Remove public key deduplication migration and diff key program

[fxamacker]

Updates #8314 #7573

Account public key deduplication migration completed successfully, so we can remove that migration code and the diff key program used for validating the migration.

Summary by CodeRabbit

• Chores
  • Removed the diff-keys CLI command.
  • Removed account public key deduplication migration, its utilities, and related comparison/reporting tools.
  • Deleted associated unit tests for deduplication and diffing.
  • Stopped automatically applying the account-key deduplication migration by default.
  • Simplified account public key validation surface (public validation method removed/renamed) and switched to internal validation.
  • Renamed a digest-related constant to an exported identifier (MaxStoredDigests).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR removes the account public-key deduplication feature and the diff-keys CLI, shifts public-key validation and key-metadata handling to environment/accountkeymetadata, and exports an environment constant for stored digests.

Changes

Cohort / File(s)	Summary
Check-Storage validation updates cmd/util/cmd/check-storage/account_key_validation.go, cmd/util/cmd/check-storage/cmd.go	Replaced exported ValidateAccountPublicKeyV4 with unexported validateAccountPublicKey; switched to accountkeymetadata and environment APIs/types/constants; updated imports and call sites.
Diffkeys CLI removal cmd/util/cmd/diffkeys/cmd.go, cmd/util/cmd/root.go	Deleted the entire diff-keys command implementation and its registration in root.
Account key deduplication encoder & tests removed cmd/util/ledger/migrations/account_key_deduplication_encoder.go, cmd/util/ledger/migrations/account_key_deduplication_encoder_test.go	Removed RLE encoding/decoding, mapping, batching, account status v4 encoding/decoding and corresponding unit tests.
Account key deduplication migration removed cmd/util/ledger/migrations/account_key_deduplication_migration.go, ..._migration_results.go, ..._migration_test.go, ..._migration_utils.go	Removed migration type, deduplicator, migration workflow, helpers, results writer and tests—complete removal of deduplication migration feature.
Account key diff reporter & tests removed cmd/util/ledger/migrations/account_key_diff.go, cmd/util/ledger/migrations/account_key_diff_test.go	Deleted cross-version key comparison reporter, stateful accessors, comparison helpers, and tests.
Execution-state-extract pipeline change cmd/util/cmd/execution-state-extract/cmd.go	Stopped auto-appending the account-public-key-deduplication migration block; migrations must be added explicitly via flags/custom migrations.
Environment constant exported fvm/environment/accounts_status.go	Renamed maxStoredDigests → exported MaxStoredDigests and updated call sites (NewKeyMetadataAppender, NewKeyMetadataAppenderFromBytes).

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

• Remove account public key migration and add reuseable functions to FVM #8314: Changes remove deduplication migration and move validation into environment/accountkeymetadata, matching the issue intent.
• Public key de-duplication #7573: The diff removes/rewrites deduplication implementation components referenced in this issue.

Possibly related PRs

• Add account key metadata utility functions to FVM pkgs #8315: Replaces migration-local key-metadata decoding with environment/accountkeymetadata APIs—strongly related.
• add AN compatibility for v0.44.13 #8288: Touches exporting of the stored-digests constant in environment; related at the constant/usage level.

Suggested reviewers

• zhangchiqing
• janezpodhostnik
• peterargue

Poem

🐇 I hop through lines of code and cheer,

Old dedupe trails now disappear.
Keys find home in environment's nest,
CLI and encoders take a rest.
Thump-thump—simpler builds, I jest!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Remove public key deduplication migration and diff key program' directly and clearly summarizes the main change: removal of public key deduplication migration code and diff key utilities.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b17f81 and 14fd7fb.

📒 Files selected for processing (1)

• cmd/util/cmd/check-storage/account_key_validation.go

🧰 Additional context used

📓 Path-based instructions (2)

**/*.go

📄 CodeRabbit inference engine (.cursor/rules/coding_conventions.mdc)

Follow Go coding conventions as documented in @docs/agents/CodingConventions.md

Follow Go coding standards and conventions as documented in @docs/agents/GoDocs.md

**/*.go: Follow the existing module structure in /module/, /engine/, /model/ and use dependency injection patterns for component composition
Implement proper interfaces before concrete types
Follow Go naming conventions and the project's coding style defined in /docs/CodingConventions.md
Use mock generators: run make generate-mocks after interface changes
All inputs must be considered potentially byzantine; error classification is context-dependent and no code path is safe unless explicitly proven and documented
Use comprehensive error wrapping for debugging; avoid fmt.Errorf, use irrecoverable package for exceptions
NEVER log and continue on best effort basis; ALWAYS explicitly handle errors
Uses golangci-lint with custom configurations (.golangci.yml) and custom linters for Flow-specific conventions (struct write checking)

