AztecProtocol · dbanks12 · May 13, 2026
@@ -0,0 +1,86 @@
+use crate::context::calls::{PublicCall, PublicStaticCall};
+use crate::protocol::{abis::function_selector::FunctionSelector, address::AztecAddress, traits::ToField};
+
+/// Hand-written interface stub for the `AuthRegistry` canonical contract.
+///
+/// The `AuthRegistry` contract records public authentication witnesses
+/// (`set_authorized`, `set_reject_all`) and atomically consumes them at
+/// the consumer (`consume`). Consumer code in aztec-nr's `authwit::public`
+/// module calls into the registry via this interface.
+///
+/// The selectors are derived with `comptime { FunctionSelector::from_signature(...) }`,
+/// which matches exactly what the `#[aztec]` macro generates for the real contract.
+pub struct AuthRegistryInterface {
+    pub target_contract: AztecAddress,
+}
+
+impl AuthRegistryInterface {
+    pub fn at(target_contract: AztecAddress) -> Self {
+        Self { target_contract }
+    }
+
+    pub fn _set_authorized(
+        self,
+        approver: AztecAddress,
+        message_hash: Field,
+        authorize: bool,
+    ) -> PublicCall<15, 3, ()> {
+        let selector = comptime { FunctionSelector::from_signature("_set_authorized((Field),Field,bool)") };
+        PublicCall::new(
+            self.target_contract,
+            selector,
+            "_set_authorized",
+            [approver.to_field(), message_hash, authorize as Field],
+        )
+    }
+
+    pub fn consume(self, on_behalf_of: AztecAddress, inner_hash: Field) -> PublicCall<7, 2, Field> {
+        let selector = comptime { FunctionSelector::from_signature("consume((Field),Field)") };
+        PublicCall::new(
+            self.target_contract,
+            selector,
+            "consume",
+            [on_behalf_of.to_field(), inner_hash],
+        )
+    }
+
+    pub fn is_consumable(self, on_behalf_of: AztecAddress, message_hash: Field) -> PublicStaticCall<13, 2, bool> {
+        let selector = comptime { FunctionSelector::from_signature("is_consumable((Field),Field)") };
+        PublicStaticCall::new(
+            self.target_contract,
+            selector,
+            "is_consumable",
+            [on_behalf_of.to_field(), message_hash],
+        )
+    }
+
+    pub fn is_reject_all(self, on_behalf_of: AztecAddress) -> PublicStaticCall<13, 1, bool> {
+        let selector = comptime { FunctionSelector::from_signature("is_reject_all((Field))") };
+        PublicStaticCall::new(
+            self.target_contract,
+            selector,
+            "is_reject_all",
+            [on_behalf_of.to_field()],
+        )
+    }
+
+    pub fn set_authorized(self, message_hash: Field, authorize: bool) -> PublicCall<14, 2, ()> {
+        let selector = comptime { FunctionSelector::from_signature("set_authorized(Field,bool)") };
+        PublicCall::new(
+            self.target_contract,
+            selector,
+            "set_authorized",
+            [message_hash, authorize as Field],
+        )
+    }
+
+    pub fn set_reject_all(self, reject: bool) -> PublicCall<14, 1, ()> {
+        let selector = comptime { FunctionSelector::from_signature("set_reject_all(bool)") };
+        PublicCall::new(
+            self.target_contract,
+            selector,
+            "set_reject_all",
+            [reject as Field],
+        )
+    }
+}
@@ -1,6 +1,7 @@
 //! Authorization.
 
 pub mod account;
+pub mod auth_registry_interface;
 pub mod authorization_interface;
 mod authorization_selector;
 pub use authorization_selector::AuthorizationSelector;

@@ -1,5 +1,7 @@
-use crate::{authwit::utils::{compute_inner_authwit_hash, IS_VALID_SELECTOR}, context::{gas::GasOpts, PublicContext}};
-use crate::protocol::{abis::function_selector::FunctionSelector, address::AztecAddress, traits::ToField};
+use crate::authwit::auth_registry_interface::AuthRegistryInterface;
+use crate::authwit::utils::{compute_inner_authwit_hash, IS_VALID_SELECTOR};
+use crate::context::PublicContext;
+use crate::protocol::{address::AztecAddress, traits::ToField};
 use standard_addresses::AUTH_REGISTRY_ADDRESS;
 
 /// Public-flow authwit helpers.
@@ -86,14 +88,8 @@ pub unconstrained fn assert_inner_hash_valid_authwit_public(
     on_behalf_of: AztecAddress,
     inner_hash: Field,
 ) {
-    let results: [Field] = context.call_public_function(
-        AUTH_REGISTRY_ADDRESS,
-        comptime { FunctionSelector::from_signature("consume((Field),Field)") },
-        [on_behalf_of.to_field(), inner_hash],
-        GasOpts::default(),
-    );
-    assert(results.len() == 1, "Invalid response from registry");
-    assert(results[0] == IS_VALID_SELECTOR, "Message not authorized by account");
+    let result = AuthRegistryInterface::at(AUTH_REGISTRY_ADDRESS).consume(on_behalf_of, inner_hash).call(context);
+    assert(result == IS_VALID_SELECTOR, "Message not authorized by account");
 }
 
