Skip to content

test: assert milestone approvals auto-expire via temporary TTL#673

Open
T-kesh wants to merge 2 commits into
Talenttrust:mainfrom
T-kesh:test/contracts-approval-ttl-expiry
Open

test: assert milestone approvals auto-expire via temporary TTL#673
T-kesh wants to merge 2 commits into
Talenttrust:mainfrom
T-kesh:test/contracts-approval-ttl-expiry

Conversation

@T-kesh

@T-kesh T-kesh commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Closes #467

Summary
Adds test coverage proving that milestone approvals stored in temporary storage with PENDING_APPROVAL_TTL_LEDGERS (7 days ≈ 120,960 ledgers) actually stop a release once the TTL elapses. check_approvals already treats an expired/absent record as InsufficientApprovals (fail-closed); the existing inline tests only covered approval and duplicate rejection and never advanced the ledger past the TTL. These tests close that gap.

No production changes — this PR is test + documentation only, as the issue specifies.

What's included
contracts/escrow/src/test/approval_expiry.rs — End-to-end tests through the public EscrowClient API:

Approve a milestone, advance env.ledger() sequence beyond PENDING_APPROVAL_TTL_LEDGERS, and assert release_milestone fails with InsufficientApprovals.
Covers every ReleaseAuthorization mode: ClientOnly, ArbiterOnly, ClientAndArbiter, and MultiSig.
MultiSig expiry race: one party's approval expires before the second arrives → release fails; re-approving the expired leg then succeeds.
Edge cases: exactly-at-TTL (still live), one ledger past TTL (evicted), and bump-on-read refresh (a read within PENDING_APPROVAL_BUMP_THRESHOLD of expiry renews the TTL).
Per-milestone TTL independence.
contracts/escrow/src/test/ttl_tests.rs — Unit coverage of the ttl helpers via env.as_contract (compute_expiry, store_with_ttl, read_if_live, extend_if_below_threshold, remove_transient, has_transient) plus an integration submodule exercising approvals::approve_milestone / approvals::check_approvals across the TTL boundary, for both approval and migration TTL constants.

docs/escrow/README.md — Documents approval TTL / auto-expiry, fail-closed semantics, and the bump-on-read refresh behavior.

Removed the orphaned contracts/escrow/src/test_approval_expiry.rs (it was never wired into the module tree); its coverage now lives under src/test/.

Security assumption validated
Expired approvals cannot release funds: once the temporary record is auto-evicted, check_approvals returns InsufficientApprovals and release_milestone is rejected across all authorization modes.

T-kesh and others added 2 commits June 29, 2026 17:18
Add TTL-expiry coverage for milestone approvals stored in temporary
storage with PENDING_APPROVAL_TTL_LEDGERS (7 days):

- approval_expiry.rs: advance the ledger past the TTL and assert
  release_milestone fails with InsufficientApprovals across every
  ReleaseAuthorization mode (ClientOnly, ArbiterOnly, ClientAndArbiter,
  MultiSig), including the MultiSig case where one approval expires
  before the second arrives. Covers exactly-at-TTL, one-ledger-past-TTL,
  and bump-on-read refresh edge cases.
- ttl_tests.rs: exercise the ttl helpers directly (compute_expiry,
  store_with_ttl, read_if_live, extend_if_below_threshold,
  remove_transient, has_transient) and the approvals::check_approvals
  fail-closed path for approval and migration TTL constants.
- Document approval TTL / bump-on-read semantics in docs/escrow/README.md.
- Remove the orphaned src/test_approval_expiry.rs (never wired into the
  module tree); its coverage now lives under src/test/.

No production changes (per issue Talenttrust#467).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…al-ttl-expiry

# Conflicts:
#	contracts/escrow/src/test/mod.rs
#	docs/escrow/README.md
@drips-wave

drips-wave Bot commented Jun 29, 2026

Copy link
Copy Markdown

@T-kesh Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add tests asserting approval auto-expiry via temporary storage TTL

1 participant