Files:

• cmd/util/cmd/check-storage/account_key_validation.go

{module,engine,cmd}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

All major processing components must implement the Component interface from /module/component/component.go to ensure consistent lifecycle management and graceful shutdown patterns

Files:

• cmd/util/cmd/check-storage/account_key_validation.go

🧬 Code graph analysis (1)

cmd/util/cmd/check-storage/account_key_validation.go (5)

model/flow/ledger.go (1)

• AccountPublicKey0RegisterKey (24-24)

fvm/environment/account-key-metadata/metadata.go (1)

• DecodeKeyMetadata (371-407)

fvm/environment/account_public_key_util.go (2)

• DecodeBatchPublicKeys (360-398)
• MaxPublicKeyCountInBatch (14-14)

fvm/environment/account-key-metadata/weight_and_revoked_group.go (1)

• WeightAndRevokedStatus (326-329)

fvm/environment/accounts_status.go (1)

• MaxStoredDigests (61-61)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (37)

• GitHub Check: Lint (./)
• GitHub Check: Lint (./integration/)
• GitHub Check: Lint (./insecure/)
• GitHub Check: Integration Tests Others (integration)
• GitHub Check: Unit Tests (network/test/cohort2)
• GitHub Check: Unit Tests (others)
• GitHub Check: Unit Tests (engine/execution/computation)
• GitHub Check: Unit Tests (network/p2p/connection)
• GitHub Check: Unit Tests (network)
• GitHub Check: Unit Tests (network/alsp)
• GitHub Check: Unit Tests (engine/execution)
• GitHub Check: Unit Tests (module/dkg)
• GitHub Check: Unit Tests (module)
• GitHub Check: Unit Tests (network/p2p/node)
• GitHub Check: Unit Tests (engine/collection)
• GitHub Check: Unit Tests (engine/execution/ingestion)
• GitHub Check: Unit Tests (network/test/cohort1)
• GitHub Check: Unit Tests (engine/verification)
• GitHub Check: Unit Tests (network/p2p/scoring)
• GitHub Check: Unit Tests (ledger)
• GitHub Check: Unit Tests (engine)
• GitHub Check: Unit Tests (engine/access)
• GitHub Check: Unit Tests (network/p2p)
• GitHub Check: Unit Tests (engine/consensus)
• GitHub Check: Unit Tests (utils)
• GitHub Check: Unit Tests (engine/common)
• GitHub Check: Unit Tests (admin)
• GitHub Check: Unit Tests (fvm)
• GitHub Check: Unit Tests (storage)
• GitHub Check: Unit Tests (state)
• GitHub Check: Unit Tests (consensus)
• GitHub Check: Unit Tests (cmd)
• GitHub Check: Unit Tests Insecure (insecure)
• GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/scoring)
• GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/rpc_inspector)
• GitHub Check: Docker Build
• GitHub Check: analyze-code (go)

🔇 Additional comments (4)

cmd/util/cmd/check-storage/account_key_validation.go (4)

1-15: LGTM!

The new import for accountkeymetadata is properly aliased and aligns with the refactoring to use centralized packages for key metadata handling.

---

17-85: LGTM!

The function has been appropriately renamed and unexported, consistent with its utility-only usage. The use of flow.AccountPublicKey0RegisterKey constant instead of an inline string improves maintainability. The removal of the legacy register check aligns with the PR objective of removing migration-related validation code.

---

87-163: LGTM!

The function refactoring to use accountkeymetadata.DecodeKeyMetadata is correct. The call signature matches the function definition in the relevant code snippets, and error handling remains consistent.

---

259-299: LGTM!

The type reference accountkeymetadata.WeightAndRevokedStatus and constant environment.MaxStoredDigests are correctly used. Per the relevant snippets, MaxStoredDigests = 2 is defined in fvm/environment/accounts_status.go, which aligns with the validation logic here.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[fxamacker]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

cmd/util/cmd/check-storage/account_key_validation.go (1)

577-577: Update stale comment to reference current function name.

The comment references ValidateAccountPublicKeyV4(), which has been renamed to validateAccountPublicKey. Please update the comment for clarity.

📝 Proposed fix

-	// NOTE: don't need to check unreachable keys because it is checked in ValidateAccountPublicKeyV4().
+	// NOTE: don't need to check unreachable keys because it is checked in validateAccountPublicKey().

