📌 Description
validate_milestone requires verifier.require_auth() when a verifier is set,
and creator.require_auth() when it is None. The current suite relies heavily
on env.mock_all_auths(), which masks the negative case: that a non-verifier
(and, in the None case, a non-creator) is actually rejected.
Goal: add tests using real (non-mocked) auth that prove only the designated
party can validate, for both the Some(verifier) and None configurations.
🎯 Requirements and Context
- Must be deterministic and isolated.
- Use scoped auth (e.g.
mock_auths / per-address auth) instead of
mock_all_auths() so unauthorized calls genuinely fail.
- Cover:
Some(verifier) validated by a stranger (reject); None validated by a
non-creator (reject); the corresponding authorized calls (succeed).
- Assert the rejected calls do not mutate
milestone_validated.
🛠️ Suggested Execution
1. Fork the repo and create a branch
git checkout -b feature/validate-auth-negative-tests
2. Implement changes
- Tests: add
tests/validate_auth.rs exercising scoped auth for the four cases.
- Assert state is unchanged after each rejection via
get_vault_state.
- Docs: update
TEST_VERIFIER_SAME_AS_CREATOR.md and TESTING_GUIDE.md to note
the negative auth coverage.
3. Test and commit
- Run
cargo test and regenerate coverage.
- Cover edge cases: verifier == creator (still only that party), stranger auth,
validation after deadline still gated by MilestoneExpired.
Example commit message
test: negative authorization coverage for validate_milestone
✅ Guidelines
- Minimum 95% test coverage on
validate_milestone auth branches.
- Clear documentation of the negative cases.
- All tests deterministic and passing.
- Timeframe: 96 hours.
🏷️ Labels
type-testing · area-contracts · type-security · MAYBE REWARDED ·
GRANTFOX OSS · OFFICIAL CAMPAIGN
💬 Community & Support
- Join the Disciplr contributor Discord to coordinate, ask questions, and get
unblocked fast: https://discord.gg/xvNAvMJf
- Please introduce yourself before you start so we can avoid duplicate work,
pair you with a reviewer, and merge your PR quickly.
📌 Description
validate_milestonerequiresverifier.require_auth()when a verifier is set,and
creator.require_auth()when it isNone. The current suite relies heavilyon
env.mock_all_auths(), which masks the negative case: that a non-verifier(and, in the
Nonecase, a non-creator) is actually rejected.🎯 Requirements and Context
mock_auths/ per-address auth) instead ofmock_all_auths()so unauthorized calls genuinely fail.Some(verifier)validated by a stranger (reject);Nonevalidated by anon-creator (reject); the corresponding authorized calls (succeed).
milestone_validated.🛠️ Suggested Execution
1. Fork the repo and create a branch
2. Implement changes
tests/validate_auth.rsexercising scoped auth for the four cases.get_vault_state.TEST_VERIFIER_SAME_AS_CREATOR.mdandTESTING_GUIDE.mdto notethe negative auth coverage.
3. Test and commit
cargo testand regenerate coverage.validation after deadline still gated by
MilestoneExpired.Example commit message
✅ Guidelines
validate_milestoneauth branches.🏷️ Labels
type-testing·area-contracts·type-security·MAYBE REWARDED·GRANTFOX OSS·OFFICIAL CAMPAIGN💬 Community & Support
unblocked fast: https://discord.gg/xvNAvMJf
pair you with a reviewer, and merge your PR quickly.