feat(server): implement useragent_delete_grant hard delete cleanup

mise.lock

@@ -48,10 +48,6 @@ backend = "cargo:cargo-features-manager"
 version = "1.46.3"
 backend = "cargo:cargo-insta"
 
-[[tools."cargo:cargo-mutants"]]
-version = "27.0.0"
-backend = "cargo:cargo-mutants"
-
 [[tools."cargo:cargo-nextest"]]
 version = "0.9.126"
 backend = "cargo:cargo-nextest"
@@ -115,37 +111,30 @@ backend = "core:python"
 [tools.python."platforms.linux-arm64"]
 checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.linux-arm64-musl"]
 checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.linux-x64"]
 checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.linux-x64-musl"]
 checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.macos-arm64"]
 checksum = "sha256:c43aecde4a663aebff99b9b83da0efec506479f1c3f98331442f33d2c43501f9"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-apple-darwin-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.macos-x64"]
 checksum = "sha256:9ab41dbc2f100a2a45d1833b9c11165f51051c558b5213eda9a9731d5948a0c0"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-apple-darwin-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.windows-x64"]
 checksum = "sha256:bbe19034b35b0267176a7442575ae7dc6343480fd4d35598cb7700173d431e09"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-pc-windows-msvc-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [[tools.rust]]
 version = "1.93.0"

mise.toml

@@ -12,7 +12,6 @@ protoc = "29.6"
 python = "3.14.3"
 ast-grep = "0.42.0"
 "cargo:cargo-edit" = "0.13.9"
-"cargo:cargo-mutants" = "27.0.0"
 
 [tasks.codegen]
 sources = ['protobufs/*.proto', 'protobufs/**/*.proto']

server/.cargo/mutants.toml

@@ -1 +0,0 @@
-test_tool = "nextest"

server/.gitignore

@@ -1,2 +0,0 @@
-mutants.out/
-mutants.out.old/

server/Cargo.lock

@@ -743,7 +743,6 @@ dependencies = [
  "k256",
  "kameo",
  "memsafe",
- "mutants",
  "pem",
  "postcard",
  "prost",
@@ -3237,12 +3236,6 @@ version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1d87ecb2933e8aeadb3e3a02b828fed80a7528047e68b4f424523a0981a3a084"
 
-[[package]]
-name = "mutants"
-version = "0.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "add0ac067452ff1aca8c5002111bd6b1c895baee6e45fcbc44e0193aea17be56"
-
 [[package]]
 name = "nom"
 version = "7.1.3"

server/Cargo.toml

@@ -44,4 +44,3 @@ sha2 = "0.10"
 spki = "0.7"
 prost = "0.14.3"
 miette = { version = "7.6.0", features = ["fancy", "serde"] }
-mutants = "0.0.4"

server/crates/arbiter-server/Cargo.toml

@@ -61,7 +61,6 @@ anyhow = "1.0.102"
 postcard = { version = "1.1.3", features = ["use-std"] }
 serde = { version = "1.0.228", features = ["derive"] }
 serde_with = "3.18.0"
-mutants.workspace = true
 
 [dev-dependencies]
 insta = "1.46.3"

server/crates/arbiter-server/src/actors/evm/mod.rs

@@ -1,24 +1,26 @@
 use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
 use diesel::{
-    ExpressionMethods, OptionalExtension as _, QueryDsl, SelectableHelper as _, dsl::insert_into,
+    BoolExpressionMethods as _, ExpressionMethods, OptionalExtension as _, QueryDsl,
+    SelectableHelper as _, dsl::insert_into,
 };
-use diesel_async::RunQueryDsl;
+use diesel_async::{AsyncConnection as _, RunQueryDsl};
 use kameo::{Actor, actor::ActorRef, messages};
 use rand::{SeedableRng, rng, rngs::StdRng};
 
 use crate::{
-    actors::keyholder::{CreateNew, Decrypt, GetState, KeyHolder, KeyHolderState},
+    actors::keyholder::{CreateNew, Decrypt, KeyHolder},
     crypto::integrity,
     db::{
         DatabaseError, DatabasePool,
-        models::{self, SqliteTimestamp},
+        models::{self},
         schema,
     },
     evm::{
-        self, ListError, RunKind, policies::{
+        self, ListError, RunKind,
+        policies::{
             CombinedSettings, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning,
             ether_transfer::EtherTransfer, token_transfers::TokenTransfer,
-        }
+        },
     },
     safe_cell::{SafeCell, SafeCellHandle as _},
 };
@@ -158,27 +160,114 @@ impl EvmActor {
 