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7735f68 and 7c3059c.

📒 Files selected for processing (14)

• cmd/util/cmd/check-storage/account_key_validation.go
• cmd/util/cmd/check-storage/cmd.go
• cmd/util/cmd/diffkeys/cmd.go
• cmd/util/cmd/execution-state-extract/cmd.go
• cmd/util/cmd/root.go
• cmd/util/ledger/migrations/account_key_deduplication_encoder.go
• cmd/util/ledger/migrations/account_key_deduplication_encoder_test.go
• cmd/util/ledger/migrations/account_key_deduplication_migration.go
• cmd/util/ledger/migrations/account_key_deduplication_migration_results.go
• cmd/util/ledger/migrations/account_key_deduplication_migration_test.go
• cmd/util/ledger/migrations/account_key_deduplication_migration_utils.go
• cmd/util/ledger/migrations/account_key_diff.go
• cmd/util/ledger/migrations/account_key_diff_test.go
• fvm/environment/accounts_status.go

💤 Files with no reviewable changes (11)

• cmd/util/cmd/execution-state-extract/cmd.go
• cmd/util/ledger/migrations/account_key_deduplication_migration_test.go
• cmd/util/cmd/root.go
• cmd/util/ledger/migrations/account_key_deduplication_encoder_test.go
• cmd/util/ledger/migrations/account_key_deduplication_migration_results.go
• cmd/util/ledger/migrations/account_key_deduplication_migration.go
• cmd/util/ledger/migrations/account_key_deduplication_encoder.go
• cmd/util/ledger/migrations/account_key_diff.go
• cmd/util/ledger/migrations/account_key_deduplication_migration_utils.go
• cmd/util/ledger/migrations/account_key_diff_test.go
• cmd/util/cmd/diffkeys/cmd.go

🧰 Additional context used

📓 Path-based instructions (5)

**/*.go

📄 CodeRabbit inference engine (.cursor/rules/coding_conventions.mdc)

Follow Go coding conventions as documented in @docs/agents/CodingConventions.md

Follow Go coding standards and conventions as documented in @docs/agents/GoDocs.md

**/*.go: Follow the existing module structure in /module/, /engine/, /model/ and use dependency injection patterns for component composition
Implement proper interfaces before concrete types
Follow Go naming conventions and the project's coding style defined in /docs/CodingConventions.md
Use mock generators: run make generate-mocks after interface changes
All inputs must be considered potentially byzantine; error classification is context-dependent and no code path is safe unless explicitly proven and documented
Use comprehensive error wrapping for debugging; avoid fmt.Errorf, use irrecoverable package for exceptions
NEVER log and continue on best effort basis; ALWAYS explicitly handle errors
Uses golangci-lint with custom configurations (.golangci.yml) and custom linters for Flow-specific conventions (struct write checking)

Files:

• fvm/environment/accounts_status.go
• cmd/util/cmd/check-storage/cmd.go
• cmd/util/cmd/check-storage/account_key_validation.go

{crypto,fvm,ledger,storage}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Security checks for cryptographic misuse must be enforced using gosec

Files:

• fvm/environment/accounts_status.go

{crypto,fvm,ledger,access,engine}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Cryptographic operations require careful handling; refer to crypto library documentation for proper implementation

Files:

• fvm/environment/accounts_status.go

{storage,ledger,execution,fvm}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

State consistency is paramount; use proper synchronization primitives

Files:

• fvm/environment/accounts_status.go

{module,engine,cmd}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

All major processing components must implement the Component interface from /module/component/component.go to ensure consistent lifecycle management and graceful shutdown patterns

Files:

• cmd/util/cmd/check-storage/cmd.go
• cmd/util/cmd/check-storage/account_key_validation.go

🧠 Learnings (1)

📚 Learning: 2025-12-23T00:28:41.005Z

Learnt from: CR
Repo: onflow/flow-go PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T00:28:41.005Z
Learning: Applies to {crypto,fvm,ledger,access,engine}/**/*.go : Cryptographic operations require careful handling; refer to crypto library documentation for proper implementation

Applied to files:

• cmd/util/cmd/check-storage/cmd.go

🧬 Code graph analysis (1)

fvm/environment/accounts_status.go (1)

fvm/environment/account-key-metadata/metadata.go (2)

• NewKeyMetadataAppender (123-129)
• NewKeyMetadataAppenderFromBytes (133-155)

🔇 Additional comments (14)

fvm/environment/accounts_status.go (3)

60-62: LGTM! Constant exported for broader reuse.

