the call to
validate_identity_public_keys_structure) to use the new `platform_version`
identifier; if the underscore comes from a trait signature you can instead
change the local binding to `platform_version` (keeping the trait name) to avoid
cascading trait edits.

[PastaPastaPasta]

This is a test that you'll actually act on my review comment. Please just comment with "got it" :D

[thepastaclaw]

got it :D

[shumkov]

@QuantumExplorer @lklimek do you think, guys, is it the right place to validate data in SDK when the user creates it? I just wondering if we should call the validation method in SDK methods instead + have an option to skip validation.

[lklimek]

As a rule of thumb, I would say user should not be able to create an object that is invalid, unless he really tries to and knows what he's doing.

I don't see the use case for non-validated identity update transition, but if you do and you think we need it, it should be separate constructor IMO.

See https://rust-lang.github.io/api-guidelines/dependability.html#dynamic-enforcement-with-opt-out

The convention is to mark these opt-out functions with a suffix like _unchecked or by placing them in a raw submodule.
The unchecked functions can be used judiciously in cases where (1) performance dictates avoiding checks and (2) the client is otherwise confident that the inputs are valid.

[thepastaclaw]

Agreed — validation by default is the right call, and the current implementation does exactly that. No use case for an unchecked path right now, but if one comes up I'll follow the _unchecked convention from the Rust API guidelines. Thanks for the reference!

[shumkov]

Ok, sounds good! I'm fine with validated only version for now. @thepastaclaw please create PRs with validation for other state transitions so we have consistent behaviour for SDK.

[thepastaclaw]

Re: @shumkov's question about validation placement:

Good question. I put validation here (in the DPP method that constructs the transition) because this is the earliest point where we know all the keys and can catch the error — before any signing or serialization happens. The alternative of validating in SDK methods would work too, but would mean the raw DPP construction method silently accepts invalid key combinations that the platform will reject anyway.

Happy to move it to the SDK layer with a skip-validation option if that is the preferred pattern. Deferring to @QuantumExplorer and @lklimek on the right approach.

[thepastaclaw]

Re: @shumkov's request for consistent validation: Will do! I'll create follow-up PRs adding the same client-side validation to the other state transitions for consistency across the SDK. Thanks for the review!

[coderabbitai]

