Merge Feat/update contract scripts

[Tranquil-Flow]

Summary by CodeRabbit

• New Features
  • Configurable Aadhaar registration window; improved date boundary validation.
  • Aadhaar outputs now include a forbidden-countries list.
  • Simplified UIDAI pubkey registration (no expiry timestamp required).
  • Added support for the Celo Sepolia network.
• Chores
  • New deployment flows to upgrade the hub and update verifiers/registries.
  • Added chain deployment address references for two networks.
  • Updated ignore rules to retain relevant deployment artifacts.
• Tests
  • Expanded coverage for Aadhaar time-window logic and UIDAI pubkey handling.

[cursor]

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on October 17

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Bug: Date Validation Error Extends Future Range

The date validation in _performCurrentDateCheck and _performNumericCurrentDateCheck incorrectly extends the valid range. Changing the upper bound from startOfDay + 1 days - 1 to endOfDay + 1 days (where endOfDay is startOfDay + 1 days - 1) effectively allows proofs with dates one day further in the future than intended.

Additional Locations (1)

• contracts/contracts/IdentityVerificationHubImplV2.sol#L1017-L1019

 

[cursor]

Bug: UIDAI Key Commitments Removed Expiry

This change removes time-based expiry for UIDAI pubkey commitments. The storage and all related functions now treat commitments as permanently valid once registered, rather than checking an expiry timestamp. This could be a security regression if automatic key expiration was a design requirement. The interface documentation for registerUidaiPubkeyCommitment is also outdated.

Additional Locations (3)

• contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol#L307-L311
• contracts/test/utils/deploymentV2.ts#L285-L286
• contracts/contracts/interfaces/IIdentityRegistryAadhaarV1.sol#L99-L104

 

[cursor]

Bug: Incorrect Artifact for Aadhaar Registry Initialization

The getRegistryInitializeData() function reads the IdentityRegistryImplV1 artifact, but for this Aadhaar registry deployment, it should use IdentityRegistryAadhaarImplV1. This artifact mismatch means the ABI used for encoding initialization data is incorrect, which will likely cause the registry initialization to fail.

 

[cursor]

Bug: Module Naming Error Causes Deployment Issues

The DeployNewHubAndUpgradee module name has a typo, with an extra 'e' at the end. This could cause confusion or issues for deployment scripts that reference the module.

 

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Updates span circuits config and tests, Aadhaar registry interface/implementation, hub V2 logic (configurable Aadhaar window, timestamp error change), deployment/ignition modules (new deploy/update flows), network configs, ignore rules, deployment addresses, and test adaptations to new signatures and flows.