The constant is appropriately exported to support usage across packages after migration code consolidation. The value and purpose remain unchanged.

---

380-380: LGTM! Correct usage of exported constant.

The call to NewKeyMetadataAppender correctly uses the newly exported MaxStoredDigests constant.

---

383-383: LGTM! Correct usage of exported constant.

The call to NewKeyMetadataAppenderFromBytes correctly uses the newly exported MaxStoredDigests constant.

cmd/util/cmd/check-storage/account_key_validation.go (10)

13-13: LGTM! Import added to support consolidated key metadata handling.

The import of accountkeymetadata package is necessary for using DecodeKeyMetadata and related types, aligning with the consolidation of key metadata logic.

---

17-19: LGTM! Clear constant for legacy register detection.

The constant legacyAccountPublicKeyRegisterKeyPrefix is well-named and appropriately scoped for checking legacy account public key registers.

---

21-24: LGTM! Function visibility change aligns with migration completion.

The function is now unexported (validateAccountPublicKey) as the public API is no longer needed after the migration completed. The removal of "V4" from the name suggests V4 is now the standard format.

---

31-31: LGTM! Call site correctly updated.

The function call is correctly updated to match the renamed function validateAccountStatusRegister.

---

93-101: LGTM! Function rename reflects V4 as standard format.

The function is renamed from validateAccountStatusV4Register to validateAccountStatusRegister, removing the version designation as V4 is now the standard format.

---

139-142: LGTM! Logic consolidated into accountkeymetadata package.

The use of accountkeymetadata.DecodeKeyMetadata consolidates key metadata parsing logic into the appropriate package, improving maintainability.

---

222-225: LGTM! Batch public key decoding consolidated.

The use of environment.DecodeBatchPublicKeys consolidates decoding logic into the environment package, improving code organization.

---

253-255: LGTM! Constant correctly sourced from environment package.

The use of environment.MaxPublicKeyCountInBatch consolidates the constant definition, ensuring consistency across the codebase.

---

268-268: LGTM! Type correctly sourced from accountkeymetadata package.

The type accountkeymetadata.WeightAndRevokedStatus is correctly used, consolidating type definitions in the appropriate package.

---

278-280: LGTM! Constant correctly sourced from environment package.

The use of environment.MaxStoredDigests (exported in accounts_status.go) consolidates the constant definition for broader reuse.

cmd/util/cmd/check-storage/cmd.go (1)

422-422: LGTM! Call site correctly updated to use local function.

The call is correctly updated to use validateAccountPublicKey from the local check_storage package instead of the removed migrations.ValidateAccountPublicKeyV4. This consolidates validation logic appropriately.

[fxamacker]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[turbolent]

👏 🧹

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[codecov-commenter]

Codecov Report

❌ Patch coverage is 20.00000% with 8 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...d/util/cmd/check-storage/account_key_validation.go	0.00%	7 Missing ⚠️
cmd/util/cmd/check-storage/cmd.go	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

cmd/util/cmd/check-storage/account_key_validation.go (1)

195-257: Address error handling violations in accordance with Flow's error handling guidelines.

The code violates Flow's high-assurance error handling conventions. All errors returned by validateBatchPublicKeyRegisters indicate data corruption or invalid storage state and should be treated as exceptions per the coding guidelines, not benign errors:

1. Use irrecoverable.NewExceptionf instead of fmt.Errorf - Validation failures (missing keys, decode failures, count mismatches, data corruption) represent unexpected failures indicating potential state corruption. Per the CodingConventions, these must be wrapped as exceptions.

2. Document error handling strategy - If you intend to use fmt.Errorf as an exception, clearly document for each public function that all returned errors are exceptions and why. The optional simplification for fmt.Errorf only applies to functions that solely return benign (expected) errors during normal operation. Validation failures are not benign.

3. Apply context-dependent error classification - The guidelines emphasize that error classification depends on the caller's context. Storage validation failures are never expected during normal operation; they always indicate a critical failure.

Reference: CodingConventions.md sections on error classification and high-assurance principles, and docs/agents/CodingConventions.md on context-dependent error handling.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b17f81 and 14fd7fb.