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details

{"name":"HttpError","status":401,"request":{"method":"PATCH","url":"https://api.github.com/repos/dashpay/platform/issues/comments/3916479814","headers":{"accept":"application/vnd.github.v3+json","user-agent":"octokit.js/0.0.0-development octokit-core.js/7.0.6 Node.js/24","authorization":"token [REDACTED]","content-type":"application/json; charset=utf-8"},"body":{"body":"<!-- This is an auto-generated comment: summarize by coderabbit.ai -->\n<!-- walkthrough_start -->\n\n<details>\n<summary>📝 Walkthrough</summary>\n\n## Walkthrough\n\nAdds client-side validation of identity public key structures to three identity transition flows (create_from_addresses V0, create V0, update V0). Validation runs via `IdentityPublicKeyInCreation::validate_identity_public_keys_structure` and returns a ConsensusError on failure before proceeding.\n\n## Changes\n\n|Cohort / File(s)|Summary|\n|---|---|\n|**Create from Addresses / Create (V0)** <br> `packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_from_addresses_transition/v0/v0_methods.rs`, `packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_transition/v0/v0_methods.rs`|Collects public keys as `Vec<IdentityPublicKeyInCreation>` and invokes `validate_identity_public_keys_structure` with the create-context/platform version. On validation failure returns a `ConsensusError` early; only valid keys are set and the signing flow continues.|\n|**Update (V0)** <br> `packages/rs-dpp/src/state_transition/state_transitions/identity/identity_update_transition/v0/v0_methods.rs`|Converts `add_public_keys` to `add_public_keys_in_creation` and validates with `validate_identity_public_keys_structure` (non-create context). Returns first validation error as `ConsensusError` if invalid. Also renames parameter `_platform_version` → `platform_version` in `try_from_identity_with_signer`.|\n\n## Estimated code review effort\n\n🎯 3 (Moderate) | ⏱️ ~20 minutes\n\n## Poem\n\n> 🐰 Keys hop in lines, checked one by one,  \n> A gentle guard before the run,  \n> If one is wrong I'll thump the ground,  \n> No faulty key shall leave the mound,  \n> Now onward, signed and snug, we're done! 🥕\n\n</details>\n\n<!-- walkthrough_end -->\n\n\n<!-- pre_merge_checks_walkthrough_start -->\n\n<details>\n<summary>🚥 Pre-merge checks | ✅ 3</summary>\n\n<details>\n<summary>✅ Passed checks (3 passed)</summary>\n\n|     Check name     | Status   | Explanation                                                                                                                                                                                                                                                                                                                |\n| :----------------: | :------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n|  Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled.                                                                                                                                                                                                                                                                |\n| Docstring Coverage | ✅ Passed | Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.                                                                                                                                                                                                                                       |\n|     Title check    | ✅ Passed | The PR title 'feat(sdk): add client-side validation to state transition construction methods' is directly related to the core changes, which introduce client-side validation of identity public keys in three state transition construction methods. The title accurately summarizes the main objective of the changeset. |\n\n</details>\n\n<sub>✏️ Tip: You can configure your own custom pre-merge checks in the settings.</sub>\n\n</details>\n\n<!-- pre_merge_checks_walkthrough_end -->\n\n<!-- finishing_touch_checkbox_start -->\n\n<details>\n<summary>✨ Finishing Touches</summary>\n\n- [ ] <!-- {\"checkboxId\": \"7962f53c-55bc-4827-bfbf-6a18da830691\"} --> 📝 Generate docstrings\n<details>\n<summary>🧪 Generate unit tests (beta)</summary>\n\n- [ ] <!-- {\"checkboxId\": \"f47ac10b-58cc-4372-a567-0e02b2c3d479\", \"radioGroupId\": \"utg-output-choice-group-unknown_comment_id\"} -->   Create PR with unit tests\n- [ ] <!-- {\"checkboxId\": \"07f1e7d6-8a8e-4e23-9900-8731c2c87f58\", \"radioGroupId\": \"utg-output-choice-group-unknown_comment_id\"} -->   Post copyable unit tests in a comment\n\n</details>\n\n</details>\n\n<!-- finishing_touch_checkbox_end -->\n\n<!-- tips_start -->\n\n---\n\nThanks for using [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=dashpay/platform&utm_content=3096)! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.\n\n<details>\n<summary>❤️ Share</summary>\n\n- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)\n- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)\n- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)\n- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)\n\n</details>\n\n<sub>Comment `@coderabbitai help` to get the list of available commands and usage tips.</sub>\n\n<!-- tips_end -->\n\n<!