remitwise

[Cofez]

test: add schema consistency tests for common event helpers

Closes #328

Summary

• Added 40 comprehensive tests to remitwise-common covering RemitwiseEvents topic/payload schema, clamp_limit boundaries, enum discriminant stability, TTL constant relationships, and trait correctness.
• Removed duplicate ARCHIVE_LIFETIME_THRESHOLD and ARCHIVE_BUMP_AMOUNT constant definitions that would cause compilation errors (hardcoded values duplicated the computed values using DAY_IN_LEDGERS).
• Fixed duplicate proptest key in insurance/Cargo.toml that was blocking workspace-wide compilation.
• Added soroban-sdk with testutils feature to remitwise-common dev-dependencies to enable event inspection in tests.
• Fixed pre-existing compilation errors across 3 contracts (remittance_split, family_wallet, orchestrator) that were blocking CI builds.

Motivation

remitwise-common is imported by 7 contracts but had zero test coverage. Any silent change to enum discriminants, event topic ordering, or constant values could propagate undetected across the entire workspace. These tests lock down the public API surface and prevent accidental schema drift.

Additionally, the workspace had multiple compilation-breaking issues from prior merges that needed resolution for CI to pass.

Test Coverage Breakdown

Category	Count	What it guards against
clamp_limit boundary/property tests	8	Off-by-one errors, u32::MAX edge case, range invariant [1, MAX_PAGE_LIMIT]
Enum discriminant pinning	6	Accidental renumbering of Category, FamilyRole, CoverageType, EventCategory, EventPriority
FamilyRole ordering	1	Breaking the Ord contract used for access control comparisons
to_u32() conversion	2	Divergence between as u32 cast and to_u32() method
TTL constant sanity	7	DAY_IN_LEDGERS value, threshold < bump invariants, exact day-count formulas
Other constants	4	SIGNATURE_EXPIRATION, MAX_BATCH_SIZE, CONTRACT_VERSION, pagination defaults
RemitwiseEvents::emit topic schema	8	4-topic tuple shape, Topic[0] = "Remitwise" namespace, Topic[1] = category, Topic[2] = priority, Topic[3] = action, payload fidelity (u32, bool, tuple), exhaustive 5x3 category-priority matrix
RemitwiseEvents::emit_batch schema	5	4-topic tuple shape, hardcoded Low priority, hardcoded "batch" action, payload = (action, count), zero/max-count edge cases
Cross-method schema consistency	2	emit and emit_batch share namespace/category positions; batch action lives in payload, not topics
Enum trait consistency	5	Clone + Eq for contract types, Copy for event enums

Total: 40 tests

Files Changed

File	Change
remitwise-common/src/lib.rs	Added #[cfg(test)] mod tests with 40 tests; removed duplicate ARCHIVE_* constants
remitwise-common/Cargo.toml	Added [dev-dependencies] with soroban-sdk testutils
insurance/Cargo.toml	Removed duplicate proptest key in [dev-dependencies]
remittance_split/src/lib.rs	Added 6 missing error variants to RemittanceSplitError; added SplitAuthPayload struct; added exported_at field to ExportSnapshot; imported clamp_limit; fixed verify_snapshot checksum call signature; fixed undefined current_max_id/schedules variables in create_schedule
family_wallet/src/lib.rs	Added missing precision_limit: None to 2 FamilyMember initializers; added validate_precision_spending function; imported panic_with_error! macro
orchestrator/src/lib.rs	Added missing validate_two_addresses and consume_nonce helper methods; prefixed unused nonce params with _

Compilation Fixes Detail

remittance_split/src/lib.rs

• Missing error variants: PercentageOutOfRange, PercentagesDoNotSumTo100, SnapshotNotInitialized, InvalidPercentageRange, FutureTimestamp, OwnerMismatch added to RemittanceSplitError (discriminants 17–22)
• Missing struct: SplitAuthPayload defined with domain-separated auth fields matching its usage in initialize_split
• Missing field: exported_at: u64 added to ExportSnapshot and populated in export_snapshot
• Missing import: clamp_limit imported from remitwise_common for get_audit_log
• Broken variables: current_max_id and schedules.contains_key() in create_schedule fixed to use storage reads
• Wrong checksum call: verify_snapshot was passing exported_at instead of &schedules to compute_checksum

family_wallet/src/lib.rs

• Missing field: precision_limit: None added to owner and initial member FamilyMember initializers in init()
• Missing function: validate_precision_spending implemented to validate amounts against PrecisionSpendingLimit constraints
• Missing macro: panic_with_error! added to imports

orchestrator/src/lib.rs

• Missing methods: validate_two_addresses (self-reference and duplicate detection) and consume_nonce (replay protection via monotonic counter) added
• Warnings: Unused nonce parameters prefixed with _ in execute_bill_payment and execute_insurance_payment

Security Notes

• Event tests verify the deterministic 4-tuple topic schema ("Remitwise", category, priority, action) that on-chain indexers depend on. Any topic reordering would break downstream consumers.
• Discriminant pinning tests prevent silent ABI-breaking changes to #[contracttype] enums stored on-chain.
• TTL invariant tests (threshold < bump) ensure storage entries are always renewed before they expire.
• No sensitive data is included in test payloads (consistent with the RemitwiseEvents::emit security doc).
• SplitAuthPayload includes full domain separation (network ID, contract address, operation) to prevent cross-contract replay.
• validate_two_addresses prevents self-referencing and duplicate contract addresses in orchestrator flows.
• consume_nonce provides replay protection with a monotonic counter per caller.

How to Test

cargo build --release --target wasm32-unknown-unknown
cargo test -p remitwise-common

Checklist

• Tests written in remitwise-common/src/lib.rs
• Covers all public enums, constants, functions, and event helpers
• Prevents schema drift in RemitwiseEvents topic ordering
• Pins enum discriminant values to catch accidental renumbering
• Validates TTL constant relationships (threshold < bump)
• Fixes pre-existing compilation blockers (duplicate constants, duplicate Cargo key)
• Fixes compilation errors in remittance_split, family_wallet, and orchestrator
• No new dependencies added (only testutils feature flag for existing soroban-sdk)