📒 Files selected for processing (1)

• cmd/util/cmd/check-storage/account_key_validation.go

🧰 Additional context used

📓 Path-based instructions (2)

**/*.go

📄 CodeRabbit inference engine (.cursor/rules/coding_conventions.mdc)

Follow Go coding conventions as documented in @docs/agents/CodingConventions.md

Follow Go coding standards and conventions as documented in @docs/agents/GoDocs.md

**/*.go: Follow the existing module structure in /module/, /engine/, /model/ and use dependency injection patterns for component composition
Implement proper interfaces before concrete types
Follow Go naming conventions and the project's coding style defined in /docs/CodingConventions.md
Use mock generators: run make generate-mocks after interface changes
All inputs must be considered potentially byzantine; error classification is context-dependent and no code path is safe unless explicitly proven and documented
Use comprehensive error wrapping for debugging; avoid fmt.Errorf, use irrecoverable package for exceptions
NEVER log and continue on best effort basis; ALWAYS explicitly handle errors
Uses golangci-lint with custom configurations (.golangci.yml) and custom linters for Flow-specific conventions (struct write checking)

Files:

• cmd/util/cmd/check-storage/account_key_validation.go

{module,engine,cmd}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

All major processing components must implement the Component interface from /module/component/component.go to ensure consistent lifecycle management and graceful shutdown patterns

Files:

• cmd/util/cmd/check-storage/account_key_validation.go

🧬 Code graph analysis (1)

cmd/util/cmd/check-storage/account_key_validation.go (5)

model/flow/ledger.go (1)

• AccountPublicKey0RegisterKey (24-24)

fvm/environment/account-key-metadata/metadata.go (1)

• DecodeKeyMetadata (371-407)

fvm/environment/account_public_key_util.go (2)

• DecodeBatchPublicKeys (360-398)
• MaxPublicKeyCountInBatch (14-14)

fvm/environment/account-key-metadata/weight_and_revoked_group.go (1)

• WeightAndRevokedStatus (326-329)

fvm/environment/accounts_status.go (1)

• MaxStoredDigests (61-61)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (37)

• GitHub Check: Lint (./)
• GitHub Check: Lint (./integration/)
• GitHub Check: Lint (./insecure/)
• GitHub Check: Integration Tests Others (integration)
• GitHub Check: Unit Tests (network/test/cohort2)
• GitHub Check: Unit Tests (others)
• GitHub Check: Unit Tests (engine/execution/computation)
• GitHub Check: Unit Tests (network/p2p/connection)
• GitHub Check: Unit Tests (network)
• GitHub Check: Unit Tests (network/alsp)
• GitHub Check: Unit Tests (engine/execution)
• GitHub Check: Unit Tests (module/dkg)
• GitHub Check: Unit Tests (module)
• GitHub Check: Unit Tests (network/p2p/node)
• GitHub Check: Unit Tests (engine/collection)
• GitHub Check: Unit Tests (engine/execution/ingestion)
• GitHub Check: Unit Tests (network/test/cohort1)
• GitHub Check: Unit Tests (engine/verification)
• GitHub Check: Unit Tests (network/p2p/scoring)
• GitHub Check: Unit Tests (ledger)
• GitHub Check: Unit Tests (engine)
• GitHub Check: Unit Tests (engine/access)
• GitHub Check: Unit Tests (network/p2p)
• GitHub Check: Unit Tests (engine/consensus)
• GitHub Check: Unit Tests (utils)
• GitHub Check: Unit Tests (engine/common)
• GitHub Check: Unit Tests (admin)
• GitHub Check: Unit Tests (fvm)
• GitHub Check: Unit Tests (storage)
• GitHub Check: Unit Tests (state)
• GitHub Check: Unit Tests (consensus)
• GitHub Check: Unit Tests (cmd)
• GitHub Check: Unit Tests Insecure (insecure)
• GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/scoring)
• GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/rpc_inspector)
• GitHub Check: Docker Build
• GitHub Check: analyze-code (go)

🔇 Additional comments (4)

cmd/util/cmd/check-storage/account_key_validation.go (4)

1-15: LGTM!

The new import for accountkeymetadata is properly aliased and aligns with the refactoring to use centralized packages for key metadata handling.

---

17-85: LGTM!

The function has been appropriately renamed and unexported, consistent with its utility-only usage. The use of flow.AccountPublicKey0RegisterKey constant instead of an inline string improves maintainability. The removal of the legacy register check aligns with the PR objective of removing migration-related validation code.

---

87-163: LGTM!

The function refactoring to use accountkeymetadata.DecodeKeyMetadata is correct. The call signature matches the function definition in the relevant code snippets, and error handling remains consistent.

---

259-299: LGTM!

The type reference accountkeymetadata.WeightAndRevokedStatus and constant environment.MaxStoredDigests are correctly used. Per the relevant snippets, MaxStoredDigests = 2 is defined in fvm/environment/accounts_status.go, which aligns with the validation logic here.