Changes

Cohort / File(s)	Summary
Circuits config circuits/scripts/build/build_disclose_circuits.sh	Lowered poweroftau for vc_and_disclose_aadhaar from 20 to 17.
Circuits tests circuits/tests/register/pubkeys.ts, circuits/tests/register/register_aadhaar.test.ts	Updated pubkey cert list; added forge parsing and a skipped test to log pubkey commitments; included pubKeyHash in outputs.
Hub V2 contract contracts/contracts/IdentityVerificationHubImplV2.sol	Added configurable AADHAAR_REGISTRATION_WINDOW; replaced hardcoded checks; changed InvalidUidaiTimestamp to include params; switched to reinitializer(11); added setAadhaarRegistrationWindow; adjusted date-bound checks; populated forbiddenCountriesListPacked.
Aadhaar registry interface contracts/contracts/interfaces/IIdentityRegistryAadhaarV1.sol	Removed expiry parameter from registerUidaiPubkeyCommitment(uint256).
Aadhaar registry impl contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol	Switched from expiry timestamps to boolean commitments; removed EXPIRY_IN_PAST; removed getUidaiPubkeyExpiryTimestamp; updated register/update/remove logic and events accordingly.
Test upgrade hub contracts/contracts/tests/testUpgradedIdentityVerificationHubImplV2.sol	New test implementation/storage for upgrade validation exposing internal state via view methods; initializer emits event.
Error selectors contracts/error-selectors.json	Added selector for InvalidUidaiTimestamp(uint256,uint256); removed zero-arg variant; line refs updated; EXPIRY_IN_PAST moved reference.
Hardhat/network config contracts/hardhat.config.ts	Added celo-sepolia network and custom Etherscan Blockscout config; removed bytecodeHash setting.
Git ignore rules contracts/.gitignore	Refined ignition deployments ignore/keep rules; added chain-specific keeps and artifacts handling for prod/staging.
Ignition deployments data contracts/ignition/deployments/chain-11142220/deployed_addresses.json, contracts/ignition/deployments/chain-42220/deployed_addresses.json	Added deployed address maps for verifiers, registries, hubs on Celo Sepolia (11142220) and Celo Mainnet (42220).
Ignition hub update modules contracts/ignition/modules/hub/updateRegistries.ts, contracts/ignition/modules/hub/updateVerifiers.ts	New modules to update hub registries and verifiers from deployed addresses, including batching and per-circuit logic.
Ignition registry modules contracts/ignition/modules/registry/deployAadhaarRegistry.ts, contracts/ignition/modules/registry/updateRegistries.ts	New Aadhaar registry deploy module (PoseidonT3 + proxy) and a multi-registry updater with sequential ops and pubkey commitment registration.
Ignition upgrade module contracts/ignition/modules/upgrade/deployNewHubAndUpgrade.ts	Migrated to Hub V2 deployment/upgrade; renamed module; added post-upgrade call to setAadhaarRegistrationWindow; adjusted paths and ids.
Verifiers deploy module + scripts contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts, contracts/package.json	New sequential verifier deployer with circuit map; scripts updated to use it and adjust --verify placement/usage.
Tests adapting to new APIs contracts/test/v2/registerAadhaar.test.ts, contracts/test/utils/deploymentV2.ts	Updated to single-arg registerUidaiPubkeyCommitment; removed expiry-in-past test; added setAadhaarRegistrationWindow(20) in setups; commented out CSCA root updates.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant DApp
  participant Hub as IdentityVerificationHubImplV2 (Proxy)
  participant AadhaarReg as IdentityRegistryAadhaarImplV1 (Proxy)

  rect rgb(235, 245, 255)
  note over User,Hub: Configuration
  User->>DApp: Set Aadhaar window (e.g., 20)
  DApp->>Hub: setAadhaarRegistrationWindow(window)
  Hub-->>DApp: OK
  end

  rect rgb(245, 235, 255)
  note over DApp,AadhaarReg: Pubkey registration (no expiry)
  DApp->>AadhaarReg: registerUidaiPubkeyCommitment(commitment)
  AadhaarReg-->>DApp: Event: UidaiPubkeyCommitmentRegistered
  end

  rect rgb(235, 255, 245)
  note over User,Hub: Aadhaar verification
  User->>DApp: Submit proof
  DApp->>Hub: registerIdentityWithAadhaar(proof, signals)
  Hub->>Hub: Validate timestamps within AADHAAR_REGISTRATION_WINDOW
  alt invalid timestamp
    Hub-->>DApp: revert InvalidUidaiTimestamp(blockTs, proofTs)
  else valid
    Hub->>AadhaarReg: checkUidaiPubkey(commitment)
    AadhaarReg-->>Hub: true/false
    Hub-->>DApp: Success / revert accordingly
  end
  end

Loading

sequenceDiagram
  autonumber
  participant HRE as Hardhat Runtime
  participant FS as FS
  participant Mod as Ignition Module
  participant Hub as IdentityVerificationHubImplV2
  participant Reg as Aadhaar Registry

  note over Mod: UpdateVerifiers / UpdateHubRegistries
  HRE->>FS: Read chain-<id>/deployed_addresses.json
  FS-->>HRE: deployedAddresses
  Mod->>Hub: attach(hubAddress)
  Mod->>Hub: batchUpdateRegisterCircuitVerifiers(...)
  Mod->>Hub: batchUpdateDscCircuitVerifiers(...)
  Mod->>Hub: updateVcAndDiscloseCircuit(...)
  Mod->>Hub: updateRegistry(attestationId, Reg.address)
  Hub-->>Mod: tx receipts

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• merge dev to main #657 — Also modifies IdentityVerificationHubImplV2 (errors/signatures/logic), directly adjacent to hub changes here.
• refactor deployment scripts #678 — Refactors ignition deploy/update modules for verifiers/registries; overlaps with new modules added in this PR.
• Bump build: ios 133; android 72 and build fixes #654 — Changes circuits build script entries, matching the poweroftau tweak for vc_and_disclose_aadhaar.