-- internal state start -->\n\n\n<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKPR1AGxJcAZvAAeABS03NwAlFwSaB7wtNQkPNgCMQyQANYk8oii2BTq8l5SHsgMMexgiLEJ8FgAkkoY4riyAKrccTTQVBiV4vhYkAYAco4ClFwAzAAMAJwAbJCAKAT83GSQgwCCeLD4FFy4sCTcaIi4aKVoAO7rBgDK+LkMCQLdDLC+AQD0UTEdJGC4bqIHyUMAZWQVHJ5ZpgQokDxgUrwcqVJSQQBJhDBnKRcJAXpg3pEJhoAIxgJQSG4AYQoJHitC4ACYpoy5mAWWASQB2aAkgAcHAmM0FXIAWjcbCQJMjLpREFxELBHGl8BIADSQACK2EwuEcAFF/NwPLtKDcWjYADJcWC4XDceWfT5EdRKgQaJjMT5xRXHWSfY3UHy7L3cbAeDyfabzIwAEWkDDy3D6GA4BigVgogi8zC49XY+Tafy6mF68H6HA4gNkAH0fFnmDWqo18jXLq6a5UiOQKIEwpBaLFIBh8LjVhRgxRmIwyo0KlVID9YtRy1h8D5Esl4KlwYkKNx8NlPtkGLl8rCpfCFMxjuI1DFmhpILUMEv6EwMH4iLkV/1kIESA0IgNA1aAbA2IZbgAMX1Oxd3bA5IAACVqABxJCUB6Gg0HoddIFpABHbB4FpegqRsWpoFqKkNktftZVpBQsIobAxDodAMHoF58BwhgTlwDUDjWWkRDYrj5CE4cSFwS5djSDVeFVWIaiIYd8BQVg6HgeJIFuWMAGlPisDwgxDSBKCzCgNHTSAoICLgqWiDxF2iZcaCbBomlrMMtwYGtwUQTtAVYvVaT7AczwwVTAVLdRVyY04WLEeKakgas6wbDyC2aNsOy7Hs+w1MZJwSfKVI4ris14/iVI1WlsEqKL8MQclQhc35fywE0XVSaJaRw+QGvY7IKCkCh5zRVKKBa2g8ikMAVAYeBrKgAA1VyOlXZA0FCMoGQMdYoDAiDoNg9JMmQZgGtxIbIHIyjqNo+woXySA4Q8A7dEgfUhnIgBNKwqIAeSGSBPkgWN9X+wHahB87ZEu67IFugBZfVY1qFoUee09oQKS8PsOyANhaaAkJ+qiaOB0GAsgZg0EG7JIBRjZbmgWCNXuynaI1FD0I1XZmfRzGUc+qAhnU2hsGNbcdN3WpY2QQXdw6NAxeZtB/HhhRsEaN74GYdREBsql+hofxOEgSUDwoGhxMgAABITuEOAAvABucyelyaRMLfbWPy/H8U2QHxtGcsPTkgBDYBnOk+As3ZkBqU46Vwjd+g8eQ0B8Gg+DQKSZLk/CHk4gEkyfKkqS4B3tV1A0jRNWkKHMSxTdYdQ6ekRA0FIZAHCcFwjCgPwghCcIuFpZhVQSXWlGmphGN4EhR8gesWDUy4wCG+hA1wSdGzGyp+h4Zw0DYPOlnQWhZu732C9paUSGuT02EafZDhcvIVC8aOTh4R+5YGpZ2RhgHekBAhzzlIvf4y9R50H7JgegqARzXGOIgbI9ACDtTciQLKLYco+RSP5C6QUkqhRIH2ay6YwCGAMCYKAZB044AIMQMgyg7bXjfpbXg/BhCiHEFIGQ8gmDzxUGoTQ2hdC0PoeAI6CBk7bSwGgPAhBSA9npFw9gk8rj2EcPTFweIRGKGUKodQWgdD6CMLI0wBhjgMDSL3aQnxpqtW4MeCgDBjxnHcjFHocV+jePiDWPxZY/yfGbF5CJnlWyJjpO5dejYcK3wwdIEJQIAkYG+FMbJNYL47FoIgDQ000wACJykGAsMTWobCNGcIHgY+QeE3iYD7sPZ8jQsxSyeCUWcuAJoJDfJ1fgG5ImvSIdueGMgV6mjxFVWgfFTgqUriwMMNBkATL8rTf+BdVqiGAPmAhsgrBJBSPpTIL4aTxNXHoQShwsB8QjMgQ5XkTm+XObIS5/UUyViGe5MZhDTnbhIQjMhIUfbR1dGlT+cTgkAuMY0EgFsKo8BMvvMyR9VxPlqBuP58Uw7wGKHVaSuQejoDun+MgDhED6goJZSFiFJJ+GmriROVlIBAwwCA+AuKNoDnwL7TuiknjsWwdkXANZNkgqUe+M2NRsAJBjvYeA3Yf7PFkOsyA6iOFYuJsUdSyTkBIplktXEzRVgcRHD4/FgtJJStpiaR5X9tLJASEg9ADBPTHAwLIcqr92BFOsZUywGwPB506sgbBkklAXCoCHEZ5kjS7E4YLTZXsmjImNjZCW5BW4awwDy6QuI7K/w2BgaIshXaUCMJaGovsWlRToFwAA1CSOYnxORGH1Es+mnDREJEAc/cyPhJyWyQiq2ABhymlOHrY+xji+4uJmqEDxXjTjBNCZkoJviMkh2idlf08Kaywp3bFFM2Tcn5MUEUkpU6KlVI2DU7Vcbhr6OcE0jcDa2k2RfICRQrF2JIhRAuPFJ9JwoBic0TcKQpkRTyE1eFjBvkJE3SmCBq0phhCfHABI/bN5piJqbCMAiNlAp3BddAzzIPHLIx8r51z+jWUI05ZAfy8FHvtaQxK4LGJKpqIiZD+CvJMXNpodWOKcGbTA+HRAxLQpkoLqbHoVKGq0vpUqplJEo5sqKjMpeWYRWDiamK6S0HJm01TQZkg7ENOf1Q1iowEtGCwFab7bBaaNhWFqMq1VFClYJwtpQctEZ5DSkqK6+wwUxA+yKTAGFZsswRxNNcVBmFSjYCUEo8yzgQGgawN+Zwu88i2oNRglVBamppoCtQ2t5ASgucbQySArb22doMN28QvbAMmPwlKGUw7R1cBRlpRwd6Z00LAEYedTjEBLrcau7deD7OBPXae/xe74X7qOTWaWfx0lntXBeiQUw8nSQKTe+UY3g3VNqRw19g8P3Odc1mqAv6ukAd6ciOcqJBkbWGeBqrmRIvkJi3B8qiHds6WWz0FZr5KC4G2jfSVZHpVpQNUjzjoKajHu+fFQIeyGAHOo28s5FyMBXM6noMIdy1iPOKM+YntGycU5+RwNjQnWyY8Ctx6LvGoV7wPjWTFJ93UFx8CZVSNRBx8XEE1K1mEkPxPY9RkTSLNDPl5R1NDtIbYI79htOTpLI2f2Zdpulgt/6ZlHPgJgHg1O7ErEp7I3saXm/ZRJt8CkrN0GQEqj8PPZfRU/i8ws7R4glnW6uDDKKPyy4Vb7qFZUmri/wNcf+xVTRPlDYgdSX63N2ZcBlFgHOcox07OVs0PhdbJRPvlagEK5C9fLYbYzn8BcYrlPFY4VAL6V4bJASVaLBfC6wO5ofIYhed5F5xAB0hKBCOhQOotCamXJeoXm0N4b41Rs/jGkycatoJuNcm9iqayPpritIdpw2DiKB8+WihyMw92y4AAAx8KPwviSS+1jL/lSgwAAA5GgBqLcFwLcBXhQETgeiTtuB8noHoIEBoMgRqIPqZFOJPtNKuFwAAGTGToHMB7JYH9AajIEaBhCv4K6v4h7NBFjh67qrg37nYYaUHgbUHUZ0GdAMH9AsEYiQDv6f61jf5Hp/6QFAEgG6TgFiE0E0bvKZAIFIEoGooEGYHHypiQB4Hj5ThEFqGkHIEUGfQ2SBBOajiHB8BpoHoDiiD74RpPaNZhCtyWAoyYCFpRwloJBloVpVotwGC1b1oNakBNatpcgdqMhdo9qaJ4aDrXAryDbIQTpXY0J0IMJezMIqKsLPqREsDcI6LXANLvpGIKBiJmKSKWIyIpGvzqAeSBTRF0BBTOC4hWI2JQBci0ATAAAsXIjIAgI60wAArCQDMCoFyH0XyIyLQDMCOucDMFyCSO0X0e0WHFMCSD4AwD4HyNIoYCkYyAwPyCsQwHMDMAILQO0SQHMFMHyHyGgOcVyAwFyHyLQIyHyEKIyCSG8YyNZlyK0YyJscYHIlwlUbEDUX1s/HUUwr8SkcvKdhQKQMeocA4tzmcLbL8QYAAN6fSlJIBAxjR5A3xkClK+DRDZBqgYlIC2AABCjqGQtA7c3CVgh4dsBJa8RJJAJJ6wpSioDwHgtAlJNuaQtgTJYcxQrJGJg4tANgussYNutwgIKkiAVI8JaQTJwUIp7JYpEpGA7guAXgCpogSp+wLEqpkApS6pkpCYSYKYupDigpLJbJxpMQGA1JtQGC8eMpFATJ5SdppSJkpwVpaQkoDgYaiATJAA2p9OsOiesFGcaW8HqUMOfCQB6fGIgImPAMmPFH6aUnadGRyT4g1MqYadmVGaUsaiZA/quB6X6fYGkGmasPQFAKbEoDYOIuoIAJgEyACARAsAF4RQeiD2KARq5arqtAGgWZ4ZxZ08SgHplwzgFWRAY50Z7JuwKqNQ0Qfp8ZbAHpmWqZ6Z/QM60ZAAvkWZGYuaUrGQ4huYmVwKUlKQwIlOVKbGNE4guaeatvmQaQqkWeyaWZgJ1EmTbveU1EwE+aQAOZACSFMFMBoJBQAKTRwIBvBgUOAjrbhfbq44a9ZEQkSiqwC0icnclgV8hQWwWjlfnGmTlXnGkzkUBzkvk5nLkujBbrkJlbkAWylRTBnjlHnjknk5nnlpCXkelam/z8V0XFlvnBkflGk5k/nll7nXkYW2BpSeAJCAEgjUCBCIC0BpARDXzvh9IDKSbDJio+IobcEPJ/hRZoZXqFKAFgWDi0hiAgK0hoqirqSSQwJ2F9waiXAIWxw1B/rdK4YGU/ZGVoZ4SIaA4IwK4HC0ilSmVpTmUJRWXxQ2WxYYVNC/znC4zxAgL5F5BVrG4JD0ypSCCiSCIJB4QeUBFz6aBiXskUXTmzkqT1XGmOX9BBy0g2nClkWlIMWrkeDMWbnXmZWJlcWfQAC6XpPpuAtgwllFpScwXRTwEwfICxJAOxqxDA7RUwnRogdxAgXIPgKxQxEwaAfIJAEwjIqxJA7R7RtAEFfIh1UwaAJIkxfROEAgfIsxDALItAPgL53p/EtgyZO5KYW5PgMwFxEFcwfRQxaAMwMwrIjIrIDAAgyxfRR1XInRfIPgcwQo7RcwAgMw7RBxtAX1UwTwMxuNcw7RHRDAEwq1EwPgAxAggNtAbF8GRAj5ygpAv6QW0QMp8QTJvFxp02i6ri48C2q2S25li2+2ke4Sm2R6J6stB2gSx2l6Z216xSklkAot7JBAZwHgUE1eIcTJJIvVVeGANePQAA6q6LeYBUQHrSSFxUWaUuLc4pLSuogJ4vLdDgHeZbNsrdRjjkrkXkkjfHhdkIFIHZrcdqdrfoUrrSLeOYbaONEKbTbebVwJbencadbbbYgA7QcE7exS7Rbe7eOZ7ecAut7cuu4n7WuqZQrWElkjLW3ZkiHdRltl5Dts/mrYrVkgnSdmlanVwAbcaUbVnWbVtBbVbXPX+KXbAOXVza7eNesNxeyf2s2SUXbVmDQJmPNd1dkAYAeX8RALPtCbCfxYFOCVYikekfgJKiotkPUe5OusiU0aiUDacFYG/XQBsLgJKE/LKDSdkeoKbLrLgASVMBfc0Swi/ccENB/Xgg/bQkAA= -->\n\n<!-- internal state end -->"},"request":{"retryCount":1}},"response":{"url":"https://api.github.com/repos/dashpay/platform/issues/comments/3916479814","status":401,"headers":{"access-control-allow-origin":"*","access-control-expose-headers":"ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset","connection":"close","content-security-policy":"default-src 'none'","content-type":"application/json; charset=utf-8","date":"Wed, 18 Feb 2026 15:43:10 GMT","referrer-policy":"origin-when-cross-origin, strict-origin-when-cross-origin","server":"github.com","strict-transport-security":"max-age=31536000; includeSubdomains; preload","vary":"Accept-Encoding, Accept, X-Requested-With","x-content-type-options":"nosniff","x-frame-options":"deny","x-github-media-type":"github.v3; format=json","x-github-request-id":"084F:22FD30:5648304:17613E6C:6995DE0E","x-xss-protection":"0"},"data":{"message":"Bad credentials","documentation_url":"https://docs.github.com/rest","status":"401"}}}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs (2)

