refactor: replace undefined scopes with 'ALL_SCOPES' string literal (#20448)

## Summary

- Replace `undefined` with the `'ALL_SCOPES'` string literal across the
scopes type (`'ALL_SCOPES' | AztecAddress[]`) to make the "all accounts"
semantic explicit rather than relying on `undefined`
- Update all call sites across `pxe`, `txe`, `wallet-sdk`, `wallets`,
`cli-wallet`, `end-to-end`

Author: nchamo

boxes/boxes/vanilla/app/embedded-wallet.ts

@@ -366,6 +366,7 @@ export class EmbeddedWallet extends BaseWallet {
       skipTxValidation: true,
       skipFeeEnforcement: true,
       overrides: { contracts: contractOverrides },
+      scopes: this.scopesFor(opts.from)
     });
   }
 }

yarn-project/cli-wallet/src/cmds/check_tx.ts

@@ -88,7 +88,7 @@ async function inspectTx(wallet: CLIWallet, aztecNode: AztecNode, txHash: TxHash
     for (const nullifier of effects.nullifiers) {
       const deployed = deployNullifiers[nullifier.toString()];
       const note = deployed
-        ? (await wallet.getNotes({ siloedNullifier: nullifier, contractAddress: deployed }))[0]
+        ? (await wallet.getNotes({ siloedNullifier: nullifier, contractAddress: deployed, scopes: 'ALL_SCOPES' }))[0]
         : undefined;
       const initialized = initNullifiers[nullifier.toString()];
       const registered = classNullifiers[nullifier.toString()];

yarn-project/cli-wallet/src/utils/wallet.ts

@@ -13,13 +13,14 @@ import { AccountManager, type Aliased, type SimulateOptions } from '@aztec/aztec
 import type { DefaultAccountEntrypointOptions } from '@aztec/entrypoints/account';
 import { Fr } from '@aztec/foundation/curves/bn254';
 import type { LogFn } from '@aztec/foundation/log';
+import type { AccessScopes } from '@aztec/pxe/client/lazy';
 import type { PXEConfig } from '@aztec/pxe/config';
 import type { PXE } from '@aztec/pxe/server';
 import { createPXE, getPXEConfig } from '@aztec/pxe/server';
 import { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { deriveSigningKey } from '@aztec/stdlib/keys';
-import { NoteDao } from '@aztec/stdlib/note';
 import type { NotesFilter } from '@aztec/stdlib/note';
+import { NoteDao } from '@aztec/stdlib/note';
 import type { TxProvingResult, TxSimulationResult } from '@aztec/stdlib/tx';
 import { ExecutionPayload, mergeExecutionPayloads } from '@aztec/stdlib/tx';
 import { BaseWallet, type FeeOptions } from '@aztec/wallet-sdk/base-wallet';
@@ -226,11 +227,19 @@ export class CLIWallet extends BaseWallet {
     executionPayload: ExecutionPayload,
     from: AztecAddress,
     feeOptions: FeeOptions,
+    scopes: AccessScopes,
     skipTxValidation?: boolean,
     skipFeeEnforcement?: boolean,
   ): Promise<TxSimulationResult> {
     if (from.equals(AztecAddress.ZERO)) {
-      return super.simulateViaEntrypoint(executionPayload, from, feeOptions, skipTxValidation, skipFeeEnforcement);
+      return super.simulateViaEntrypoint(
+        executionPayload,
+        from,
+        feeOptions,
+        scopes,
+        skipTxValidation,
+        skipFeeEnforcement,
+      );
     }
 
     const feeExecutionPayload = await feeOptions.walletFeePaymentMethod?.getExecutionPayload();
@@ -258,6 +267,7 @@ export class CLIWallet extends BaseWallet {
       overrides: {
         contracts: { [from.toString()]: { instance, artifact } },
       },
+      scopes,
     });
   }
 

yarn-project/end-to-end/src/test-wallet/test_wallet.ts

@@ -16,6 +16,7 @@ import { AccountManager, type SendOptions } from '@aztec/aztec.js/wallet';
 import type { DefaultAccountEntrypointOptions } from '@aztec/entrypoints/account';
 import { Fq, Fr } from '@aztec/foundation/curves/bn254';
 import { GrumpkinScalar } from '@aztec/foundation/curves/grumpkin';
+import type { AccessScopes } from '@aztec/pxe/client/lazy';
 import { type PXEConfig, getPXEConfig } from '@aztec/pxe/config';
 import { PXE, type PXECreationOptions, createPXE } from '@aztec/pxe/server';
 import { AuthWitness } from '@aztec/stdlib/auth-witness';
@@ -227,18 +228,18 @@ export class TestWallet extends BaseWallet {
     executionPayload: ExecutionPayload,
     from: AztecAddress,
     feeOptions: FeeOptions,
+    scopes: AccessScopes,
     skipTxValidation?: boolean,
     skipFeeEnforcement?: boolean,
-    scopes?: AztecAddress[],
   ): Promise<TxSimulationResult> {
     if (!this.simulatedSimulations) {
       return super.simulateViaEntrypoint(
         executionPayload,
         from,
         feeOptions,
+        scopes,
         skipTxValidation,
         skipFeeEnforcement,
-        scopes,
       );
     }
 

yarn-project/pxe/src/access_scopes.ts

@@ -0,0 +1,9 @@
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+
+/**
+ * Controls which accounts' private state and keys are accessible during execution.
+ * - `'ALL_SCOPES'`: All registered accounts' private state and keys are accessible.
+ * - `AztecAddress[]` with entries: Only the specified accounts' private state and keys are accessible.
+ * - `[]` (empty array): Deny-all. No private state is visible and no keys are accessible.
+ */
+export type AccessScopes = 'ALL_SCOPES' | AztecAddress[];

yarn-project/pxe/src/contract_function_simulator/contract_function_simulator.ts

@@ -87,6 +87,7 @@ import {
   getFinalMinRevertibleSideEffectCounter,
 } from '@aztec/stdlib/tx';
 
