test(dpp): add validation error path tests for identity_nonce, max_depth, and GroupV0

[thepastaclaw]

Issue Being Fixed

Tracker: thepastaclaw/tracker#14 (parent: #11)

Addresses findings C-07, I-01, and I-05 from the rs-dpp test quality audit.

What was done

Added missing validation error path tests for three validators that had little to no test coverage:

C-07: validate_new_identity_nonce — 0 tests → 5 tests

• validate_new_identity_nonce_valid_zero — nonce=0, valid
• validate_new_identity_nonce_valid_max_minus_one — nonce=23 (boundary), valid
• validate_new_identity_nonce_invalid_at_max — nonce=24 (boundary), returns NonceTooFarInPast
• validate_new_identity_nonce_invalid_above_max — nonce=25, returns error
• validate_new_identity_nonce_invalid_large — nonce=1000, returns error

I-01: validate_max_depth_v0 — max-depth error path never tested → 1 test

• should_return_error_when_max_depth_exceeded — dynamically builds a schema exceeding max_depth from platform version, asserts DataContractMaxDepthExceedError

I-05: GroupV0::validate — 1 test → 11 tests

• test_group_exceeds_max_members — too many members
• test_group_too_few_members_zero — empty group
• test_group_too_few_members_one — single member
• test_group_member_has_power_of_zero — member with power 0
• test_group_member_power_over_limit — power > GROUP_POWER_LIMIT (u16::MAX)
• test_group_member_power_exceeds_required — power > required_power
• test_group_total_power_less_than_required — insufficient total power
• test_group_non_unilateral_member_power_less_than_required — non-unilateral members can't meet threshold
• test_group_required_power_zero — documents that required_power=0 hits power > required_power before the invalid-power check
• test_group_required_power_over_limit — required_power > GROUP_POWER_LIMIT (65536), reached via 3 members at max power

All tests compile and pass (cargo test -p dpp --lib — 32 targeted tests, 0 failures).

Summary by CodeRabbit

• Tests
  • Added comprehensive unit tests covering document-schema max-depth enforcement, group validation edge cases (member counts, power constraints, and related error scenarios), and identity nonce boundary checks across valid and invalid ranges.

Validation

1. What was tested

   • cargo test -p dpp --lib

2. Results

   • 32 targeted tests executed
   • 0 failures

3. Environment

   • Local development environment for dashpay/platform (Rust test run)

[coderabbitai]

Warning

Rate limit exceeded

@QuantumExplorer has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 31 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ac8fb56f-f5ce-443a-94a5-c9ffbaf01eda

📥 Commits

Reviewing files that changed from the base of the PR and between db23345 and b61b132.

📒 Files selected for processing (2)

• packages/rs-dpp/src/data_contract/document_type/schema/validate_max_depth/v0/mod.rs
• packages/rs-dpp/src/data_contract/group/v0/mod.rs

📝 Walkthrough

Walkthrough

Adds unit tests for three validators—max-depth schema validation, GroupV0::validate, and validate_new_identity_nonce—that exercise error branches and boundary conditions without changing public APIs.

Changes

Cohort / File(s)	Summary
Max Depth Validation Tests packages/rs-dpp/src/data_contract/document_type/schema/validate_max_depth/v0/mod.rs	Adds a unit test that builds a nested JSON schema up to the configured max depth, invokes validate_max_depth_v0, and asserts the first error is DataContractMaxDepthExceedError with the reported max_depth equal to the configured maximum.
Group Validation Tests packages/rs-dpp/src/data_contract/group/v0/mod.rs	Adds an extensive test suite for GroupV0::validate covering exceeding max members, too few members, various power constraints, unilateral power cases, and invalid required_power; tests assert specific ConsensusError::BasicError variants in results.
Identity Nonce Validation Tests packages/rs-dpp/src/identity/identity_nonce.rs	Adds tests for validate_new_identity_nonce covering zero, max-1, at max, above max, and very large nonces; expects valid ranges to pass and out-of-range values to produce NonceTooFarInPast errors.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through tests with eager eyes,

Depths, groups, nonces — all boundary-wise.
I counted members, measured depth with care,
Chased errant nonces here and there,
A tiny thump — the suite is fair.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding validation error path tests for three specific validators (identity_nonce, max_depth, and GroupV0).
Linked Issues check	✅ Passed	The PR successfully addresses all three findings from issue #14: C-07 adds 5 identity_nonce tests, I-01 adds max_depth_v0 test, and I-05 adds 10 GroupV0::validate tests covering error branches.
Out of Scope Changes check	✅ Passed	All changes are focused test additions directly addressing the three linked issues; no unrelated modifications or scope creep detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/rs-dpp/src/identity/identity_nonce.rs (1)

189-226: Consider asserting additional error fields and replacing the magic number.