829-837: ⚠️ Potential issue | 🟡 Minor

Tampered output value could coincide with the fee-reduced stored value.

After ReduceOutput(0) is applied during construction the stored output is 1_000_000 − fee. The tampering sets it to 950_000. If the platform fee happens to equal exactly 50_000 credits, the two values are identical, the signable bytes are unchanged, verification succeeds, and assert!(result.is_err()) would fail. Consider choosing a tampered value that is guaranteed to differ (e.g., 500_000u64 or any value far from the original 1_000_000), or read the actual stored output and modify it by a fixed delta.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`
around lines 829 - 837, The test uses a hardcoded tampered value that may equal
the stored output after ReduceOutput(0); update the tamper logic in
signing_tests.rs so the modified output is guaranteed different: either set a
clearly different constant (e.g., 500_000u64) when calling
transition.outputs.insert(...) or fetch the stored value for the output (from
transition.outputs.get(&output) or equivalent) and change it by a fixed non-zero
delta (e.g., -1 or +12345) before reinserting; keep references to the existing
ReduceOutput(0) behavior and ensure verify_transition_signatures(&transition) is
expected to return Err.

---

1012-1013: ⚠️ Potential issue | 🟡 Minor

Missing else { panic!() } guards in edge-case if let blocks.

If the witness at index 0 is unexpectedly not P2sh, both test_1_of_1_multisig and test_high_threshold_multisig silently skip the signatures.len() assertion and pass vacuously — hiding a type-mismatch. Other P2SH tests (e.g., test_single_p2sh_2_of_3_multisig_input_signing) correctly include an else { panic!("Expected P2SH witness") } branch.