Suggested labels

codex

Suggested reviewers

• remicolin
• motemotech

Poem

New keys in the registry, windows set with care,
Proofs race the clock, while hubs upgrade their lair.
Verifiers march in sequence, addresses neatly laid,
Sepolia joins the chorus, deployments on parade.
Aadhaar’s rules refined—no expiry to declare,
On-chain whispers: “All systems now prepare.”

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title Check	❓ Inconclusive	The provided title is generic and reflects the merge branch name rather than summarizing the core changes, making it unclear what the predominant enhancements are across the contracts and scripts.	Consider renaming the PR to explicitly highlight the main updates, for example “Add configurable Aadhaar registration window to IdentityVerificationHub and update contract deployment scripts,” so the title clearly communicates the primary changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/update-contract-scripts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

circuits/tests/register/pubkeys.ts (1)

1-1: Fix code style issues flagged by Prettier.

The pipeline reports formatting issues in this file. Run Prettier with --write to resolve the code style violations before merging.

#!/bin/bash
# Run Prettier to check and show formatting issues
npx prettier --check circuits/tests/register/pubkeys.ts

circuits/tests/register/register_aadhaar.test.ts (1)

1-1: Fix code style issues flagged by Prettier.

The pipeline reports formatting violations. Run Prettier with --write to resolve the code style issues before merging.

#!/bin/bash
# Run Prettier to check and fix formatting issues
npx prettier --check circuits/tests/register/register_aadhaar.test.ts

contracts/contracts/IdentityVerificationHubImplV2.sol (1)

47-334: Initialize Aadhaar window in proxy storage

In upgradeable contracts, the inline initializer = 20 only touches the implementation’s storage. The proxy’s slot stays at zero, so _verifyRegisterProof effectively enforces a zero-minute window and every Aadhaar registration reverts unless the owner calls setAadhaarRegistrationWindow beforehand. Please seed the proxy storage during initialize() (or migrate existing deployments) so the default window is non-zero.

 function initialize() external reinitializer(11) {
     __ImplRoot_init();

     // Initialize circuit version to 2 for V2 hub
     IdentityVerificationHubStorage storage $ = _getIdentityVerificationHubStorage();
     $._circuitVersion = 2;
+
+    if (AADHAAR_REGISTRATION_WINDOW == 0) {
+        AADHAAR_REGISTRATION_WINDOW = 20;
+    }
 
     emit HubInitializedV2();
 }

♻️ Duplicate comments (4)

contracts/ignition/modules/registry/deployAadhaarRegistry.ts (1)

40-43: Fix ABI source for registry initialization

getRegistryInitializeData still loads the IdentityRegistryImplV1 artifact, so the encoded initialize calldata comes from the wrong ABI. When the proxy runs that call against IdentityRegistryAadhaarImplV1 the selector/arguments won’t line up and the deployment reverts. Swap in the Aadhaar artifact so we encode against the actual implementation.

-function getRegistryInitializeData() {
-  const registryArtifact = artifacts.readArtifactSync("IdentityRegistryImplV1");
+function getRegistryInitializeData() {
+  const registryArtifact = artifacts.readArtifactSync("IdentityRegistryAadhaarImplV1");
   const registryInterface = new ethers.Interface(registryArtifact.abi);
   return registryInterface;
 }

contracts/ignition/modules/upgrade/deployNewHubAndUpgrade.ts (1)

12-12: Restore the original Ignition module name

Renaming the module to "DeployNewHubAndUpgradee" changes the Ignition module ID, which in turn mutates the keys written to deployed_addresses.json. Downstream scripts expecting DeployNewHubAndUpgrade#… will now miss the upgraded hub artifacts, breaking automated upgrade flows. Keep the original module name.

