Feature/on chain permissions

[mattdean-digicatapult]

Pull Request

Checklist

• Have you read Digital Catapult's Code of Conduct?
• I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have made corresponding changes to the documentation.
• My changes generate no new warnings.
• I have added tests that prove my fix is effective or that my feature works.
• New and existing unit tests pass locally with my changes.

PR Type

Please delete options that are irrelevant.

• Bug Fix
• Chore
• Feature
• Documentation Update
• Code style update (formatting, local variables)
• Breaking Change (fix or feature that would cause existing functionality to change)

Linked tickets

High level description

Detailed description

Describe alternatives you've considered

Operational impact

Additional context

[Copilot]

Pull Request Overview

This PR implements on-chain permissions functionality by adding a permission system that controls access to demand creation and match proposal operations. The changes introduce permission tokens that are checked before users can perform certain blockchain operations.

• Adds a new Permission token type and related database schema to track user permissions for different scopes (member_a, member_b, optimiser)
• Updates demand creation and match proposal processes to require valid on-chain permissions
• Modifies the payload structure to use references instead of consuming tokens directly in certain operations

Reviewed Changes

Copilot reviewed 31 out of 32 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
test/seeds/offchainSeeds/*.ts	Add permission seeding to test data for comprehensive test coverage
test/integration/*/**.test.ts	Add permission setup and test permission validation in integration tests
test/helper/chainTest.ts	Add helper function to create all required permissions for testing
src/lib/payload.ts	Update payload structures to include permission references and version bumps
src/lib/indexer/*.ts	Add permission processing, database operations, and event handling
src/lib/db/*.ts	Add permission table schema, types, and migration
src/controllers/v1/*.ts	Add permission validation before on-chain operations
l3.sqnc	Update token specification to include Permission token and updated process versions

Comments suppressed due to low confidence (2)

docker-compose.yml:1

• [nitpick] The YAML array formatting change from ['CMD-SHELL', 'pg_isready -U postgres'] to [ 'CMD-SHELL', 'pg_isready -U postgres' ] is inconsistent with line 14 which still uses the compact format. All healthcheck test arrays should use consistent formatting.

services:

docker-compose.yml:1

• [nitpick] The YAML array formatting change from ['CMD-SHELL', 'pg_isready -U postgres'] to [ 'CMD-SHELL', 'pg_isready -U postgres' ] is inconsistent with line 14 which still uses the compact format. All healthcheck test arrays should use consistent formatting.

services:

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Using typeof context creates a circular type reference. The original type annotation was clearer and should be restored: {} as { app: Express; indexer: Indexer }

Suggested change

	const context: { app: Express; indexer: Indexer } = {} as typeof context
	const context: { app: Express; indexer: Indexer } = {} as { app: Express; indexer: Indexer }