feat: merge-train/fairies (#23815)

BEGIN_COMMIT_OVERRIDE
chore: document browser kv-store backend migration (#23779)
feat(aztec-nr): Compute unconstrained tag in Noir over PXE and
generalize get_next_tagging_index oracle (#23796)
refactor(txe): migrate rpc_translator to typed oracle registry (#23530)
feat(pxe)!: allow apps to inject tagging secrets into
getPendingTaggedLogs (#23777)
feat(txe): add oracle roundtrip test framework (#23537)
fix: embedded wallet defaults to proposed (#23819)
feat(aztec-nr): discover non-interactive handshakes in the registry
(#23806)
refactor(txe): normalize deploy and addAccount to oracle registry
(#23536)
fix: wait for checkpoint during sandbox setup (#23834)
feat(standard-contracts): graduate handshake registry to standard
contract (#23833)
END_COMMIT_OVERRIDE

Author: Thunkar

bootstrap.sh

@@ -337,35 +337,50 @@ function start_txes {
   # Until Kev's kzg lib stops using Tokio.
   export TOKIO_WORKER_THREADS=1
 
-  # Starting txe servers with incrementing port numbers.
-  # Base port is below the Linux ephemeral range (32768-60999) to avoid conflicts.
-  local txe_base_port=14730
-  for i in $(seq 0 $((NUM_TXES-1))); do
-    port=$((txe_base_port + i))
-    existing_pid=$(lsof -ti :$port || true)
+  kill_port() {
+    local port=$1
+    local existing_pid=$(lsof -ti :$port || true)
     if [ -n "$existing_pid" ]; then
       echo "Killing existing process $existing_pid on port: $port"
       check_port $port
       kill -9 $existing_pid &>/dev/null || true
       while kill -0 $existing_pid &>/dev/null; do sleep 0.1; done
     fi
+  }
+
+  # Starting txe servers with incrementing port numbers.
+  # Base port is below the Linux ephemeral range (32768-60999) to avoid conflicts.
+  local txe_base_port=14730
+  for i in $(seq 0 $((NUM_TXES-1))); do
+    port=$((txe_base_port + i))
+    kill_port $port
     dump_fail "LOG_LEVEL=info TXE_PORT=$port retry 'node --no-warnings ./yarn-project/txe/dest/bin/index.js'" &
     txe_pids+="$! "
   done
 
-  echo "Waiting for TXE's to start..."
+  # Start the oracle test resolver for __oracle_test__-prefixed tests.
+  local resolver_port=14830
+  kill_port $resolver_port
+  dump_fail "LOG_LEVEL=error ORACLE_TEST_PORT=$resolver_port node --no-warnings ./yarn-project/txe/dest/bin/oracle_test_server.js" &
+  txe_pids+="$! "
+
+  wait_for_port() {
+    local port=$1 name=$2 j=0
+    echo "Waiting for $name to start..."
+    while ! nc -z 127.0.0.1 $port &>/dev/null; do
+      if [ $j == 60 ]; then
+        echo_stderr "$name failed to start on port $port after 60s."
+        check_port $port
+        exit 1
+      fi
+      sleep 1
+      j=$((j+1))
+    done
+  }
   for i in $(seq 0 $((NUM_TXES-1))); do
-      local j=0
-      while ! nc -z 127.0.0.1 $((txe_base_port + i)) &>/dev/null; do
-        if [ $j == 60 ]; then
-          echo_stderr "TXE $i failed to start on port $((txe_base_port + i)) after 60s."
-          check_port $((txe_base_port + i))
-          exit 1
-        fi
-        sleep 1
-        j=$((j+1))
-      done
+    wait_for_port $((txe_base_port + i)) "TXE $i"
   done
+  wait_for_port $resolver_port "oracle test resolver"
 }
 
 function stop_txes {

docs/docs-developers/docs/resources/migration_notes.md

@@ -9,6 +9,10 @@ Aztec is in active development. Each version may introduce breaking changes that
 
 ## TBD
 
+### [Aztec.nr] `get_pending_tagged_logs` oracle interface updated (oracle version 28)
+
+The `aztec_utl_getPendingTaggedLogs` oracle now takes an additional `provided_secrets` parameter of type `EphemeralArray<ProvidedSecret>`. This lets apps pass tagging secrets that PXE cannot derive on its own (e.g. handshake-derived secrets) alongside the secrets PXE manages internally.
+
 ### [Aztec.nr] `set_sender_for_tags` oracle removed
 
