Mode B signature over notes and public data

[JanKuczma]

Summary by CodeRabbit

• Documentation

  • Updated integration guide and Mode B specification to describe the new unified migration signing flow.

• New Features

  • Migration signing now supports public state and private notes together via a single, structured options payload.

• Breaking Changes

  • Signing call shape changed to a structured options object; the separate public-state-only signing entry was removed—update integrations accordingly.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0659b2f9-544f-4c9a-9e2c-e83bd39f629a

📥 Commits

Reviewing files that changed from the base of the PR and between ca43785 and c412b75.

📒 Files selected for processing (1)

• docs/spec/mode-b-spec.md

---

Walkthrough

This PR unifies Mode B signing into a single signMigrationModeB API that accepts an options object with optional publicData and notes. Hash input order changed to pack public data first, then note hashes; tests, docs, exports, and wallet APIs updated to the new shape.

Changes

Cohort / File(s)	Summary
Documentation docs/integration-guide.md, docs/spec/mode-b-spec.md	Examples and spec updated to use unified signMigrationModeB(options); terminology adjusted and final hash order clarified (packed public data first, then note hashes).
Tests — Private Notes e2e-tests/migration-mode-b.test.ts, e2e-tests/nft-migration-mode-b.test.ts, e2e-tests/token-migration-mode-b.test.ts	Calls changed to pass { notes: [...] }; single-note proof helpers replaced usages of plural helpers (e.g., buildFullNoteProof vs buildFullNoteProofs) and variable names adjusted.
Tests — Public State e2e-tests/migration-public-mode-b.test.ts, e2e-tests/nft-migration-public-mode-b.test.ts, e2e-tests/token-migration-public-mode-b.test.ts	Replaced signPublicStateMigrationModeB with signMigrationModeB and changed scalar data/type args to { publicData: [{ data, abiType }] } payload.
Tests — Mode A adjustments e2e-tests/token-migration-mode-a.test.ts	Import path updated for mode-A signer; proof-building calls simplified to single-note variants and bridgeBlock result destructuring reduced.
Core — Mode B signature ts/aztec-state-migration/mode-b/signature.ts	signMigrationModeB signature changed to accept options containing optional publicData and notes; hashing logic refactored to encode publicData fields first then append note hashes to compute final hash.
Core — Exports & Wallet ts/aztec-state-migration/mode-b/index.ts, ts/aztec-state-migration/wallet/migration-base-wallet.ts	Removed signPublicStateMigrationModeB export and method; wallet API updated so signMigrationModeB accepts the options object and forwards it to the signature implementation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Restructure TypeScript SDK as publishable npm package #43: Modifies Mode B signing APIs and related exports — closely related to this consolidation of Mode B signing.

Suggested reviewers

• DamianStraszak

Poem

🐰 I hopped through code with tiny paws,
Merged two paths without a cause.
Public bits then private notes,
One call now carries all the votes —
A tidy hop toward clearer laws. 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 12.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Mode B signature over notes and public data' clearly and specifically summarizes the main change: unifying the Mode B signing API to handle both private notes and public data through a single signMigrationModeB function with an options parameter.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jk-sign-mode-b

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

e2e-tests/token-migration-mode-b.test.ts (1)

220-244: 🧹 Nitpick | 🔵 Trivial

Add one explicit multi-note signing case to preserve order-sensitive coverage.

This test now validates only the single-note path. Since Mode B hashing is order-sensitive over note hashes, add one case signing notes: [n1, n2] to guard against ordering regressions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@e2e-tests/token-migration-mode-b.test.ts` around lines 220 - 244, The test
currently only covers single-note signing for Mode B (using signMigrationModeB
with notes: [balanceNote]), but Mode B is order-sensitive; add an explicit
multi-note signing case that signs two notes in a specific order to guard
against ordering regressions. Modify the test to pull a second note from
balanceNotesActive (e.g. balanceNotesActive[1]) and perform the same preparation
(buildFullNoteProof / buildKeyNoteProofData / getMigrationSignerFromAddress) and
then call signMigrationModeB with notes: [n1, n2] (preserving the intended
order), and assert the signature/behavior matches expectations; keep the
original single-note case intact for coverage of both paths.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/integration-guide.md`:
- Around line 389-405: The examples reuse the same const name "sig" three times
causing redeclaration errors; update the three signMigrationModeB examples to
use distinct variable names (e.g., sigPrivate, sigPublic, sigMixed) so each call
to wallet.signMigrationModeB (the function referenced) produces a uniquely named
result and the snippets can be copied and compiled without conflict.

