commit a37c195aa7517f3b0db70c8fef9c741e0c74b74b
parent ab5b066e3a09d740fd5997e9390db2769e2ca8f9
Author: triesap <tyson@radroots.org>
Date: Thu, 21 May 2026 22:10:49 +0000
trade_validation_receipt: restrict remote proof mode
- reject non-core remote HTTP proof modes during policy validation
- keep core remote HTTP proving valid under sp1_verify
- cover non-core rejection before remote proof work
- preserve existing remote verification test coverage
Diffstat:
1 file changed, 20 insertions(+), 0 deletions(-)
diff --git a/src/features/trade_validation_receipt.rs b/src/features/trade_validation_receipt.rs
@@ -194,6 +194,9 @@ impl TradeValidationReceiptProverPolicy {
if self.proof_mode == RadrootsSp1TradeProofMode::None {
return Err(TradeValidationReceiptJobError::ProverBackendRequiresSp1Proof);
}
+ if self.proof_mode != RadrootsSp1TradeProofMode::Core {
+ return Err(TradeValidationReceiptJobError::UnsupportedProofMode);
+ }
if self.expected_sp1_program_hash.is_none()
|| self.expected_sp1_verifying_key_hash.is_none()
{
@@ -2001,6 +2004,23 @@ mod tests {
}
#[cfg(feature = "sp1_verify")]
+ #[test]
+ fn remote_http_policy_accepts_core_mode_when_configured() {
+ assert!(remote_http_policy().validate().is_ok());
+ }
+
+ #[test]
+ fn remote_http_policy_rejects_non_core_sp1_mode_before_remote_work() {
+ let mut policy = remote_http_policy();
+ policy.proof_mode = RadrootsSp1TradeProofMode::Compressed;
+
+ assert!(matches!(
+ policy.validate(),
+ Err(TradeValidationReceiptJobError::UnsupportedProofMode)
+ ));
+ }
+
+ #[cfg(feature = "sp1_verify")]
#[tokio::test]
async fn remote_http_prove_publishes_only_after_remote_artifact_verification() {
let (published, requests) = run_remote_http_job_with_policy_and_requests(