 The `set_sender_for_tags` oracle has been removed. Contracts that used it to override the sender for discovery tag derivation should now use the `with_sender` builder method on `MessageDelivery`:

noir-projects/aztec-nr/aztec/src/macros/mod.nr

@@ -14,3 +14,4 @@ pub mod notes;
 pub mod storage;
 pub mod events;
 pub mod authorization;
+pub(crate) mod oracle_testing;

noir-projects/aztec-nr/aztec/src/macros/oracle_testing.nr

@@ -0,0 +1,66 @@
+/// Marks a function as an oracle integration test.
+///
+/// Oracle tests verify that TS and Noir agree on oracle serialization. The test calls a real oracle function, which the
+/// TS resolver matches against hardcoded fixtures to verify both param deserialization and return serialization across
+/// the Noir-TS boundary.
+///
+/// Oracle tests use a dedicated TS oracle resolver server (different from the one used by TXE). The macro generates a
+/// `#[test]` wrapper with a `__oracle_test__` prefix that calls the original function, so that:
+/// - They run against the test resolver rather than the TXE oracle resolver
+/// - The CI test runner can target them separately
+///
+/// For oracles with no inputs and multiple fixture scenarios, pass a scenario name to select which fixture to use:
+/// `#[oracle_test("some")]`. The resolver matches the name against the fixture's `name` field.
+///
+/// ## Usage
+///
+/// ```noir
+/// use crate::macros::oracle_testing::oracle_test;
+///
+/// #[oracle_test]
+/// unconstrained fn my_oracle() {
+///     let result = my_oracle_internal(42);
+///     assert_eq(result, 9999, "expected value");
+/// }
+///
+/// #[oracle_test("some")]
+/// unconstrained fn my_oracle_returns_some() {
+///     let result = my_optional_oracle();
+///     assert(result.is_some(), "expected Some");
+/// }
+///
+/// #[oracle_test("none")]
+/// unconstrained fn my_oracle_returns_none() {
+///     let result = my_optional_oracle();
+///     assert(result.is_none(), "expected None");
+/// }
+/// ```
+#[varargs]
+pub comptime fn oracle_test(f: FunctionDefinition, args: [CtString]) -> Quoted {
+    let name = f.name();
+    let prefixed_name = f"__oracle_test__{name}".quoted_contents();
+
+    // If a scenario was configured, then call the oracle to set the scenario
+    let setup = if args.len() == 0 {
+        quote {}
+    } else {
+        let scenario = args[0].as_quoted_str!();
+        quote { crate::macros::oracle_testing::set_oracle_test_scenario_oracle($scenario); }
+    };
+
+    // Generate test to call the function that contains the oracle call and assertions
+    quote {
+        #[test]
+        unconstrained fn $prefixed_name() {
+            $setup
+            $name()
+        }
+    }
+}
+
+/// Tells the oracle test resolver to use a named fixture scenario for the next oracle call in this test session. This
+/// oracle is only handled by the test resolver (PXE and TXE do not implement it). Called automatically by the
+/// `#[oracle_test("scenario_name")]` macro.
+///
+#[oracle(aztec_oracle_test_set_scenario)]
+pub(crate) unconstrained fn set_oracle_test_scenario_oracle<let N: u32>(_scenario_name: str<N>) {}

noir-projects/aztec-nr/aztec/src/messages/discovery/mod.nr

@@ -1,5 +1,6 @@
 use crate::logging::{aztecnr_debug_log, aztecnr_debug_log_format, aztecnr_warn_log_format};
 use crate::protocol::address::AztecAddress;
+use crate::protocol::hash::sha256_to_field;
 
 pub(crate) mod nonce_discovery;
 pub(crate) mod partial_notes;
@@ -8,19 +9,24 @@ pub mod private_notes;
 pub mod process_message;
 
 use crate::{
+    ephemeral::EphemeralArray,
     messages::{
         discovery::process_message::process_message_ciphertext,
         encoding::MAX_MESSAGE_CONTENT_LEN,
         logs::note::MAX_NOTE_PACKED_LEN,
         processing::{
             MessageContext, offchain::OffchainInboxSync, OffchainMessageWithContext,
-            pending_tagged_log::PendingTaggedLog, validate_and_store_enqueued_notes_and_events,
+            pending_tagged_log::PendingTaggedLog, provided_secret::ProvidedSecret,
+            validate_and_store_enqueued_notes_and_events,
         },
     },
     oracle::message_processing,
     utils::array,
 };
 
