IAppAuthBasicManagement: complete the management surface (#1)

[dmvt]

Summary

IAppAuthBasicManagement.sol declared only the four allowlist mutators (addComposeHash / removeComposeHash / addDevice / removeDevice). The reference implementation DstackApp.sol exposes a much wider externally-observable surface that operator tooling and the existing test suite already rely on, but those methods weren't in the interface — so any third-party IAppAuth implementer could conform in name without satisfying the de facto contract dstack tooling expects.

This PR expands IAppAuthBasicManagement to declare every method that's already exercised against DstackApp from within the dstack repo. Going forward, third-party app contracts (such as the cluster-pattern TeeSqlClusterMember that motivated this PR) can mirror this surface as passthroughs to a parent governance contract and remain drop-in compatible with phala-cli + dstack tooling.

Where the gap shows up inside dstack

Caller	Method	Was in interface?
kms/auth-eth/hardhat.config.ts:476 (app:set-allow-any-device operator task)	setAllowAnyDevice(bool)	❌
test/DstackApp.test.ts:33, upgrade.test.ts:63,72	owner()	❌
test/DstackApp.test.ts:37, upgrade.test.ts:80,208	version()	❌
test/DstackApp.test.ts:46,52,249,339, upgrade.test.ts:66,75,211	allowedComposeHashes(bytes32)	❌
test/DstackApp.test.ts:245,338, upgrade.test.ts:65,74	allowedDeviceIds(bytes32)	❌
test/DstackApp.upgrade.test.ts:64,73,210	allowAnyDevice()	❌
test/DstackApp.upgrade.test.ts:86,98,209	requireTcbUpToDate()	❌
test/DstackApp.upgrade.test.ts:92,97,123,150	setRequireTcbUpToDate(bool)	❌

(All four pre-existing addComposeHash / removeComposeHash / addDevice / removeDevice were already in the interface.)

External tooling (third-party CLIs that target a CVM's app_id contract during in-place updates, e.g. the CLI workflow we describe in TeeSQL's dstackgres bug-report doc) hits the same gap and has to assume the concrete DstackApp type
instead of the abstract interface. With this change such tooling can rely on supportsInterface(IAppAuthBasicManagement.interfaceId) → true to know every method below is safe to call.

What's added

interface IAppAuthBasicManagement is IERC165 {
    // events (4 existing + 2 NEW)
    event ComposeHashAdded(bytes32);
    event ComposeHashRemoved(bytes32);
    event DeviceAdded(bytes32);
    event DeviceRemoved(bytes32);
    event AllowAnyDeviceSet(bool allowAny);             // NEW
    event RequireTcbUpToDateSet(bool requireUpToDate);  // NEW

    // mutators (4 existing + 2 NEW)
    function addComposeHash(bytes32) external;
    function removeComposeHash(bytes32) external;
    function addDevice(bytes32) external;
    function removeDevice(bytes32) external;
    function setAllowAnyDevice(bool) external;          // NEW
    function setRequireTcbUpToDate(bool) external;      // NEW

    // reads (all NEW; symmetric with the mutators above)
    function allowedComposeHashes(bytes32) external view returns (bool);
    function allowedDeviceIds(bytes32) external view returns (bool);
    function allowAnyDevice() external view returns (bool);
    function requireTcbUpToDate() external view returns (bool);
    function owner() external view returns (address);
    function version() external view returns (uint256);
}

DstackApp.sol changes

• Existing mutators marked override against the extended interface.
• Two pre-existing setters (setAllowAnyDevice, setRequireTcbUpToDate) marked override.
• version() marked override (was just public pure; now also overrides the interface's view declaration — pure satisfies view).
• owner() overridden against (OwnableUpgradeable, IAppAuthBasicManagement); body just delegates to OwnableUpgradeable.owner() so behaviour is unchanged.
• The four public state vars (allowedComposeHashes, allowedDeviceIds, allowAnyDevice, requireTcbUpToDate) marked override so their auto-generated getters satisfy the interface.
• Local AllowAnyDeviceSet + RequireTcbUpToDateSet event declarations dropped — inherited from the interface to avoid duplicate-event errors.
• supportsInterface() switched from hardcoded selectors (0x1e079198, 0x8fd37527) to type(...).interfaceId so the literal can't drift from the interface as it evolves.

⚠️ Breaking change: interface ID

IAppAuthBasicManagement interface ID changes from 0x8fd37527 → 0xea8447a1.

Any third-party contract that hardcoded the old literal in its own supportsInterface() will silently stop advertising support. The recommended fix is to use type(IAppAuthBasicManagement).interfaceId
(as DstackApp.sol now does) so the value stays in sync as the interface evolves.

A new unit test pins both the new ID (must be true) and the old ID (must be false) so any future accidental ID drift fails loudly.

Test plan

• npx hardhat test test/DstackApp.test.ts test/DstackApp.upgrade.test.ts — 30/30 passing (including the new supportsInterface assertion).
• npx jest — 41/41 passing (off-chain auth backend unaffected; still calls DstackKms.isAppAllowed which delegates via IAppAuth).
• npx hardhat compile — clean compile of all 19 contract files; typechain regenerated.

[Copilot]

Pull request overview

Expands the on-chain management interface for app authentication contracts so third-party IAppAuth implementations can be drop-in compatible with the operator tooling and existing tests that currently assume the concrete DstackApp surface.

Changes:

• Extended IAppAuthBasicManagement to include configuration setters, read getters, and identity/version reads, plus the related events.
• Updated DstackApp to explicitly satisfy the expanded interface (state var getter overrides, mutator overrides, owner()/version() overrides) and to compute ERC-165 IDs via type(...).interfaceId.
• Added a unit test that pins the new IAppAuthBasicManagement interface ID (true) and asserts the previous ID is no longer claimed (false).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
kms/auth-eth/test/DstackApp.test.ts	Adds supportsInterface assertions for current/old interface IDs and basic ERC-165 sanity checks.
kms/auth-eth/contracts/IAppAuthBasicManagement.sol	Broadens the management interface to match the surface dstack tooling/tests rely on (events, mutators, getters, owner/version).
kms/auth-eth/contracts/DstackApp.sol	Implements the expanded interface via overrides and switches supportsInterface to type(...).interfaceId to avoid selector drift.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.