+import type { AccessScopes } from '../access_scopes.js';
 import type { ContractSyncService } from '../contract_sync/contract_sync_service.js';
 import type { AddressStore } from '../storage/address_store/address_store.js';
 import type { CapsuleStore } from '../storage/capsule_store/capsule_store.js';
@@ -117,8 +118,8 @@ export type ContractSimulatorRunOpts = {
   anchorBlockHeader: BlockHeader;
   /** The address used as a tagging sender when emitting private logs. */
   senderForTags?: AztecAddress;
-  /** The accounts whose notes we can access in this call. Defaults to all. */
-  scopes?: AztecAddress[];
+  /** The accounts whose notes we can access in this call. */
+  scopes: AccessScopes;
   /** The job ID for staged writes. */
   jobId: string;
 };
@@ -311,7 +312,7 @@ export class ContractFunctionSimulator {
     call: FunctionCall,
     authwits: AuthWitness[],
     anchorBlockHeader: BlockHeader,
-    scopes: AztecAddress[] | undefined,
+    scopes: AccessScopes,
     jobId: string,
   ): Promise<Fr[]> {
     const entryPointArtifact = await this.contractStore.getFunctionArtifactWithDebugMetadata(call.to, call.selector);

yarn-project/pxe/src/contract_function_simulator/oracle/oracle_version_is_checked.test.ts

@@ -146,6 +146,7 @@ describe('Oracle Version Check test suite', () => {
         anchorBlockHeader,
         senderForTags,
         jobId: 'test',
+        scopes: 'ALL_SCOPES',
       });
 
       expect(utilityAssertCompatibleOracleVersionSpy).toHaveBeenCalledTimes(1);

yarn-project/pxe/src/contract_function_simulator/oracle/private_execution.test.ts

@@ -222,6 +222,7 @@ describe('Private Execution test suite', () => {
       anchorBlockHeader,
       senderForTags,
       jobId: TEST_JOB_ID,
+      scopes: 'ALL_SCOPES',
     });
   };
 
@@ -330,11 +331,12 @@ describe('Private Execution test suite', () => {
           contractAddress,
           contractStore,
           functionToInvokeAfterSync,
-          call => utilityExecutor(call, undefined),
+          utilityExecutor,
           noteStore,
           aztecNode,
           anchorBlockHeader,
           jobId,
+          'ALL_SCOPES',
         );
       },
     );

yarn-project/pxe/src/contract_function_simulator/oracle/private_execution_oracle.ts

@@ -25,6 +25,7 @@ import {
   type TxContext,
 } from '@aztec/stdlib/tx';
 
+import type { AccessScopes } from '../../access_scopes.js';
 import type { ContractSyncService } from '../../contract_sync/contract_sync_service.js';
 import { NoteService } from '../../notes/note_service.js';
 import type { SenderTaggingStore } from '../../storage/tagging_store/sender_tagging_store.js';
@@ -43,7 +44,7 @@ export type PrivateExecutionOracleArgs = Omit<UtilityExecutionOracleArgs, 'contr
   txContext: TxContext;
   callContext: CallContext;
   /** Needed to trigger contract synchronization before nested calls */
-  utilityExecutor: (call: FunctionCall, scopes: undefined | AztecAddress[]) => Promise<void>;
+  utilityExecutor: (call: FunctionCall, scopes: AccessScopes) => Promise<void>;
   executionCache: HashedValuesCache;
   noteCache: ExecutionNoteCache;
   taggingIndexCache: ExecutionTaggingIndexCache;
@@ -78,7 +79,7 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
   private readonly argsHash: Fr;
   private readonly txContext: TxContext;
   private readonly callContext: CallContext;
-  private readonly utilityExecutor: (call: FunctionCall, scopes: undefined | AztecAddress[]) => Promise<void>;
+  private readonly utilityExecutor: (call: FunctionCall, scopes: AccessScopes) => Promise<void>;
   private readonly executionCache: HashedValuesCache;
   private readonly noteCache: ExecutionNoteCache;
   private readonly taggingIndexCache: ExecutionTaggingIndexCache;
@@ -531,7 +532,7 @@ export class PrivateExecutionOracle extends UtilityExecutionOracle implements IP
     // We only expand for registered accounts because the log service needs the recipient's keys to derive
     // tagging secrets, which are only available for registered accounts.
     const expandedScopes =
-      this.scopes && (await this.keyStore.hasAccount(targetContractAddress))
+      this.scopes !== 'ALL_SCOPES' && (await this.keyStore.hasAccount(targetContractAddress))
         ? [...this.scopes, targetContractAddress]
         : this.scopes;
 

yarn-project/pxe/src/contract_function_simulator/oracle/utility_execution.test.ts

@@ -220,6 +220,7 @@ describe('Utility Execution test suite', () => {
         capsuleStore,
         privateEventStore,
         jobId: 'test-job-id',
+        scopes: 'ALL_SCOPES',
       });
     });