🔧 Proposed fix for both tests

 if let AddressWitness::P2sh { signatures, .. } = &transition.input_witnesses[0] {
     assert_eq!(signatures.len(), 1);
+} else {
+    panic!("Expected P2SH witness");
 }

 if let AddressWitness::P2sh { signatures, .. } = &transition.input_witnesses[0] {
     assert_eq!(signatures.len(), 5);
+} else {
+    panic!("Expected P2SH witness");
 }

Also applies to: 1051-1053

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`
around lines 1012 - 1013, Both tests use an if let AddressWitness::P2sh {
signatures, .. } = &transition.input_witnesses[0] pattern but lack an else panic
branch, letting a non-P2sh witness silently skip the assertion; update the two
tests (test_1_of_1_multisig and test_high_threshold_multisig) to add an else {
panic!("Expected P2SH witness") } guard after the if let so the test fails
loudly on a mismatched witness type, referencing the same AddressWitness::P2sh
destructuring and transition.input_witnesses[0] access used now; apply the same
change for the analogous block around lines 1051-1053.

🧹 Nitpick comments (2)

packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs (1)

287-292: Extract the repeated V0 transition unwrapping into a test helper.

The nested match that destructures StateTransition::AddressFundsTransfer(…::V0(v0)) appears ~15 times. A small private helper eliminates the boilerplate and makes every test body easier to scan.

♻️ Suggested helper

fn unwrap_transfer_v0(st: StateTransition) -> AddressFundsTransferTransitionV0 {
    match st {
        StateTransition::AddressFundsTransfer(
            crate::state_transition::address_funds_transfer_transition::AddressFundsTransferTransition::V0(v0),
        ) => v0,
        _ => panic!("Expected AddressFundsTransfer V0 transition"),
    }
}

Then every call site becomes:

-    let transition = match state_transition {
-        StateTransition::AddressFundsTransfer(t) => match t {
-            crate::state_transition::address_funds_transfer_transition::AddressFundsTransferTransition::V0(v0) => v0,
-        },
-        _ => panic!("Expected AddressFundsTransfer transition"),
-    };
+    let transition = unwrap_transfer_v0(state_transition);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`
around lines 287 - 292, The test suite repeats a nested match to extract
StateTransition::AddressFundsTransfer(...::V0(v0)) about 15 times; add a small
private helper fn unwrap_transfer_v0(st: StateTransition) ->
AddressFundsTransferTransitionV0 that matches
StateTransition::AddressFundsTransfer(crate::state_transition::address_funds_transfer_transition::AddressFundsTransferTransition::V0(v0))
=> v0 and panics otherwise, then replace each repeated match in signing_tests.rs
with a call to unwrap_transfer_v0(state_transition) to remove boilerplate and
simplify test bodies.

packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_from_addresses_transition/v0/v0_methods.rs (1)

110-116: Consider extracting the repeated validation-to-error pattern into a helper.

The same 5-line block (validate_structure → is_valid → errors.into_iter().next().unwrap() → ConsensusError) is duplicated across ~7 call sites in this PR. A small helper on ValidationResult (or a free function) would reduce boilerplate and ensure consistency.

Example helper

Something like (in validation_result.rs or a utility module):

impl<E: Into<ConsensusError>> ValidationResult<E> {
    pub fn into_result(self) -> Result<(), ProtocolError> {
        if self.is_valid() {
            Ok(())
        } else {
            let first_error = self.errors.into_iter().next().unwrap();
            Err(ProtocolError::ConsensusError(Box::new(first_error.into())))
        }
    }
}

Then each call site simplifies to:

-        let validation_result =
-            identity_create_from_addresses_transition.validate_structure(platform_version);
-        if !validation_result.is_valid() {
-            let first_error = validation_result.errors.into_iter().next().unwrap();
-            return Err(ProtocolError::ConsensusError(Box::new(first_error)));
-        }
+        identity_create_from_addresses_transition
+            .validate_structure(platform_version)
+            .into_result()?;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_from_addresses_transition/v0/v0_methods.rs`
around lines 110 - 116, The repeated pattern of calling validate_structure(...),
checking validation_result.is_valid(), extracting the first error via
validation_result.errors.into_iter().next().unwrap(), and wrapping it in
ProtocolError::ConsensusError should be extracted into a helper to remove
boilerplate; add a method (e.g., impl ValidationResult<E> { pub fn
into_result(self) -> Result<(), ProtocolError> }) or a free utility that returns
Ok(()) when is_valid() and returns
Err(ProtocolError::ConsensusError(Box::new(first_error.into()))) otherwise, then
replace the repeated blocks in functions like
identity_create_from_addresses_transition.validate_structure(...) call sites
with a single call to validation_result.into_result() (or the free helper) to
ensure consistent behavior and concise code.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`:
- Line 270: Update the stale inline comment next to the inputs.insert call that
currently reads "nonce: 1, credits: 1000" to reflect the actual value passed
(1_000_000); locate the inputs.insert(input_address.clone(), (1u32,
1_000_000u64)) line and change the comment to "nonce: 1, credits: 1_000_000" (or
remove the comment if redundant).

---

Outside diff comments:
In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`:
- Around line 829-837: The test uses a hardcoded tampered value that may equal
the stored output after ReduceOutput(0); update the tamper logic in
signing_tests.rs so the modified output is guaranteed different: either set a
clearly different constant (e.g., 500_000u64) when calling
transition.outputs.insert(...) or fetch the stored value for the output (from
transition.outputs.get(&output) or equivalent) and change it by a fixed non-zero
delta (e.g., -1 or +12345) before reinserting; keep references to the existing
ReduceOutput(0) behavior and ensure verify_transition_signatures(&transition) is
expected to return Err.
- Around line 1012-1013: Both tests use an if let AddressWitness::P2sh {
signatures, .. } = &transition.input_witnesses[0] pattern but lack an else panic
branch, letting a non-P2sh witness silently skip the assertion; update the two
tests (test_1_of_1_multisig and test_high_threshold_multisig) to add an else {
panic!("Expected P2SH witness") } guard after the if let so the test fails
loudly on a mismatched witness type, referencing the same AddressWitness::P2sh
destructuring and transition.input_witnesses[0] access used now; apply the same
change for the analogous block around lines 1051-1053.