 /// Helper function to set the authorization status of a message hash
@@ -103,13 +99,7 @@ pub unconstrained fn assert_inner_hash_valid_authwit_public(
 /// @param message_hash The hash of the message to authorize @param authorize True if the message should be authorized,
 /// false if it should be revoked
 pub unconstrained fn set_authorized(context: PublicContext, message_hash: Field, authorize: bool) {
-    let res = context.call_public_function(
-        AUTH_REGISTRY_ADDRESS,
-        comptime { FunctionSelector::from_signature("set_authorized(Field,bool)") },
-        [message_hash, authorize as Field],
-        GasOpts::default(),
-    );
-    assert(res.len() == 0);
+    AuthRegistryInterface::at(AUTH_REGISTRY_ADDRESS).set_authorized(message_hash, authorize).call(context);
 }
 
 /// Helper function to reject all authwits
@@ -118,11 +108,5 @@ pub unconstrained fn set_authorized(context: PublicContext, message_hash: Field,
 ///
 /// @param reject True if all authwits should be rejected, false otherwise
 pub unconstrained fn set_reject_all(context: PublicContext, reject: bool) {
-    let res = context.call_public_function(
-        AUTH_REGISTRY_ADDRESS,
-        comptime { FunctionSelector::from_signature("set_reject_all(bool)") },
-        [reject as Field],
-        GasOpts::default(),
-    );
-    assert(res.len() == 0);
+    AuthRegistryInterface::at(AUTH_REGISTRY_ADDRESS).set_reject_all(reject).call(context);
 }
@@ -47,6 +47,7 @@ pub(crate) mod logging;
 pub mod utils;
 pub mod authwit;
 pub mod public_checks;
+pub mod public_checks_interface;
 pub mod macros;
 
 pub mod test;
@@ -1,6 +1,5 @@
-use crate::context::calls::PublicStaticCall;
 use crate::context::PrivateContext;
-use crate::protocol::abis::function_selector::FunctionSelector;
+use crate::public_checks_interface::PublicChecksInterface;
 use standard_addresses::PUBLIC_CHECKS_ADDRESS;
 
 // docs:start:helper_public_checks_functions
@@ -10,14 +9,7 @@ use standard_addresses::PUBLIC_CHECKS_ADDRESS;
 /// This conceals an address of the calling contract by setting `context.msg_sender` to the public checks contract
 /// address.
 pub fn privately_check_timestamp(operation: u8, value: u64, context: &mut PrivateContext) {
-    let selector = comptime { FunctionSelector::from_signature("check_timestamp(u8,u64)") };
-    let call: PublicStaticCall<15, 2, ()> = PublicStaticCall::new(
-        PUBLIC_CHECKS_ADDRESS,
-        selector,
-        "check_timestamp",
-        [operation as Field, value as Field],
-    );
-    call.enqueue_view_incognito(context);
+    PublicChecksInterface::at(PUBLIC_CHECKS_ADDRESS).check_timestamp(operation, value).enqueue_view_incognito(context);
 }
 
 /// Asserts that the current block number in the enqueued public call enqueued by `check_block_number` satisfies
@@ -27,14 +19,7 @@ pub fn privately_check_timestamp(operation: u8, value: u64, context: &mut Privat
 /// address.
 pub fn privately_check_block_number(operation: u8, value: u32, context: &mut PrivateContext) {
     // docs:start:enqueueing
-    let selector = comptime { FunctionSelector::from_signature("check_block_number(u8,u32)") };
-    let call: PublicStaticCall<18, 2, ()> = PublicStaticCall::new(
-        PUBLIC_CHECKS_ADDRESS,
-        selector,
-        "check_block_number",
-        [operation as Field, value as Field],
-    );
-    call.enqueue_view_incognito(context);
+    PublicChecksInterface::at(PUBLIC_CHECKS_ADDRESS).check_block_number(operation, value).enqueue_view_incognito(context);
     // docs:end:enqueueing
 }
 // docs:end:helper_public_checks_functions
@@ -0,0 +1,41 @@
+use crate::context::calls::PublicStaticCall;
+use crate::protocol::abis::function_selector::FunctionSelector;
+use crate::protocol::address::AztecAddress;
+
+/// Hand-written interface stub for the `PublicChecks` standard contract.
+///
+/// The `PublicChecks` contract exposes two view functions that can be enqueued
+/// from private context via `enqueue_view_incognito` to assert timestamp or
+/// block-number constraints without revealing the calling contract address.
+///
+/// The selectors are derived with `comptime { FunctionSelector::from_signature(...) }`,
+/// which matches exactly what the `#[aztec]` macro generates for the real contract.
+pub struct PublicChecksInterface {
+    pub target_contract: AztecAddress,
+}
+
+impl PublicChecksInterface {
+    pub fn at(target_contract: AztecAddress) -> Self {
+        Self { target_contract }
+    }
+
+    pub fn check_timestamp(self, operation: u8, value: u64) -> PublicStaticCall<15, 2, ()> {
+        let selector = comptime { FunctionSelector::from_signature("check_timestamp(u8,u64)") };
+        PublicStaticCall::new(
+            self.target_contract,
+            selector,
+            "check_timestamp",
+            [operation as Field, value as Field],
+        )
+    }
+
+    pub fn check_block_number(self, operation: u8, value: u32) -> PublicStaticCall<18, 2, ()> {
+        let selector = comptime { FunctionSelector::from_signature("check_block_number(u8,u32)") };
+        PublicStaticCall::new(
+            self.target_contract,
+            selector,
+            "check_block_number",
+            [operation as Field, value as Field],
+        )
+    }
+}