MockKeystoneForwarder/Permissioning in simulation clarifications

reports/llms-report.json

@@ -1,22 +1,22 @@
 {
-  "startedAt": "2025-11-12T18:56:10.721Z",
+  "startedAt": "2025-11-13T00:04:05.799Z",
   "siteBase": "https://docs.chain.link",
   "sections": [
     {
       "section": "cre-go",
       "pagesProcessed": 84,
       "outputPath": "src/content/cre/llms-full-go.txt",
-      "bytes": 631240,
+      "bytes": 631974,
       "prevBytes": 631240,
-      "deltaBytes": 0
+      "deltaBytes": 734
     },
     {
       "section": "cre-ts",
       "pagesProcessed": 79,
       "outputPath": "src/content/cre/llms-full-ts.txt",
-      "bytes": 586661,
+      "bytes": 587395,
       "prevBytes": 586661,
-      "deltaBytes": 0
+      "deltaBytes": 734
     },
     {
       "section": "vrf",
@@ -31,8 +31,8 @@
       "pagesProcessed": 243,
       "outputPath": "src/content/ccip/llms-full.txt",
       "bytes": 2625022,
-      "prevBytes": 2639701,
-      "deltaBytes": -14679
+      "prevBytes": 2625022,
+      "deltaBytes": 0
     },
     {
       "section": "data-feeds",
@@ -123,5 +123,5 @@
       "deltaBytes": 0
     }
   ],
-  "finishedAt": "2025-11-12T18:56:14.180Z"
+  "finishedAt": "2025-11-13T00:04:10.542Z"
 }

src/content/cre/guides/workflow/using-evm-client/onchain-write/building-consumer-contracts.mdx

@@ -65,6 +65,11 @@ While you can implement these standards manually, we provide an abstract contrac
 - **ERC165 Support**: Includes the necessary `supportsInterface` function
 - **Metadata Access**: Helper function to decode workflow ID, name, and owner for custom validation logic
 
+{/* prettier-ignore */}
+<Aside type="caution" title="Important for simulation">
+  If you're using `cre workflow simulate`, you'll need to temporarily disable validation checks in your consumer contract. The simulation uses a `MockForwarder` that doesn't provide full metadata. See [Working with Simulation](#43-working-with-simulation) for the required code change.
+</Aside>
+
 ### 3.2 Contract Source Code
 
 ```solidity
@@ -325,21 +330,28 @@ contract MetadataAwareConsumer is IReceiverTemplate {
 
 ### 4.3 Working with Simulation
 
+{/* prettier-ignore */}
+<Aside type="caution" title="Temporary workaround">
+  This is a **temporary workaround** until the `MockForwarder` is updated. For deployed workflows, you should enable validation checks as described in [Configuring Security](#34-configuring-security).
+</Aside>
+
 When you run `cre workflow simulate`, your workflow interacts with a **`MockForwarder`** contract that does not provide the `workflow_name` or `workflow_owner` metadata. This means consumer contracts with `IReceiverTemplate`'s default validation **will fail during simulation**.
 
 **To test your consumer contract with simulation:**
 
 Override the `onReport` function to bypass validation checks:
 
 ```solidity
+// Temporary: For simulation only
+// Re-enable validation for production deployment
 function onReport(bytes calldata, bytes calldata report) external override {
   _processReport(report); // Skips validation checks
 }
 ```
 
 **For deployed workflows:**
 
-Deployed workflows use the real **`KeystoneForwarder`** contract, which provides full metadata. You can enable all permission checks (forwarder address, workflow ID, owner, name) for production deployments.
+Deployed workflows use the real **`KeystoneForwarder`** contract, which provides full metadata. Remove this override and enable permission checks for production deployments. See [Configuring Security](#34-configuring-security) for details.
 
 ## 5. Complete Examples
 

src/content/cre/llms-full-go.txt

@@ -2382,6 +2382,11 @@ While you can implement these standards manually, we provide an abstract contrac
 - **ERC165 Support**: Includes the necessary `supportsInterface` function
 - **Metadata Access**: Helper function to decode workflow ID, name, and owner for custom validation logic
 
+
+<Aside type="caution" title="Important for simulation">
+  If you're using `cre workflow simulate`, you'll need to temporarily disable validation checks in your consumer contract. The simulation uses a `MockForwarder` that doesn't provide full metadata. See [Working with Simulation](#43-working-with-simulation) for the required code change.
+</Aside>
+
 ### 3.2 Contract Source Code
 
