Fix CI regressions and sync repository docs

[wheval]

Summary

• Fix broken pnpm-lock.yaml duplicate services/ai-agent entry and repair merge-corrupted contract tests, extension settings, and relayer metrics
• Align ai-agent validation API (400 + { errors.fieldErrors }), remove duplicate draft-intent route, and update README/architecture docs (including test-fixtures, ai-agent MVP status, broken link fixes)
• Remove stale one-off markdown artifacts and add transfer-limit policy pointer in extension wallet security docs

Test plan

• pnpm install --frozen-lockfile
• pnpm verify
• pnpm docs:check-structure
• pnpm contracts:test
• GitHub CI workflows green on this branch

Summary by CodeRabbit

• New Features

  • Added extension wallet security documentation for transfer limits and step-up verification flows.
  • Added local verification commands and expanded documentation structure.

• Bug Fixes

  • Fixed validation error response format and metrics bucket recording logic.
  • Corrected transfer settings persistence with proper fallback validation.

• Documentation

  • Updated repository structure documentation with AI agent MVP and testing sections.
  • Reorganized architecture references and contributor guidelines.
  • Removed obsolete implementation documentation.

• Refactor

  • Improved code formatting and import statements across services.
  • Updated method signatures and test infrastructure.

• Tests

  • Added comprehensive test snapshots for contract and validation modules.
  • Updated integration tests with refined assertion patterns.

[coderabbitai]

Warning

Review limit reached

@wheval, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 20 minutes and 45 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3acd1d1e-9c34-48e5-b5c5-5255580c6379

📥 Commits

Reviewing files that changed from the base of the PR and between fae4ecd and 9b78eb6.

📒 Files selected for processing (8)

• .github/workflows/ci.yml
• .github/workflows/docs-repo-structure.yml
• .github/workflows/validate-observability.yml
• apps/extension-wallet/src/security/__tests__/vault-export.test.ts
• apps/extension-wallet/src/security/storage-manager.ts
• apps/extension-wallet/src/security/vault-export.ts
• apps/extension-wallet/vitest.config.ts
• packages/vitest.setup.ts

📝 Walkthrough

Walkthrough

This PR contains comprehensive updates across the repository: AI agent validation error handling now returns HTTP 400 with structured fieldErrors (replacing 422 with issues), the indexer worker gains a new synchronous checkpoint initialization method, contract test snapshots are refreshed across account and validation modules, extension wallet settings persistence is corrected, and documentation is updated to reflect the AI agent MVP status and contributor links.

Changes

AI Agent MVP Validation Error Handling

Layer / File(s)	Summary
Validation error response format and handling services/ai-agent/src/server.ts	Request validation errors on /v1/intents/validate now return HTTP 400 with grouped errors.fieldErrors (keyed by issue path or _root) instead of HTTP 422 with a raw issues array; invoice detection hardened with type guard; removed legacy /agent/draft-intent endpoint variant.
AI agent README and test updates services/ai-agent/README.md, src/__tests__/invoice.test.ts, tests/intent.test.ts	README status updated to MVP describing draft-only intent routes with requiresConfirmation enforcement; invoice test updated to expect 400 response with errors.fieldErrors.amount; test imports reformatted for readability.

Account Contract Session Key Testing

Layer / File(s)	Summary
Test implementation and assertions contracts/account/src/lib.rs	Removed unused snapshot helper functions; updated test_execute_session_key_expired setup for deterministic timing (ledger timestamp relative to expiry); refactored assertions in test_execute_session_key_end_to_end to use matches! pattern matching instead of direct equality for InvalidSignature and SessionKeyExpired errors.
Account contract test snapshots contracts/account/test_snapshots/test/*.json (22 files)	Updated 22 snapshots to include auth initialize invocation records, new nonce values in ledger entries, and consistent session-key bytes/expiry/permissions across all event payloads and diagnostic traces for initialize, add_session_key, execute variants, session_key_expired, session_key_end_to_end, has_session_key, refresh_session_key_ttl, and revoke_session_key tests.

Validation Modules Contract Snapshots

Layer / File(s)	Summary
Validation modules contract test snapshots contracts/validation-modules/test_snapshots/tests/*.json (7 files)	Added new comprehensive test snapshots covering contract initialization, validation authorization rules, target management (allowed/disallowed), and error scenarios including second-initialization rejection and disabled-target rejection.

Indexer Architecture Refactoring

Layer / File(s)	Summary
Worker initialization methods services/indexer/src/ingest/worker.rs, checkpoint.rs	Added new sync with_initial_checkpoint method for in-memory checkpoint seeding; updated bootstrap_from_store and with_checkpoint to use immutable self receiver; test code updated to use new checkpoint seeding and multi-line assertion formatting.
Pagination query optimization and API services/indexer/src/repositories/account_activity.rs, repositories/mod.rs	Refactored keyset pagination to use QueryBuilder without separate param_count tracking; rewrote cursor generation using Option::then() combinators; removed unused CursorError enum; removed wildcard pub use export from repositories module.
Metrics, error handling, and supporting changes services/indexer/src/main.rs, error.rs, metrics.rs, api/account_activity.rs, api/health.rs, schema/canonical.rs, Cargo.toml, tests/account_activity_api_test.rs	Updated main.rs metrics routing; error.rs BOM fix and dead_code attribute; metrics.rs chrono imports; sqlx offline feature removed; error message/query formatting standardized; response parsing unified via response_body_bytes helper function.