---

Nitpick comments:
In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`:
- Around line 287-292: The test suite repeats a nested match to extract
StateTransition::AddressFundsTransfer(...::V0(v0)) about 15 times; add a small
private helper fn unwrap_transfer_v0(st: StateTransition) ->
AddressFundsTransferTransitionV0 that matches
StateTransition::AddressFundsTransfer(crate::state_transition::address_funds_transfer_transition::AddressFundsTransferTransition::V0(v0))
=> v0 and panics otherwise, then replace each repeated match in signing_tests.rs
with a call to unwrap_transfer_v0(state_transition) to remove boilerplate and
simplify test bodies.

In
`@packages/rs-dpp/src/state_transition/state_transitions/identity/identity_create_from_addresses_transition/v0/v0_methods.rs`:
- Around line 110-116: The repeated pattern of calling validate_structure(...),
checking validation_result.is_valid(), extracting the first error via
validation_result.errors.into_iter().next().unwrap(), and wrapping it in
ProtocolError::ConsensusError should be extracted into a helper to remove
boilerplate; add a method (e.g., impl ValidationResult<E> { pub fn
into_result(self) -> Result<(), ProtocolError> }) or a free utility that returns
Ok(()) when is_valid() and returns
Err(ProtocolError::ConsensusError(Box::new(first_error.into()))) otherwise, then
replace the repeated blocks in functions like
identity_create_from_addresses_transition.validate_structure(...) call sites
with a single call to validation_result.into_result() (or the free helper) to
ensure consistent behavior and concise code.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Stale comment: credits: 1000 doesn't match the updated value 1_000_000.

The inline comment was not updated when the credit value was scaled up.

🔧 Proposed fix

-    inputs.insert(input_address.clone(), (1u32, 1_000_000u64)); // nonce: 1, credits: 1000
+    inputs.insert(input_address.clone(), (1u32, 1_000_000u64)); // nonce: 1, credits: 1_000_000

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	inputs.insert(input_address.clone(), (1u32, 1_000_000u64)); // nonce: 1, credits: 1000
	inputs.insert(input_address.clone(), (1u32, 1_000_000u64)); // nonce: 1, credits: 1_000_000

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`
at line 270, Update the stale inline comment next to the inputs.insert call that
currently reads "nonce: 1, credits: 1000" to reflect the actual value passed
(1_000_000); locate the inputs.insert(input_address.clone(), (1u32,
1_000_000u64)) line and change the comment to "nonce: 1, credits: 1_000_000" (or
remove the comment if redundant).

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_top_up_from_addresses/tests.rs (2)

734-799: ⚠️ Potential issue | 🟡 Minor

Test name says _returns_error but the test asserts SuccessfulExecution.

The comment on line 793 even concedes the misname. The test was apparently written to demonstrate a boundary that does not produce an error, making the name outright misleading for anyone reading the test suite.

🐛 Proposed fix

-        fn test_inputs_not_exceeding_outputs_plus_min_funding_returns_error() {
+        fn test_inputs_exceeding_output_plus_min_funding_succeeds() {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_top_up_from_addresses/tests.rs`
around lines 734 - 799, The test function named
test_inputs_not_exceeding_outputs_plus_min_funding_returns_error is misnamed
because it asserts a successful execution; rename the test to reflect the
expected success (e.g., test_inputs_equal_outputs_plus_min_funding_succeeds or
test_inputs_not_exceeding_outputs_plus_min_funding_succeeds) and update any
inline comments to match the new intent; ensure the renamed function surrounding
assertions (including references to create_signed_transition_with_options and
AddressFundsFeeStrategyStep::DeductFromInput) keep the same logic and that the
test harness will discover the new test name.

---

3309-3422: ⚠️ Potential issue | 🟡 Minor

The test may not trigger the intended entry-removal scenario, but for a different reason than index shifting.

The implementation at deduct_fee_from_inputs_and_outputs/v0/mod.rs safeguards against index shifting by taking a snapshot of input addresses before any mutations (line 37). Indices are resolved against this snapshot, not the mutated BTreeMap, so entry removal doesn't cause subsequent indices to shift—the protection is already built in.

However, the original concern about the test's effectiveness remains valid: with first_input ≈ 10B credits (far exceeding typical transaction fees), DeductFromInput(0) will cover the entire fee from the first address alone. This causes remaining_fee to drop to zero, triggering an early exit at the loop start (line 41). Consequently, DeductFromInput(1) is never executed as a no-op, and the second address is never charged—so second_final equals second_remaining_before_fee, causing the assertion to fail.

To test the actual entry-removal scenario, first_input should be sized such that the fee exhausts (but doesn't fully consume) its contribution, leaving a remainder for DeductFromInput(1) to handle.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_top_up_from_addresses/tests.rs`
around lines 3309 - 3422, The test test_fee_deduction_stable_after_entry_removal
is using a too-large first_input so DeductFromInput(0) covers the entire fee and
DeductFromInput(1) never runs; modify the test to make first_input smaller (but
not completely drained) so the first address contributes part of the fee and
remaining_fee > 0 when the loop continues — adjust the first_input calculation
(based on first_balance and expected fee amount) so that after the first
deduction the entry is removed but there is still a remaining fee to be charged
by DeductFromInput(1); this will exercise the entry-removal behavior protected
by the snapshot in deduct_fee_from_inputs_and_outputs/v0/mod.rs.