+global PROVIDED_SECRETS_ARRAY_BASE_SLOT: Field =
+    sha256_to_field("AZTEC_NR::PROVIDED_SECRETS_ARRAY_BASE_SLOT".as_bytes());
+
 pub struct NoteHashAndNullifier {
     /// The result of [`crate::note::note_interface::NoteHash::compute_note_hash`].
     pub note_hash: Field,
@@ -139,7 +145,9 @@ pub unconstrained fn do_sync_state(
 
     // First we process all private logs, which can contain different kinds of messages e.g. private notes, partial
     // notes, private events, etc.
-    let logs = message_processing::get_pending_tagged_logs(scope);
+    // TODO(F-588): populate with tagging secrets for constrained delivery
+    let provided_secrets = EphemeralArray::<ProvidedSecret>::at(PROVIDED_SECRETS_ARRAY_BASE_SLOT).clear();
+    let logs = message_processing::get_pending_tagged_logs(scope, provided_secrets);
     logs.for_each(|_i, pending_tagged_log: PendingTaggedLog| {
         if pending_tagged_log.log.len() == 0 {
             aztecnr_warn_log_format!("Skipping empty log from tx {0}")([pending_tagged_log.context.tx_hash]);

noir-projects/aztec-nr/aztec/src/messages/encryption/aes128.nr

@@ -509,8 +509,6 @@ mod test {
             let randomness = 0x0101010101010101010101010101010101010101010101010101010101010101;
             let _ = OracleMock::mock("aztec_utl_getRandomField").returns(randomness).times(1000000);
 
-            let _ = OracleMock::mock("aztec_prv_getNextAppTagAsSender").returns(42);
-
             // Encrypt the message
             let encrypted_message = BoundedVec::from_array(AES128::encrypt(plaintext, recipient, contract_address));
 

noir-projects/aztec-nr/aztec/src/messages/logs/utils.nr

@@ -1,5 +1,6 @@
-use crate::oracle::notes::{get_next_app_tag_as_sender, get_sender_for_tags};
-use crate::protocol::address::AztecAddress;
+use crate::messages::message_delivery::ONCHAIN_UNCONSTRAINED;
+use crate::oracle::{notes::{get_app_tagging_secret, get_next_tagging_index, get_sender_for_tags}, random::random};
+use crate::protocol::{address::AztecAddress, hash::poseidon2_hash};
 
 // TODO(#14565): Add constrained tagging
 /// Returns the next discovery tag for a private log sent to `recipient`.
@@ -18,12 +19,22 @@ pub(crate) fn compute_discovery_tag(recipient: AztecAddress, sender_override: Op
                 f"Sender for tags is not set when emitting a private log and no override is set. Ensure the wallet provides a default sender.",
             )
         });
-        get_next_app_tag_as_sender(sender, recipient)
+        get_app_tagging_secret(sender, recipient).map_or_else(
+            || {
+                // The oracle returns `None` for invalid recipients. To prevent king-of-the-hill attacks, emit a random
+                // tag instead of failing: the log shape is preserved, even though no recipient can discover the note.
+                random()
+            },
+            |secret| {
+                let index = get_next_tagging_index(secret, ONCHAIN_UNCONSTRAINED);
+                poseidon2_hash([secret, index as Field])
+            },
+        )
     }
 }
 
 mod test {
-    use crate::protocol::{address::AztecAddress, traits::FromField};
+    use crate::protocol::{address::AztecAddress, hash::poseidon2_hash, traits::FromField};
     use crate::test::helpers::test_environment::TestEnvironment;
     use super::compute_discovery_tag;
     use std::test::OracleMock;
@@ -32,18 +43,30 @@ mod test {
     unconstrained fn no_tag_sender() {
         let recipient = AztecAddress::from_field(2);
         let _ = OracleMock::mock("aztec_prv_getSenderForTags").returns(Option::<AztecAddress>::none());
-        let _ = OracleMock::mock("aztec_prv_getNextAppTagAsSender").returns(42);
         let _ = compute_discovery_tag(recipient, Option::none());
     }
 