Two small improvements for completeness:

1. Magic literal in validate_new_identity_nonce_invalid_large — 1000 is an arbitrary sentinel with no expressed relationship to MISSING_IDENTITY_REVISIONS_MAX_BYTES. A constant expression makes the intent self-documenting:

♻️ Suggested change for magic literal

-        let nonce = 1000;
+        let nonce = MISSING_IDENTITY_REVISIONS_MAX_BYTES * 42; // well above the limit

2. Incomplete error field assertions — the three invalid tests only assert e.error. The struct also carries setting_identity_nonce (should equal the input nonce) and current_identity_nonce (should be None for a new identity). Adding these assertions would fully pin the error payload and catch regressions in those fields:

♻️ Suggested additional assertions (shown for the `at_max` test; pattern applies to all three)

         assert_eq!(e.error, MergeIdentityNonceResult::NonceTooFarInPast);
+        assert_eq!(e.setting_identity_nonce, nonce);
+        assert!(e.current_identity_nonce.is_none());

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/rs-dpp/src/identity/identity_nonce.rs` around lines 189 - 226,
Replace the magic literal in validate_new_identity_nonce_invalid_large with a
value derived from MISSING_IDENTITY_REVISIONS_MAX_BYTES (e.g.
MISSING_IDENTITY_REVISIONS_MAX_BYTES * 2) so the relationship to the boundary is
explicit, and in all three failing tests
(validate_new_identity_nonce_invalid_at_max,
validate_new_identity_nonce_invalid_above_max,
validate_new_identity_nonce_invalid_large) add assertions on the returned
InvalidIdentityNonceError fields: assert e.error ==
MergeIdentityNonceResult::NonceTooFarInPast, assert e.setting_identity_nonce ==
nonce, and assert e.current_identity_nonce.is_none() to fully pin the error
payload from validate_new_identity_nonce.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/rs-dpp/src/data_contract/group/v0/mod.rs`:
- Around line 360-379: The check for self.required_power == 0 in
GroupV0::validate is unreachable because the per-member validation (the power >
self.required_power check in the member loop) will always fire first when
required_power == 0; either remove the unreachable branch that returns
GroupRequiredPowerIsInvalidError or refactor the per-member check so it doesn't
preempt the required_power == 0 validation (e.g., validate required_power early
in validate before iterating members); update references in tests that assert
GroupMemberHasPowerOverLimitError vs GroupRequiredPowerIsInvalidError to match
the chosen behavior.

---

Nitpick comments:
In `@packages/rs-dpp/src/identity/identity_nonce.rs`:
- Around line 189-226: Replace the magic literal in
validate_new_identity_nonce_invalid_large with a value derived from
MISSING_IDENTITY_REVISIONS_MAX_BYTES (e.g. MISSING_IDENTITY_REVISIONS_MAX_BYTES
* 2) so the relationship to the boundary is explicit, and in all three failing
tests (validate_new_identity_nonce_invalid_at_max,
validate_new_identity_nonce_invalid_above_max,
validate_new_identity_nonce_invalid_large) add assertions on the returned
InvalidIdentityNonceError fields: assert e.error ==
MergeIdentityNonceResult::NonceTooFarInPast, assert e.setting_identity_nonce ==
nonce, and assert e.current_identity_nonce.is_none() to fully pin the error
payload from validate_new_identity_nonce.

[thepastaclaw]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@packages/rs-dpp/src/data_contract/group/v0/mod.rs`:
- Around line 358-376: This test correctly documents current behavior and
requires no code changes: leave the test in mod.rs as-is, keeping the inline
comment and the assertion that GroupV0::validate produces a
BasicError::GroupMemberHasPowerOverLimitError when required_power == 0; ensure
references to the two relevant errors (GroupMemberHasPowerOverLimitError and
GroupRequiredPowerIsInvalidError) and the GroupV0::validate function remain
unchanged so future fixes to validation order will surface as test failures
requiring assertion updates.