-export default buildModule("DeployNewHubAndUpgradee", (m) => {
+export default buildModule("DeployNewHubAndUpgrade", (m) => {

contracts/contracts/IdentityVerificationHubImplV2.sol (1)

995-1000: Revert to the original date window bounds

The new condition currentTimestamp > endOfDay + 1 days expands the acceptable range by an extra day and lets future-dated proofs pass. This is the same bug called out earlier; please constrain the upper bound back to the intended day range before merging.

Also applies to: 1016-1019

contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol (1)

251-256: Update documentation to reflect removal of expiry semantics.

The function documentation (line 251-253) still mentions checking "if it's not expired", but the implementation no longer performs any expiry validation. The security implications of removing time-based expiry are already flagged in previous review comments.

Apply this diff to update the documentation:

-    /// @notice Checks if the provided UIDAI pubkey is stored in the registry and also if it's not expired.
+    /// @notice Checks if the provided UIDAI pubkey is registered in the registry.
     /// @param pubkey The UIDAI pubkey to verify.
-    /// @return True if the given pubkey is stored in the registry and also if it's not expired, otherwise false.
+    /// @return True if the given pubkey is registered in the registry, otherwise false.
     function checkUidaiPubkey(uint256 pubkey) external view virtual onlyProxy returns (bool) {

🧹 Nitpick comments (4)

contracts/hardhat.config.ts (1)

70-72: Remove or implement the commented API key configuration.

The commented-out per-network API key block suggests incomplete configuration work. Either uncomment and implement this approach or remove the commented code to avoid confusion.

circuits/tests/register/register_aadhaar.test.ts (1)

193-202: Consider removing or documenting the skipped test.

The skipped test appears to be a development/debugging utility for logging pubkey commitments. If this is a temporary test, consider removing it or adding a comment explaining its purpose and when it should be enabled.

contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts (1)

190-195: Consider using structured logging over console.log.

The console.log statements will appear in deployment output. For production deployments, consider using Ignition's built-in logging mechanisms or structured logging to reduce output clutter while maintaining deployment visibility.

contracts/test/utils/deploymentV2.ts (1)

284-286: Clarify or remove commented-out updateCscaRoot calls.

Three updateCscaRoot calls are commented out (lines 284-285). If these are no longer needed, remove them entirely. If they're temporarily disabled for testing, add a comment explaining why and when they should be re-enabled to prevent confusion.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 48f8d79 and e63089e.

📒 Files selected for processing (21)

• circuits/scripts/build/build_disclose_circuits.sh (1 hunks)
• circuits/tests/register/pubkeys.ts (2 hunks)
• circuits/tests/register/register_aadhaar.test.ts (2 hunks)
• contracts/.gitignore (1 hunks)
• contracts/contracts/IdentityVerificationHubImplV2.sol (8 hunks)
• contracts/contracts/interfaces/IIdentityRegistryAadhaarV1.sol (1 hunks)
• contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol (4 hunks)
• contracts/contracts/tests/testUpgradedIdentityVerificationHubImplV2.sol (1 hunks)
• contracts/error-selectors.json (15 hunks)
• contracts/hardhat.config.ts (2 hunks)
• contracts/ignition/deployments/chain-11142220/deployed_addresses.json (1 hunks)
• contracts/ignition/deployments/chain-42220/deployed_addresses.json (1 hunks)
• contracts/ignition/modules/hub/updateRegistries.ts (1 hunks)
• contracts/ignition/modules/hub/updateVerifiers.ts (1 hunks)
• contracts/ignition/modules/registry/deployAadhaarRegistry.ts (1 hunks)
• contracts/ignition/modules/registry/updateRegistries.ts (1 hunks)
• contracts/ignition/modules/upgrade/deployNewHubAndUpgrade.ts (1 hunks)
• contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts (1 hunks)
• contracts/package.json (1 hunks)
• contracts/test/utils/deploymentV2.ts (2 hunks)
• contracts/test/v2/registerAadhaar.test.ts (8 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{js,ts,tsx,jsx,sol,nr}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{js,ts,tsx,jsx,sol,nr}: NEVER log sensitive data including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.
ALWAYS redact/mask sensitive fields in logs using consistent patterns (e.g., ***-***-1234 for passport numbers, J*** D*** for names).