Extension Wallet Settings and UI

Layer / File(s)	Summary
Settings persistence validation fix apps/extension-wallet/src/stores/settings.ts	Corrected transferStepUpThreshold persist merge logic to validate type (number) and value (>= 0) with proper fallback to DEFAULTS.transferStepUpThreshold.
Wallet UI formatting improvements apps/extension-wallet/src/screens/Send/ReviewScreen.tsx, Settings/SecuritySettings.tsx, TransactionDetail.tsx, hooks/useSendTransaction.ts	Multi-line formatting for imports and JSX: ReviewScreen lucide-react imports, disabled/policyMessage conditions; TransactionDetail View Explorer refactored from Button(asChild) to direct <a> element with buttonVariants; error message and Current Settings header reformatted.

Web Dashboard and Relayer

Layer / File(s)	Summary
Web dashboard SendFlow formatting apps/web-dashboard/src/components/SendFlow.tsx	Multi-line formatting applied to handleInputChange callback, recipient/verification labels, policy status/daily remaining sections, and submit button disabled condition without changing underlying logic.
Relayer metrics and middleware services/relayer/src/metrics/index.ts, middleware/metricsCollector.ts, scheduler/__tests__/ScheduledTransferService.test.ts	Histogram bucket observation now records only first matching bucket; LoggedRequest type used for startTime lookup; errorCode reformatted; test timing assertion made more reliable with beforeProcess timestamp.

Documentation and Repository Configuration

Layer / File(s)	Summary
Code ownership and manifest updates .github/CODEOWNERS, PR_DESCRIPTION.md	CODEOWNERS pattern updated from /MAINTAINERS.md to /CONTRIBUTORS.md; PR_DESCRIPTION.md removed.
Main README and architecture docs README.md, docs/README.md, docs/architecture/OVERVIEW.md, RFC.md	README expanded with test-fixtures documentation, AI agent MVP status in roadmap, local verification commands, and CONTRIBUTORS link; docs/README.md reorganized with AI and Testing sections; OVERVIEW.md updated module references; RFC.md links updated.
Security and transfer limits documentation docs/security/extension-wallet.md	Added new section describing extension wallet transfer limits and step-up verification flow with policy types and settings references; TRANSFER_LIMITS_IMPLEMENTATION.md and KEY_ROTATION docs removed.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• ancore-org/ancore#706: Updates to services/ai-agent validation error response handling and related tests directly continue the intent validation scaffolding with the new fieldErrors structure.
• ancore-org/ancore#328: Overlaps at contracts/account/src/lib.rs session-key lifecycle tests and corresponding snapshots, with deterministic expiry timing changes.
• ancore-org/ancore#554: Removed TRANSFER_LIMITS_IMPLEMENTATION.md documentation and includes the follow-up extension wallet settings persistence fix for the same transfer limits feature.

🐰 Session keys now leap with determinism,
Validation errors rest cleanly on 400,
Checkpoints seed themselves with grace—
A hop forward through the contract space. 🌿

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/ci-docs-cleanup

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/ISSUE_TEMPLATE/release.md:
- Line 24: The link on line referencing "Refer to
[docs/release/checklist.md](file:///c:/...)" uses a machine-local file:// URL
and must be replaced with a repository-relative Markdown link; update the link
target to the repo-relative path (for example, docs/release/checklist.md or
./docs/release/checklist.md) so the reference renders correctly on GitHub and
for all users—edit the text containing "docs/release/checklist.md" to use the
relative URL instead of the file:// URL.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 44635dfe-1784-46db-b4bc-70556f11f402

📥 Commits

Reviewing files that changed from the base of the PR and between 64e5f9c and fae4ecd.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (67)