[coderabbitai]

🧹 Nitpick comments (1)

packages/rs-dpp/src/identity/identity_nonce.rs (1)

215-226: validate_new_identity_nonce_invalid_large is redundant with validate_new_identity_nonce_invalid_above_max.

validate_new_identity_nonce has exactly two branches (>= MAX / < MAX). Both are fully covered by valid_zero and invalid_at_max; neither invalid_above_max nor invalid_large add new coverage. Consider dropping invalid_large or replacing it with a semantically distinct case (e.g., max u64 to document overflow behaviour isn't possible).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/rs-dpp/src/identity/identity_nonce.rs` around lines 215 - 226, The
test validate_new_identity_nonce_invalid_large duplicates coverage of
validate_new_identity_nonce already exercised by
validate_new_identity_nonce_invalid_above_max and valid_zero; remove
validate_new_identity_nonce_invalid_large or replace it with a semantically
distinct scenario (e.g., use u64::MAX as the nonce to document overflow/edge
behavior) so it adds unique coverage; update or delete the test function
validate_new_identity_nonce_invalid_large accordingly and ensure
references/assertions still target validate_new_identity_nonce and
MergeIdentityNonceResult::NonceTooFarInPast if keeping a meaningful new case.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@packages/rs-dpp/src/data_contract/group/v0/mod.rs`:
- Around line 358-376: The validate logic in GroupV0 currently checks per-member
power limits before validating required_power, making the required_power == 0
branch (which should produce GroupRequiredPowerIsInvalidError) unreachable and
leaving dead code; update GroupV0::validate to validate required_power (and emit
GroupRequiredPowerIsInvalidError when required_power == 0 or otherwise invalid)
before iterating members for GroupMemberHasPowerOverLimitError so the intended
error path is reachable, and adjust the tests to expect
GroupRequiredPowerIsInvalidError for the zero required_power case or keep the
existing test as a regression test if you prefer to assert the new behavior.

---

Nitpick comments:
In `@packages/rs-dpp/src/identity/identity_nonce.rs`:
- Around line 215-226: The test validate_new_identity_nonce_invalid_large
duplicates coverage of validate_new_identity_nonce already exercised by
validate_new_identity_nonce_invalid_above_max and valid_zero; remove
validate_new_identity_nonce_invalid_large or replace it with a semantically
distinct scenario (e.g., use u64::MAX as the nonce to document overflow/edge
behavior) so it adds unique coverage; update or delete the test function
validate_new_identity_nonce_invalid_large accordingly and ensure
references/assertions still target validate_new_identity_nonce and
MergeIdentityNonceResult::NonceTooFarInPast if keeping a meaningful new case.

[QuantumExplorer]

Closing to recreate from the main repo so we get coverage reports (fork PRs can't upload to Codecov). The tests are good -- will be preserved in the new PR. Thanks for the contribution!

[codecov]

Codecov Report

❌ Patch coverage is 92.00000% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.65%. Comparing base (6bc1c1b) to head (679d3b5).
⚠️ Report is 1 commits behind head on v3.1-dev.

Files with missing lines	Patch %	Lines
packages/rs-dpp/src/data_contract/group/v0/mod.rs	91.86%	10 Missing ⚠️
packages/rs-dpp/src/identity/identity_nonce.rs	90.90%	3 Missing ⚠️
.../document_type/schema/validate_max_depth/v0/mod.rs	94.73%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##           v3.1-dev    #3123      +/-   ##
============================================
+ Coverage     72.62%   72.65%   +0.02%     
============================================
  Files          3293     3293              
  Lines        269077   269252     +175     
============================================
+ Hits         195425   195617     +192     
+ Misses        73652    73635      -17     

Components	Coverage Δ
dpp	60.30% <92.00%> (+0.13%)	⬆️
drive	78.31% <ø> (ø)
drive-abci	84.17% <ø> (ø)
sdk	31.25% <ø> (ø)
dapi-client	79.06% <ø> (ø)
platform-version	∅ <ø> (∅)
platform-value	58.46% <ø> (ø)
platform-wallet	60.40% <ø> (ø)
drive-proof-verifier	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.