Files:

• contracts/contracts/interfaces/IIdentityRegistryAadhaarV1.sol
• circuits/tests/register/pubkeys.ts
• contracts/test/v2/registerAadhaar.test.ts
• contracts/test/utils/deploymentV2.ts
• contracts/ignition/modules/hub/updateRegistries.ts
• contracts/contracts/tests/testUpgradedIdentityVerificationHubImplV2.sol
• contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts
• contracts/hardhat.config.ts
• contracts/contracts/IdentityVerificationHubImplV2.sol
• circuits/tests/register/register_aadhaar.test.ts
• contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol
• contracts/ignition/modules/upgrade/deployNewHubAndUpgrade.ts
• contracts/ignition/modules/hub/updateVerifiers.ts
• contracts/ignition/modules/registry/updateRegistries.ts
• contracts/ignition/modules/registry/deployAadhaarRegistry.ts

contracts/**

📄 CodeRabbit inference engine (AGENTS.md)

Compile Solidity contracts using yarn workspace @selfxyz/contracts build

Files:

• contracts/contracts/interfaces/IIdentityRegistryAadhaarV1.sol
• contracts/package.json
• contracts/ignition/deployments/chain-11142220/deployed_addresses.json
• contracts/ignition/deployments/chain-42220/deployed_addresses.json
• contracts/test/v2/registerAadhaar.test.ts
• contracts/test/utils/deploymentV2.ts
• contracts/ignition/modules/hub/updateRegistries.ts
• contracts/contracts/tests/testUpgradedIdentityVerificationHubImplV2.sol
• contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts
• contracts/hardhat.config.ts
• contracts/contracts/IdentityVerificationHubImplV2.sol
• contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol
• contracts/ignition/modules/upgrade/deployNewHubAndUpgrade.ts
• contracts/ignition/modules/hub/updateVerifiers.ts
• contracts/ignition/modules/registry/updateRegistries.ts
• contracts/error-selectors.json
• contracts/ignition/modules/registry/deployAadhaarRegistry.ts

contracts/**/*.sol

⚙️ CodeRabbit configuration file

contracts/**/*.sol: Review Solidity smart contracts for:

• Security vulnerabilities (reentrancy, overflow, etc.)
• Gas optimization opportunities
• Access control patterns
• Event emission for important state changes
• Code documentation and NatSpec comments

Files:

• contracts/contracts/interfaces/IIdentityRegistryAadhaarV1.sol
• contracts/contracts/tests/testUpgradedIdentityVerificationHubImplV2.sol
• contracts/contracts/IdentityVerificationHubImplV2.sol
• contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol

**/package.json

📄 CodeRabbit inference engine (AGENTS.md)

Use Yarn only for package management (yarn install/add/remove); do not use npm or pnpm in scripts

Files:

• contracts/package.json

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit configuration file

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• contracts/test/v2/registerAadhaar.test.ts
• circuits/tests/register/register_aadhaar.test.ts

contracts/contracts/IdentityVerificationHubImplV2.sol

📄 CodeRabbit inference engine (.cursorrules)

Identity Verification Hub should manage multi-step verification for passports and EU ID cards, handle document attestation with zero-knowledge proofs, and implement verification paths: E-PASSPORT and EU_ID_CARD.

Files:

• contracts/contracts/IdentityVerificationHubImplV2.sol

🧠 Learnings (1)

📚 Learning: 2025-09-22T11:10:22.019Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-09-22T11:10:22.019Z
Learning: Applies to contracts/contracts/registry/IdentityRegistryImplV1.sol : Identity Registry Management maintains separate registries for passports and ID cards, handles DSC key commitment registration, and tracks nullifiers for duplicate prevention.