In `@docs/spec/mode-b-spec.md`:
- Around line 234-235: The spec text for signMigrationModeB() currently
contradicts the hash-order in the formula; update the formula so its
concatenation order matches the description and Noir builder (packed public data
fields first, then note hashes). Edit the formula/notation used in the section
that defines the hash input to explicitly show concat(packed_public_fields ||
note_hashes) or equivalent symbol names to match signMigrationModeB(), and
harmonize any adjacent examples or explanatory text that reference the old order
so all references use the public-first, notes-second ordering.

In `@ts/aztec-state-migration/mode-b/signature.ts`:
- Around line 14-30: Update docs/security.md to describe the new unified Mode B
signing model implemented in signature.ts: document that the signer (e.g.,
MigrationAccount.migrationKeySigner) now signs a combined payload using
Poseidon2Hasher with inputs in the specific order (packed public data fields
first, then note hashes) and that the final signed payload is
poseidon2_hash([DOM_SEP__CLAIM_B, oldVersion, newVersion, finalHash, recipient,
newApp]). Explain the trust/assumption changes when private notes and public
state entries are packed together, note the ordering requirement (matches the
Noir builder), and call out the related symbols/functions (DOM_SEP__CLAIM_B,
finalHash, MigrationSignature, and the Mode B signing flow in signature.ts) so
reviewers can trace the security impact.
- Around line 43-60: The function signMigrationModeB currently proceeds to hash
and sign even when both options.publicData and options.notes are missing or
empty; add a guard at the start of signMigrationModeB that checks
(options.publicData is undefined or length===0) AND (options.notes is undefined
or length===0) and fail fast (throw an Error or return a rejected promise) with
a clear message like "empty Mode B payload" before any encoding/poseidon2Hash
calls so invalid signing requests are rejected immediately.

---

Outside diff comments:
In `@e2e-tests/token-migration-mode-b.test.ts`:
- Around line 220-244: The test currently only covers single-note signing for
Mode B (using signMigrationModeB with notes: [balanceNote]), but Mode B is
order-sensitive; add an explicit multi-note signing case that signs two notes in
a specific order to guard against ordering regressions. Modify the test to pull
a second note from balanceNotesActive (e.g. balanceNotesActive[1]) and perform
the same preparation (buildFullNoteProof / buildKeyNoteProofData /
getMigrationSignerFromAddress) and then call signMigrationModeB with notes: [n1,
n2] (preserving the intended order), and assert the signature/behavior matches
expectations; keep the original single-note case intact for coverage of both
paths.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 73a5b5a9-baf6-470e-83c6-404bbb8f69b2

📥 Commits

Reviewing files that changed from the base of the PR and between e0c107b and ca43785.

📒 Files selected for processing (12)

• docs/integration-guide.md
• docs/spec/mode-b-spec.md
• e2e-tests/migration-mode-b.test.ts
• e2e-tests/migration-public-mode-b.test.ts
• e2e-tests/nft-migration-mode-b.test.ts
• e2e-tests/nft-migration-public-mode-b.test.ts
• e2e-tests/token-migration-mode-a.test.ts
• e2e-tests/token-migration-mode-b.test.ts
• e2e-tests/token-migration-public-mode-b.test.ts
• ts/aztec-state-migration/mode-b/index.ts
• ts/aztec-state-migration/mode-b/signature.ts
• ts/aztec-state-migration/wallet/migration-base-wallet.ts