feat(governance): emit events for signer and admin changes#718
Merged
Jagadeeshftw merged 2 commits intoJun 25, 2026
Conversation
Add SignerAdded { signer }, SignerRemoved { signer }, and
AdminChanged { old, new } event structs and publish them from
add_signer, remove_signer, and set_admin respectively.
- Topics use distinct single-element symbols (sgnr_add, sgnr_rm,
adm_chg) that do not collide with proposal topics.
- Events are emitted after state is persisted (CEI ordering).
- remove_signer of a non-registered address remains a no-op and
emits no event; rejected add/remove mutations emit nothing.
Add snapshot/assertion tests covering topics and payloads, admin
rotation chains, and negative no-event cases. Also fix two stale
pre-existing tests in governance_integration.rs that prevented the
target from compiling and running (try_init arity, and an expiry
boundary assertion that contradicted its own name).
Document the new topics, CEI guarantees, and test coverage in
docs/governance.md.
|
@shaaibu7 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
# Conflicts: # contracts/governance/src/lib.rs
Closed
4 tasks
Contributor
|
emitting sgnr_add, sgnr_rm and adm_chg events gives indexers a clean audit trail for membership and admin changes, and i like that the publishes stay CEI-after-persist. this collided with the new map-backed membership index on main, so i rebased and combined the two: the add/remove paths keep the O(1) signer_index updates and also emit your events (the silent no-op on removing a non-member happens before any event, as intended). builds clean. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #637
Summary
fluxora_governanceemitted events for the proposal lifecycle but mutated critical membership/admin state silently.add_signer,remove_signer, andset_adminnow emit structured events so indexers can reconstruct the signer set and admin history from chain events alone.Changes
Contract (
contracts/governance/src/lib.rs)#[contracttype]event structs (with///docs):SignerAdded { signer }SignerRemoved { signer }AdminChanged { old, new }symbol_short!topics:add_signer→("sgnr_add",)remove_signer→("sgnr_rm",)set_admin→("adm_chg",)set_admincaptures the old admin before overwriting so the event carries botholdandnew.remove_signerpublishes only inside the matched-index branch, so removing an unregistered address stays a silent no-op.Tests (
contracts/stream/tests/governance_integration.rs)old/neware correct across consecutive rotations.QuorumWouldBreak-rejected removal, and aDuplicateSigner-rejected add all emit no event.Docs (
docs/governance.md)Incidental fixes
The
governance_integration.rstest target did not compile onmain, so its tests had never run. Two pre-existing issues were fixed to enable the suite:test_init_duplicate_signers_errorscalledtry_initwith 2 args (missingthreshold).test_execute_at_expiry_boundary_succeedsassertedTimelockNotElapseddespite its name — atcreated_at + MAX_AGEthe 48h timelock has long elapsed, so it succeeds. Aligned with itslib.rstwin.Acceptance criteria
remove_signerof a missing address emits no spurious eventTest output
cargo test -p fluxora_governance --lib→ 50 passedcargo test -p fluxora_stream --test governance_integration→ 49 passedSecurity notes
AdminChangedcarries botholdandnew, making the full admin rotation chain reconstructable from events without reading historical state.