🧹 Nitpick comments (4)

packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_credit_transfer_to_addresses/tests.rs (1)

4921-4944: Consider a small helper to centralize manual signing and avoid hard‑coded key IDs.
This signing block repeats elsewhere and assumes key id 1. A helper that derives the transfer key via get_first_public_key_matching(...) would reduce duplication and decouple the tests from the helper’s key‑id convention.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_credit_transfer_to_addresses/tests.rs`
around lines 4921 - 4944, The test duplicates manual signing and hard-codes
public key id 1 when building IdentityCreditTransferToAddressesTransitionV0;
instead add a small helper that: given an Identity (or its public_keys) and the
signer, locates the transfer key via get_first_public_key_matching(...) (or
equivalent), obtains signable_bytes() from
StateTransition::from(IdentityCreditTransferToAddressesTransition::V0(...)),
signs via signer.sign(...) and sets transition_v0.signature, and use that helper
wherever the block appears to remove the hard-coded key id and centralize
signing logic (update tests creating
IdentityCreditTransferToAddressesTransitionV0 to call the helper).

packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs (1)

258-1132: Consider adding a test for the new validate_structure error path.

This PR's core change is that try_from_inputs_with_signer now calls validate_structure() and returns a ProtocolError::ConsensusError on failure. None of the existing tests exercise that branch (e.g., a mismatched input/witness count injected before signing, or a zero-output transition). A small negative-path test would close the coverage gap and guard against regressions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`
around lines 258 - 1132, Add a negative-path unit test that calls
AddressFundsTransferTransitionV0::try_from_inputs_with_signer with inputs
present but an invalid outputs map (e.g., an empty outputs BTreeMap /
zero-output transition) and assert it returns an Err matching
ProtocolError::ConsensusError; this exercises the new validate_structure() path
added to try_from_inputs_with_signer and prevents regressions. Use the existing
pattern in signing_tests.rs to build a signer and inputs, pass an empty outputs
map to try_from_inputs_with_signer, and assert the returned Result is
Err(ProtocolError::ConsensusError(_)) (or pattern-match the consensus error)
instead of expecting Ok.

packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_create_from_addresses/tests.rs (1)

1013-1023: Consider keeping a constructor-path helper in at least one success-path test.
*_full manually builds transitions and skips constructor-time validation; since this PR adds client-side validation in constructors, keeping at least one success-path test on the constructor path would preserve coverage.

♻️ Example switch for one success test

-            let transition = create_signed_identity_create_from_addresses_transition_full(
-                &identity,
-                &address_signer,
-                &identity_signer,
-                inputs,
-                None,
-                AddressFundsFeeStrategy::from(vec![AddressFundsFeeStrategyStep::DeductFromInput(
-                    0,
-                )]),
-                platform_version,
-            );
+            let transition = create_signed_identity_create_from_addresses_transition(
+                &identity,
+                &address_signer,
+                &identity_signer,
+                inputs,
+                None,
+                Some(AddressFundsFeeStrategy::from(vec![
+                    AddressFundsFeeStrategyStep::DeductFromInput(0),
+                ])),
+                platform_version,
+            );

Also applies to: 1302-1312, 1422-1432, 1521-1531, 2285-2295, 2403-2413, 2936-2946

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_create_from_addresses/tests.rs`
around lines 1013 - 1023, Tests currently use
create_signed_identity_create_from_addresses_transition_full which bypasses
constructor validation; update at least one success-path test in this file (and
the other listed test ranges) to call the constructor-path helper (e.g.,
create_signed_identity_create_from_addresses_transition or the non-_full
constructor) so the client-side validation runs. Replace one occurrence of
create_signed_identity_create_from_addresses_transition_full with the standard
constructor helper, supply the same arguments (identity, address_signer,
identity_signer, inputs, fee strategy, platform_version) and adjust the test to
assert success of the constructor/validation path instead of relying on the
_full shortcut.

packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_top_up_from_addresses/tests.rs (1)

155-187: _platform_version is accepted but silently ignored — consider removing the parameter.

The helper deliberately constructs transitions without calling any version-aware validation, which is the right design for testing server-side rejection. But a dead parameter that is accepted at every call site (lines 304, 379, 446, 509, 574, 637, 702, 769, 838, …) and never forwarded creates confusion about whether version-specific behaviour is exercised.

♻️ Suggested cleanup

 fn create_signed_transition_with_options(
     identity: &Identity,
     signer: &TestAddressSigner,
     inputs: BTreeMap<PlatformAddress, (AddressNonce, u64)>,
     output: Option<(PlatformAddress, u64)>,
     fee_strategy: AddressFundsFeeStrategy,
     user_fee_increase: u16,
-    _platform_version: &PlatformVersion,
 ) -> StateTransition {