 ```solidity
@@ -2642,21 +2647,28 @@ contract MetadataAwareConsumer is IReceiverTemplate {
 
 ### 4.3 Working with Simulation
 
+
+<Aside type="caution" title="Temporary workaround">
+  This is a **temporary workaround** until the `MockForwarder` is updated. For deployed workflows, you should enable validation checks as described in [Configuring Security](#34-configuring-security).
+</Aside>
+
 When you run `cre workflow simulate`, your workflow interacts with a **`MockForwarder`** contract that does not provide the `workflow_name` or `workflow_owner` metadata. This means consumer contracts with `IReceiverTemplate`'s default validation **will fail during simulation**.
 
 **To test your consumer contract with simulation:**
 
 Override the `onReport` function to bypass validation checks:
 
 ```solidity
+// Temporary: For simulation only
+// Re-enable validation for production deployment
 function onReport(bytes calldata, bytes calldata report) external override {
   _processReport(report); // Skips validation checks
 }
 ```
 
 **For deployed workflows:**
 
-Deployed workflows use the real **`KeystoneForwarder`** contract, which provides full metadata. You can enable all permission checks (forwarder address, workflow ID, owner, name) for production deployments.
+Deployed workflows use the real **`KeystoneForwarder`** contract, which provides full metadata. Remove this override and enable permission checks for production deployments. See [Configuring Security](#34-configuring-security) for details.
 
 ## 5. Complete Examples
 

src/content/cre/llms-full-ts.txt

@@ -1971,6 +1971,11 @@ While you can implement these standards manually, we provide an abstract contrac
 - **ERC165 Support**: Includes the necessary `supportsInterface` function
 - **Metadata Access**: Helper function to decode workflow ID, name, and owner for custom validation logic
 
+
+<Aside type="caution" title="Important for simulation">
+  If you're using `cre workflow simulate`, you'll need to temporarily disable validation checks in your consumer contract. The simulation uses a `MockForwarder` that doesn't provide full metadata. See [Working with Simulation](#43-working-with-simulation) for the required code change.
+</Aside>
+
 ### 3.2 Contract Source Code
 
 ```solidity
@@ -2231,21 +2236,28 @@ contract MetadataAwareConsumer is IReceiverTemplate {
 
 ### 4.3 Working with Simulation
 
+
+<Aside type="caution" title="Temporary workaround">
+  This is a **temporary workaround** until the `MockForwarder` is updated. For deployed workflows, you should enable validation checks as described in [Configuring Security](#34-configuring-security).
+</Aside>
+
 When you run `cre workflow simulate`, your workflow interacts with a **`MockForwarder`** contract that does not provide the `workflow_name` or `workflow_owner` metadata. This means consumer contracts with `IReceiverTemplate`'s default validation **will fail during simulation**.
 
 **To test your consumer contract with simulation:**
 
 Override the `onReport` function to bypass validation checks:
 
 ```solidity
+// Temporary: For simulation only
+// Re-enable validation for production deployment
 function onReport(bytes calldata, bytes calldata report) external override {
   _processReport(report); // Skips validation checks
 }
 ```
 
 **For deployed workflows:**
 
-Deployed workflows use the real **`KeystoneForwarder`** contract, which provides full metadata. You can enable all permission checks (forwarder address, workflow ID, owner, name) for production deployments.
+Deployed workflows use the real **`KeystoneForwarder`** contract, which provides full metadata. Remove this override and enable permission checks for production deployments. See [Configuring Security](#34-configuring-security) for details.
 
 ## 5. Complete Examples