feat(pxe): add class IDs and view context to auth request#23633
Merged
nchamo merged 4 commits intoMay 29, 2026
Merged
Conversation
nchamo
commented
May 28, 2026
| The hook receives a `UtilityCallAuthorizationRequest` with the caller address, target address, function selector, function name, arguments, and caller context (`'private'` or `'utility'`). Return `{ authorized: true }` to allow or `{ authorized: false, reason: '...' }` to deny with a message. | ||
| The hook receives a `UtilityCallAuthorizationRequest` with the caller and target addresses, their contract class IDs, function selector, function name, arguments, and caller context (`'private'`, `'private view'`, or `'utility'`). Return `{ authorized: true }` to allow or `{ authorized: false, reason: '...' }` to deny with a message. | ||
|
|
||
| ##### In Noir tests |
Contributor
Author
There was a problem hiding this comment.
This was added in another PR, but we hadn't documented it properly
nchamo
commented
May 28, 2026
| } | ||
|
|
||
| /// Authorizes cross-contract utility calls to the given target contracts during this call. | ||
| /// Authorizes cross-contract utility calls to given targets. |
Contributor
Author
There was a problem hiding this comment.
The boss had asked to shorten these titles after the last PR was merged, so I'm doing it here
dbanks12
approved these changes
May 29, 2026
Comment on lines
-812
to
+819
| callerContext: ('isPrivate' in this ? 'private' : 'utility') as 'private' | 'utility', | ||
| callerContext: this.callerContext, |
Comment on lines
+80
to
+89
| unconstrained fn cross_contract_utility_call_from_private_view_succeeds_with_authorization() { | ||
| let (env, account, addr_a, addr_b) = setup(); | ||
|
|
||
| let result: Field = env.view_private_opts( | ||
| account, | ||
| ViewPrivateOptions::new().with_authorized_utility_call_targets([addr_b]), | ||
| NestedUtility::at(addr_a).delegate_pow_view(addr_b, 2, 3), | ||
| ); | ||
| assert_eq(result, 8); | ||
| } |
Contributor
There was a problem hiding this comment.
okay so this is using auth for the NESTED utility call, right? So not for the top-level private view call, but the nested call to pow_utility? hence why the auth is for addr-b
Contributor
Author
There was a problem hiding this comment.
Exactly, all the tests here are for the nested utility calls
…/f-641-improve-utilitycallauthorizationrequest-with-class-ids-and # Conflicts: # yarn-project/end-to-end/src/e2e_nested_utility_calls.test.ts
Collaborator
Flakey Tests🤖 says: This CI run detected 1 tests that failed, but were tolerated due to a .test_patterns.yml entry. |
nchamo
deleted the
nchamo/f-641-improve-utilitycallauthorizationrequest-with-class-ids-and
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
UtilityCallAuthorizationRequestincluded the caller and target contract addresses but not their class IDs. Without class IDs, hook authors couldn't verify the contract implementation behind a given address, making it impossible to write authorization policies based on what code a contract runs rather than just its identity.Fix
Adds
callerClassIdandtargetClassIdto the authorization request so hooks can match on contract implementations. Also expandscallerContextto distinguish'private view'from'private', makesfunctionNamerequired (it was always available), and updates the docs to explain why cross-contract utility calls are restricted and how to authorize them in Noir tests.Fixes F-641