Applied to files:

• contracts/error-selectors.json

🧬 Code graph analysis (3)

circuits/tests/register/register_aadhaar.test.ts (2)

circuits/tests/register/pubkeys.ts (1)

• pubkeys (1-191)

common/src/utils/bytes.ts (1)

• splitToWords (140-153)

contracts/ignition/modules/upgrade/deployNewHubAndUpgrade.ts (2)

app/scripts/find-type-import-issues.mjs (1)

• __dirname (20-20)

scripts/tests/check-license-headers.test.mjs (1)

• __dirname (18-18)

contracts/ignition/modules/hub/updateVerifiers.ts (1)

contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts (2)

• CircuitName (4-89)
• circuitIds (92-180)

🪛 GitHub Actions: Circuits CI

circuits/tests/register/pubkeys.ts

[warning] 1-1: Code style issues found in file. Run Prettier with --write to fix.

circuits/tests/register/register_aadhaar.test.ts

[warning] 1-1: Code style issues found in file. Run Prettier with --write to fix.

🔇 Additional comments (9)

contracts/hardhat.config.ts (2)

62-66: LGTM: Celo Sepolia network configuration added correctly.

The network configuration follows the established pattern with appropriate chainId (11142220) and fallback RPC URL.

---

90-97: No changes needed for Blockscout verification configuration
Hardhat’s etherscan plugin supports customChains for Blockscout (including Celo Sepolia) and does not require a separate API key—your existing CELOSCAN_API_KEY can be reused.

contracts/ignition/modules/verifiers/deployAllVerifiersNew.ts (1)

182-205: LGTM! Sequential deployment pattern prevents nonce conflicts.

The use of the after dependency to enforce sequential deployment is the correct approach to avoid nonce conflicts when deploying numerous verifier contracts. This ensures deterministic deployment order and prevents race conditions.

contracts/test/utils/deploymentV2.ts (1)

286-286: LGTM! Function call updated to match new interface.

The call to registerUidaiPubkeyCommitment now correctly uses the single-argument signature, aligning with the interface change that removed the expiryTimestamp parameter.

contracts/contracts/interfaces/IIdentityRegistryAadhaarV1.sol (1)

104-104: All call sites updated to the new single-parameter signature. No further changes needed.

circuits/scripts/build/build_disclose_circuits.sh (1)

20-20: Verify updated artifacts and staging verifier JSON exist.

• Ensure circuits/build/disclose/vc_and_disclose_aadhaar/ contains the .wasm, .zkey, and vc_and_disclose_aadhaar_vkey.json matching the new tau=17 setup
• Confirm artifacts/contracts/verifiers/local/staging/disclose/Verifier_vc_and_disclose_aadhaar_staging.json is present and regenerated with the updated parameters

contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol (3)

195-200: Implementation correct for new storage model.

The function correctly returns the boolean value from _uidaiPubkeyCommitments. However, this change is part of the storage type modification flagged at lines 59-60, which violates UUPS upgrade rules.

---

313-319: LGTM!

The use of delete correctly resets the boolean mapping entry to false. Implementation is correct for the new storage model.

---

305-311: All callers updated to the new single-parameter signature

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

CRITICAL: Storage type change violates UUPS upgrade rules.

This change modifies the type of an existing storage variable from mapping(uint256 => uint256) to mapping(uint256 => bool), which directly violates the UUPS upgrade constraints documented in lines 14-36 of this contract. Specifically, line 18 states: "🚫 NEVER CHANGE THE TYPE of existing variables".

In a UUPS upgrade:

• The old implementation stored uint256 timestamp values in these storage slots
• After upgrade, the new implementation will interpret the same slots as bool values
• Existing non-zero timestamps will be read as true, but zero values become false
• This creates unpredictable behavior for existing commitments

Impact: Upgrading to this implementation will cause storage corruption, making existing UIDAI pubkey commitments potentially unusable or incorrectly validated.

Required fix: To safely transition to boolean semantics while preserving UUPS upgradeability, you must:

1. Keep the existing mapping(uint256 => uint256) storage variable unchanged (or rename it to _uidaiPubkeyCommitmentsDeprecated)
2. Add a NEW storage variable mapping(uint256 => bool) _uidaiPubkeyCommitments at the END of the storage layout
3. Implement migration logic to populate the new mapping from the old one
4. Update all functions to use the new mapping

Alternatively, consider deploying this as a completely new contract version (V2) rather than attempting to upgrade V1.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Breaking change and functional redundancy.