     #[test]
-    unconstrained fn returns_oracle_tag() {
+    unconstrained fn computes_tag_from_secret_and_index() {
         let sender = AztecAddress::from_field(1);
         let recipient = AztecAddress::from_field(2);
-        let expected_tag = 42;
+        let secret: Field = 7;
+        let index: u32 = 3;
         let _ = OracleMock::mock("aztec_prv_getSenderForTags").returns(Option::some(sender));
-        let _ = OracleMock::mock("aztec_prv_getNextAppTagAsSender").returns(expected_tag);
-        assert_eq(compute_discovery_tag(recipient, Option::none()), expected_tag);
+        let _ = OracleMock::mock("aztec_prv_getAppTaggingSecret").returns(Option::some(secret));
+        let _ = OracleMock::mock("aztec_prv_getNextTaggingIndex").returns(index);
+        assert_eq(compute_discovery_tag(recipient, Option::none()), poseidon2_hash([secret, index as Field]));
+    }
+
+    #[test]
+    unconstrained fn uses_random_tag_for_invalid_recipient() {
+        let sender = AztecAddress::from_field(1);
+        let recipient = AztecAddress::from_field(2);
+        let random_tag = 42;
+        let _ = OracleMock::mock("aztec_prv_getSenderForTags").returns(Option::some(sender));
+        let _ = OracleMock::mock("aztec_prv_getAppTaggingSecret").returns(Option::<Field>::none());
+        let _ = OracleMock::mock("aztec_utl_getRandomField").returns(random_tag);
+        assert_eq(compute_discovery_tag(recipient, Option::none()), random_tag);
     }
 
     #[test]

noir-projects/aztec-nr/aztec/src/messages/processing/log_retrieval_request.nr

@@ -1,16 +1,16 @@
 use crate::protocol::{address::AztecAddress, traits::Serialize};
 
-pub(crate) struct LogSourceEnum {
+pub struct LogSourceEnum {
     pub PRIVATE: Field,
     pub PUBLIC: Field,
     pub PUBLIC_AND_PRIVATE: Field,
 }
 
-pub(crate) global LogSource: LogSourceEnum = LogSourceEnum { PRIVATE: 0, PUBLIC: 1, PUBLIC_AND_PRIVATE: 2 };
+pub global LogSource: LogSourceEnum = LogSourceEnum { PRIVATE: 0, PUBLIC: 1, PUBLIC_AND_PRIVATE: 2 };
 
 /// A request for the `bulk_retrieve_logs` oracle to fetch all logs matching a tag.
 #[derive(Serialize)]
-pub(crate) struct LogRetrievalRequest {
+pub struct LogRetrievalRequest {
     pub contract_address: AztecAddress,
     pub unsiloed_tag: Field,
     /// Which log source to query: public, private, or both (the default). See [`LogSource`].

noir-projects/aztec-nr/aztec/src/messages/processing/log_retrieval_response.nr

@@ -12,7 +12,7 @@ pub(crate) global MAX_LOG_CONTENT_LEN: u32 = std::cmp::max(
 /// plaintext for public logs and ciphertext for private), plus contextual information about the transaction in which
 /// the log was emitted. This is the data required in order to discover notes that are being delivered in a log.
 #[derive(Deserialize, Eq)]
-pub(crate) struct LogRetrievalResponse {
+pub struct LogRetrievalResponse {
     pub log_payload: BoundedVec<Field, MAX_LOG_CONTENT_LEN>,
     pub tx_hash: Field,
     /// The array of new note hashes created by `tx_hash`

noir-projects/aztec-nr/aztec/src/messages/processing/mod.nr

@@ -7,9 +7,10 @@ pub use message_context::MessageContext;
 mod note_validation_request;
 pub use note_validation_request::NoteValidationRequest;
 
-pub(crate) mod log_retrieval_request;
-pub(crate) mod log_retrieval_response;
+pub mod log_retrieval_request;
+pub mod log_retrieval_response;
 pub(crate) mod pending_tagged_log;
+pub(crate) mod provided_secret;
 
 use crate::{
     capsules::CapsuleArray,