• .github/CODEOWNERS
• .github/ISSUE_TEMPLATE/release.md
• .github/workflows/ci.yml
• PR_DESCRIPTION.md
• README.md
• RFC.md
• TRANSFER_LIMITS_IMPLEMENTATION.md
• apps/extension-wallet/src/hooks/useSendTransaction.ts
• apps/extension-wallet/src/screens/Send/ReviewScreen.tsx
• apps/extension-wallet/src/screens/Settings/SecuritySettings.tsx
• apps/extension-wallet/src/screens/TransactionDetail.tsx
• apps/extension-wallet/src/stores/settings.ts
• apps/web-dashboard/src/components/SendFlow.tsx
• contracts/account/src/lib.rs
• contracts/account/test_snapshots/test/test_add_session_key.1.json
• contracts/account/test_snapshots/test/test_add_session_key_emits_event.1.json
• contracts/account/test_snapshots/test/test_double_initialize.1.json
• contracts/account/test_snapshots/test/test_execute_cross_contract_invocation.1.json
• contracts/account/test_snapshots/test/test_execute_emits_event.1.json
• contracts/account/test_snapshots/test/test_execute_rejects_duplicate_nonce.1.json
• contracts/account/test_snapshots/test/test_execute_rejects_invalid_nonce.1.json
• contracts/account/test_snapshots/test/test_execute_session_key_end_to_end.1.json
• contracts/account/test_snapshots/test/test_execute_session_key_expired.1.json
• contracts/account/test_snapshots/test/test_execute_validates_nonce_then_increments.1.json
• contracts/account/test_snapshots/test/test_has_session_key_absent.1.json
• contracts/account/test_snapshots/test/test_has_session_key_after_revoke.1.json
• contracts/account/test_snapshots/test/test_has_session_key_present.1.json
• contracts/account/test_snapshots/test/test_initialize.1.json
• contracts/account/test_snapshots/test/test_initialize_emits_event.1.json
• contracts/account/test_snapshots/test/test_refresh_session_key_ttl.1.json
• contracts/account/test_snapshots/test/test_refresh_session_key_ttl_unknown_key_returns_session_key_not_found.1.json
• contracts/account/test_snapshots/test/test_revoke_session_key_emits_event.1.json
• contracts/account/test_snapshots/test/test_revoke_session_key_removes_session_key_storage_entry.1.json
• contracts/validation-modules/test_snapshots/tests/initialize_rejects_second_initialization.1.json
• contracts/validation-modules/test_snapshots/tests/initialize_sets_admin_and_enabled_state.1.json
• contracts/validation-modules/test_snapshots/tests/read_paths_reject_before_initialization.1.json
• contracts/validation-modules/test_snapshots/tests/removing_target_revokes_validation.1.json
• contracts/validation-modules/test_snapshots/tests/validate_allows_configured_target.1.json
• contracts/validation-modules/test_snapshots/tests/validate_rejects_unconfigured_target.1.json
• contracts/validation-modules/test_snapshots/tests/validate_rejects_when_disabled.1.json
• docs/README.md
• docs/architecture/OVERVIEW.md
• docs/ops/KEY_ROTATION_IMPLEMENTATION.md
• docs/ops/KEY_ROTATION_TEST_REPORT.md
• docs/ops/mvp-launch-dry-run-report.md
• docs/security/extension-wallet.md
• issue.md
• services/ai-agent/README.md
• services/ai-agent/src/__tests__/invoice.test.ts
• services/ai-agent/src/server.ts
• services/ai-agent/tests/intent.test.ts
• services/indexer/Cargo.toml
• services/indexer/src/api/account_activity.rs
• services/indexer/src/api/health.rs
• services/indexer/src/error.rs
• services/indexer/src/ingest/backfill.rs
• services/indexer/src/ingest/checkpoint.rs
• services/indexer/src/ingest/worker.rs
• services/indexer/src/main.rs
• services/indexer/src/metrics.rs
• services/indexer/src/repositories/account_activity.rs
• services/indexer/src/repositories/mod.rs
• services/indexer/src/schema/canonical.rs
• services/indexer/tests/account_activity_api_test.rs
• services/relayer/src/metrics/index.ts
• services/relayer/src/middleware/metricsCollector.ts
• services/relayer/src/scheduler/__tests__/ScheduledTransferService.test.ts

💤 Files with no reviewable changes (7)

• docs/ops/mvp-launch-dry-run-report.md
• docs/ops/KEY_ROTATION_TEST_REPORT.md
• docs/ops/KEY_ROTATION_IMPLEMENTATION.md
• issue.md
• TRANSFER_LIMITS_IMPLEMENTATION.md
• PR_DESCRIPTION.md
• services/indexer/src/repositories/mod.rs

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Replace local filesystem link with a repository-relative link.

Line 24 points to a machine-local file:///c:/... path, which is broken for other users and in GitHub rendering. Use a relative repo path instead.

Suggested fix

-> Refer to [docs/release/checklist.md](file:///c:/Users/ADMIN/Desktop/lekan-drips/ancore/docs/release/checklist.md) for detailed requirements.
+> Refer to [docs/release/checklist.md](../../docs/release/checklist.md) for detailed requirements.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	> Refer to [docs/release/checklist.md](file:///c:/Users/ADMIN/Desktop/lekan-drips/ancore/docs/release/checklist.md) for detailed requirements.
	> Refer to [docs/release/checklist.md](../../docs/release/checklist.md) for detailed requirements.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/ISSUE_TEMPLATE/release.md at line 24, The link on line referencing
"Refer to [docs/release/checklist.md](file:///c:/...)" uses a machine-local
file:// URL and must be replaced with a repository-relative Markdown link;
update the link target to the repo-relative path (for example,
docs/release/checklist.md or ./docs/release/checklist.md) so the reference
renders correctly on GitHub and for all users—edit the text containing
"docs/release/checklist.md" to use the relative URL instead of the file:// URL.