Similar to registerUidaiPubkeyCommitment, this function's signature changed from two parameters to one, making it a breaking API change. Additionally, updateUidaiPubkeyCommitment now has identical implementation to registerUidaiPubkeyCommitment (both set the boolean to true), which makes the distinction between these functions unclear.

Consider: Document the semantic difference between "register" and "update", or consolidate these into a single function if they're truly identical.

🤖 Prompt for AI Agents

In contracts/contracts/registry/IdentityRegistryAadhaarImplV1.sol around lines
321-327, the updateUidaiPubkeyCommitment function was changed to a
single-parameter signature and now simply sets the same boolean as
registerUidaiPubkeyCommitment, creating a breaking API change and semantic
redundancy; fix this by either (A) restoring the original two-parameter
signature (matching registerUidaiPubkeyCommitment) and implementing true
"update" behavior (e.g., update commitment metadata/timestamp or other stored
fields rather than just setting boolean) and emitting the appropriate event with
both parameters, or (B) if no semantic difference is needed, remove
updateUidaiPubkeyCommitment and consolidate callers into
registerUidaiPubkeyCommitment to avoid duplicate APIs; ensure function
visibility and modifiers remain onlyProxy/onlyOwner and update tests and docs to
reflect the chosen approach.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Do not hard-code the hub address

This config bakes in a single hub address, so running the module on any other chain (or after a redeploy) will push the registry to an outdated hub. That breaks verification routing and is easy to miss in prod. Instead, resolve the hub from deployed_addresses.json (or pass it in) so the update always targets the live hub.

-    hub: "0xe57F4773bd9c9d8b6Cd70431117d353298B9f5BF",
+    // hub will be pulled from deployed_addresses at runtime

and inside handleRegistryDeployment:

-    if (registryData.hub) {
+    const hubAddress =
+      registryData.hub ?? deployedAddresses["DeployHubV2#IdentityVerificationHub"];
+    if (hubAddress) {
       const callOptions = { after: [currentOperation], id: ids() };
-      currentOperation = m.call(registryContract, "updateHub", [registryData.hub], callOptions);
+      currentOperation = m.call(registryContract, "updateHub", [hubAddress], callOptions);
     }

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In contracts/ignition/modules/registry/updateRegistries.ts around lines 23 to
34, the hub address is hard-coded in the registry config which will target an
outdated hub on other chains or after redeploys; replace the literal hub value
with a lookup that resolves the current hub address from deployed_addresses.json
(or accept the hub as a parameter), then update handleRegistryDeployment to use
that resolved hub when constructing the registry payload so deployments always
target the live hub.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Restore --verify inside the Hardhat command.

Moving --verify outside the quoted bash -c string feeds it to dotenv-cli, so the Hardhat deployment never receives the flag. Today that script will throw (unknown option) or silently skip verification, breaking production deploys. Please put --verify back inside the inner command string.

-"deploy:verifiers:all": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployAllVerifiersNew.ts --network ${NETWORK:-localhost}' --verify",
+"deploy:verifiers:all": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployAllVerifiersNew.ts --network ${NETWORK:-localhost} --verify'",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"deploy:verifiers:all": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployAllVerifiersNew.ts --network ${NETWORK:-localhost}' --verify",
	"deploy:verifiers:all": "npx dotenv-cli -- bash -c 'yarn hardhat ignition deploy ignition/modules/verifiers/deployAllVerifiersNew.ts --network ${NETWORK:-localhost} --verify'",

🤖 Prompt for AI Agents

In contracts/package.json around line 35, the deploy script places --verify
outside the inner bash -c quoted command so dotenv-cli receives it instead of
Hardhat; move --verify back inside the single-quoted bash -c string so the
Hardhat CLI gets the flag (i.e., include --verify within the inner command after
the deploy script path) ensuring verification runs during deployment.