Add --auth-mode flag for tx simulation#2602
Conversation
|
Claude encountered an error after 0s —— View job I'll analyze this and get back to you. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 689fb7b5ca
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| &tx, | ||
| resource_config, | ||
| None, | ||
| self.auth_mode.to_rpc(), |
There was a problem hiding this comment.
When tx simulate --auth-mode=root|non-root is used on an envelope that already contains auth entries (for example re-recording a partially authorized transaction to capture non-root sub-invocation auth), the RPC can return freshly recorded auth but the assembled output keeps the original entries because assemble only copies simulation.results[*].auth when body.auth.is_empty(). Passing the new record modes here therefore prints an XDR that is still missing the newly recorded authorization entries; the assembly path needs to know when an explicit record mode should replace existing auth instead of preserving it.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
This is correct but out of scope for the PR. tracking in another issue to fix the few things wrong with re-simulation: #2603
There was a problem hiding this comment.
Pull request overview
This PR adds a shared --auth-mode flag (and STELLAR_AUTH_MODE env var) to control Soroban RPC simulateTransaction.authMode behavior for transaction-simulating CLI commands, enabling users to explicitly choose between enforcing existing auth entries vs recording root/non-root auth during simulation while keeping the default behavior unchanged when unset.
Changes:
- Introduces a reusable
auth_modeargument module that maps CLI values (enforce,root,non-root) tosoroban_rpc::AuthMode. - Threads the selected auth mode through
simulate_and_assemble_transactioninto the RPC simulation call. - Adds/updates integration tests covering the new modes and env-var behavior, and updates generated help docs.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| FULL_HELP_DOCS.md | Documents --auth-mode for relevant commands and lists allowed values. |
| cmd/soroban-cli/src/tx.rs | Extends sim_sign_and_send_tx to accept and forward an optional RPC auth mode. |
| cmd/soroban-cli/src/lib.rs | Exposes the new auth_mode module. |
| cmd/soroban-cli/src/commands/tx/simulate.rs | Adds --auth-mode support to tx simulate and passes it into simulation. |
| cmd/soroban-cli/src/commands/contract/upload.rs | Adds --auth-mode support to contract upload and forwards it to tx simulation. |
| cmd/soroban-cli/src/commands/contract/restore.rs | Explicitly passes None auth mode for restore ops (RPC rejects authMode). |
| cmd/soroban-cli/src/commands/contract/invoke.rs | Adds --auth-mode support to contract invoke for both simulation-only and send paths. |
| cmd/soroban-cli/src/commands/contract/extend.rs | Explicitly passes None auth mode for extend ops (RPC rejects authMode). |
| cmd/soroban-cli/src/commands/contract/deploy/wasm.rs | Adds --auth-mode support to wasm deploy and forwards it through simulation/send flow. |
| cmd/soroban-cli/src/commands/contract/deploy/asset.rs | Updates call site for new sim_sign_and_send_tx signature (keeps auth mode unset). |
| cmd/soroban-cli/src/auth_mode.rs | New shared clap args + enum mapping into soroban_rpc::AuthMode, with unit tests. |
| cmd/soroban-cli/src/assembled.rs | Adds optional auth mode parameter and passes it into the RPC simulation call. |
| cmd/crates/soroban-test/tests/it/integration/tx/general.rs | Updates signature usage and adds tests covering tx simulate auth-mode behaviors. |
| cmd/crates/soroban-test/tests/it/integration/auth.rs | Adds integration tests for non-root auth mode (flag + env var) enabling successful signing/subcalls. |
What
Add an optional
--auth-modeflag (andSTELLAR_AUTH_MODEenv var) to the commands that simulate Soroban transactions:contract invoke,contract deploy,contract upload, andtx simulate. Accept three modes:enforce— validate the authorization entries already on the transaction.root— record authorization entries, requiring each to be rooted at the transaction's top-level operation.non-root— record all authorization entries, including non-root sub-invocation auth.Thread the selected mode into the RPC
simulateTransactionauthModeparameter throughsimulate_and_assemble_transaction. Leave the flag unset by default soNoneis passed and existing behavior is unchanged.Keep the flag off
extend/restore, which do not produceInvokeHostFunctionoperations and which the RPC rejects anauthModefor.Why
Fixes #2574
The CLI is a developer-focused tool, but it previously had a single, fixed behavior for simulating Soroban authorization and could not produce, sign, or submit transactions that use non-root authorization. Exposing the RPC's auth modes lets developers opt into non-root authorization (and explicit enforce/record behavior) on the commands that build and simulate transactions.
Known limitations
enforceauth mode is not valid oninvoke/deploy/upload. It was kept to avoid having duplicate auth mode structs for simulation and invoke commands, and to match the RPC's interface.