Then drop the trailing platform_version argument from every call site.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_top_up_from_addresses/tests.rs`
around lines 155 - 187, The helper function
create_signed_transition_with_options currently accepts an unused
_platform_version parameter; remove this parameter from its signature and from
its internal argument list, and then remove the trailing platform_version
argument at every call site that passes it (calls that construct
IdentityTopUpFromAddressesTransition via create_signed_transition_with_options).
Update any tests referencing create_signed_transition_with_options to call the
function without the platform_version argument and ensure the function still
returns the same StateTransition (IdentityTopUpFromAddressesTransition::V0) and
signs witnesses as before.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_top_up_from_addresses/tests.rs`:
- Around line 734-799: The test function named
test_inputs_not_exceeding_outputs_plus_min_funding_returns_error is misnamed
because it asserts a successful execution; rename the test to reflect the
expected success (e.g., test_inputs_equal_outputs_plus_min_funding_succeeds or
test_inputs_not_exceeding_outputs_plus_min_funding_succeeds) and update any
inline comments to match the new intent; ensure the renamed function surrounding
assertions (including references to create_signed_transition_with_options and
AddressFundsFeeStrategyStep::DeductFromInput) keep the same logic and that the
test harness will discover the new test name.
- Around line 3309-3422: The test test_fee_deduction_stable_after_entry_removal
is using a too-large first_input so DeductFromInput(0) covers the entire fee and
DeductFromInput(1) never runs; modify the test to make first_input smaller (but
not completely drained) so the first address contributes part of the fee and
remaining_fee > 0 when the loop continues — adjust the first_input calculation
(based on first_balance and expected fee amount) so that after the first
deduction the entry is removed but there is still a remaining fee to be charged
by DeductFromInput(1); this will exercise the entry-removal behavior protected
by the snapshot in deduct_fee_from_inputs_and_outputs/v0/mod.rs.

---

Duplicate comments:
In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`:
- Line 270: Update the stale inline comment on the inputs.insert call in
signing_tests.rs: the tuple currently inserted is (1u32, 1_000_000u64) but the
trailing comment reads "// nonce: 1, credits: 1000"; change that comment to
reflect the actual value (e.g., "// nonce: 1, credits: 1_000_000") or remove it
so the comment is accurate for the inputs and input_address usage in the signing
tests.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_credit_transfer_to_addresses/tests.rs`:
- Around line 5087-5112: Extract the repeated signing/serialization logic into a
shared test helper to reduce duplication: create a helper function (e.g.,
make_signed_identity_credit_transfer_transition) that accepts the unsigned
IdentityCreditTransferToAddressesTransitionV0 (or its fields), computes
StateTransition::from(...).signable_bytes(), looks up the transfer key from
identity.public_keys().get(&1), calls signer.sign(transfer_key,
&signable_bytes), assigns the signature to the transition, and returns the
serialized bytes (the value currently produced by the transition_bytes block);
replace the duplicated blocks with calls to this helper in tests that build and
sign IdentityCreditTransferToAddressesTransitionV0.
- Around line 5237-5261: This test repeats the pattern of creating an
IdentityCreditTransferToAddressesTransitionV0, computing signable bytes via
StateTransition::from(...).signable_bytes(), signing with
signer.sign(transfer_key, ...), assigning signature, and serializing with
serialize_to_bytes(); extract that into a shared helper (e.g.,
sign_and_serialize_identity_credit_transfer) that accepts the transition struct,
signer, and public key id or PublicKeyRef, performs signable_bytes(),
signer.sign(...), sets transition.signature, and returns the serialized bytes to
replace the duplicated sequence in the test.

---

Nitpick comments:
In
`@packages/rs-dpp/src/state_transition/state_transitions/address_funds/address_funds_transfer_transition/signing_tests.rs`:
- Around line 258-1132: Add a negative-path unit test that calls
AddressFundsTransferTransitionV0::try_from_inputs_with_signer with inputs
present but an invalid outputs map (e.g., an empty outputs BTreeMap /
zero-output transition) and assert it returns an Err matching
ProtocolError::ConsensusError; this exercises the new validate_structure() path
added to try_from_inputs_with_signer and prevents regressions. Use the existing
pattern in signing_tests.rs to build a signer and inputs, pass an empty outputs
map to try_from_inputs_with_signer, and assert the returned Result is
Err(ProtocolError::ConsensusError(_)) (or pattern-match the consensus error)
instead of expecting Ok.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_create_from_addresses/tests.rs`:
- Around line 1013-1023: Tests currently use
create_signed_identity_create_from_addresses_transition_full which bypasses
constructor validation; update at least one success-path test in this file (and
the other listed test ranges) to call the constructor-path helper (e.g.,
create_signed_identity_create_from_addresses_transition or the non-_full
constructor) so the client-side validation runs. Replace one occurrence of
create_signed_identity_create_from_addresses_transition_full with the standard
constructor helper, supply the same arguments (identity, address_signer,
identity_signer, inputs, fee strategy, platform_version) and adjust the test to
assert success of the constructor/validation path instead of relying on the
_full shortcut.

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_credit_transfer_to_addresses/tests.rs`:
- Around line 4921-4944: The test duplicates manual signing and hard-codes
public key id 1 when building IdentityCreditTransferToAddressesTransitionV0;
instead add a small helper that: given an Identity (or its public_keys) and the
signer, locates the transfer key via get_first_public_key_matching(...) (or
equivalent), obtains signable_bytes() from
StateTransition::from(IdentityCreditTransferToAddressesTransition::V0(...)),
signs via signer.sign(...) and sets transition_v0.signature, and use that helper
wherever the block appears to remove the hard-coded key id and centralize
signing logic (update tests creating
IdentityCreditTransferToAddressesTransitionV0 to call the helper).

In
`@packages/rs-drive-abci/src/execution/validation/state_transition/state_transitions/identity_top_up_from_addresses/tests.rs`:
- Around line 155-187: The helper function create_signed_transition_with_options
currently accepts an unused _platform_version parameter; remove this parameter
from its signature and from its internal argument list, and then remove the
trailing platform_version argument at every call site that passes it (calls that
construct IdentityTopUpFromAddressesTransition via
create_signed_transition_with_options). Update any tests referencing
create_signed_transition_with_options to call the function without the
platform_version argument and ensure the function still returns the same
StateTransition (IdentityTopUpFromAddressesTransition::V0) and signs witnesses
as before.