     #[message]
     pub async fn useragent_delete_grant(&mut self, grant_id: i32) -> Result<(), Error> {
-        // let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
+        let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
-        // let keyholder = self.keyholder.clone();
 
-        // diesel_async::AsyncConnection::transaction(&mut conn, |conn| {
+        // We intentionally perform a hard delete here to avoid leaving revoked grants and their
-        //     Box::pin(async move {
+        // related rows as long-lived DB garbage. We also don't rely on SQLite FK cascades because
-        //         diesel::update(schema::evm_basic_grant::table)
+        // they can be disabled per-connection.
-        //             .filter(schema::evm_basic_grant::id.eq(grant_id))
+        conn.transaction(|conn| {
-        //             .set(schema::evm_basic_grant::revoked_at.eq(SqliteTimestamp::now()))
+            Box::pin(async move {
-        //             .execute(conn)
+                // First, resolve policy-specific rows by basic grant id.
-        //             .await?;
+                let token_grant_id: Option<i32> = schema::evm_token_transfer_grant::table
+                    .select(schema::evm_token_transfer_grant::id)
+                    .filter(schema::evm_token_transfer_grant::basic_grant_id.eq(grant_id))
+                    .first::<i32>(conn)
+                    .await
+                    .optional()?;
 
-        //         let signed = integrity::evm::load_signed_grant_by_basic_id(conn, grant_id).await?;
+                let ether_grant: Option<(i32, i32)> = schema::evm_ether_transfer_grant::table
+                    .select((
+                        schema::evm_ether_transfer_grant::id,
+                        schema::evm_ether_transfer_grant::limit_id,
+                    ))
+                    .filter(schema::evm_ether_transfer_grant::basic_grant_id.eq(grant_id))
+                    .first::<(i32, i32)>(conn)
+                    .await
+                    .optional()?;
 
-        //         diesel::result::QueryResult::Ok(())
+                // Token-transfer: logs must be deleted before transaction logs (FK restrict).
-        //     })
+                if let Some(token_grant_id) = token_grant_id {
-        // })
+                    diesel::delete(
-        // .await
+                        schema::evm_token_transfer_log::table
-        // .map_err(DatabaseError::from)?;
+                            .filter(schema::evm_token_transfer_log::grant_id.eq(token_grant_id)),
+                    )
+                    .execute(conn)
+                    .await?;
 
-        // Ok(())
+                    diesel::delete(schema::evm_token_transfer_volume_limit::table.filter(
-        todo!()
+                        schema::evm_token_transfer_volume_limit::grant_id.eq(token_grant_id),
+                    ))
+                    .execute(conn)
+                    .await?;
+
+                    diesel::delete(
+                        schema::evm_token_transfer_grant::table
+                            .filter(schema::evm_token_transfer_grant::id.eq(token_grant_id)),
+                    )
+                    .execute(conn)
+                    .await?;
+                }
+
+                // Shared transaction logs for any grant kind.
+                diesel::delete(
+                    schema::evm_transaction_log::table
+                        .filter(schema::evm_transaction_log::grant_id.eq(grant_id)),
+                )
+                .execute(conn)
+                .await?;
+
+                // Ether-transfer: delete targets, grant row, then its limit row.
+                if let Some((ether_grant_id, limit_id)) = ether_grant {
+                    diesel::delete(schema::evm_ether_transfer_grant_target::table.filter(
+                        schema::evm_ether_transfer_grant_target::grant_id.eq(ether_grant_id),
+                    ))
+                    .execute(conn)
+                    .await?;
+
+                    diesel::delete(
+                        schema::evm_ether_transfer_grant::table
+                            .filter(schema::evm_ether_transfer_grant::id.eq(ether_grant_id)),
+                    )
+                    .execute(conn)
+                    .await?;
+
+                    diesel::delete(
+                        schema::evm_ether_transfer_limit::table
+                            .filter(schema::evm_ether_transfer_limit::id.eq(limit_id)),
+                    )
+                    .execute(conn)
+                    .await?;
+                }
+
+                // Integrity envelopes are not FK-constrained; delete only grant-related kinds to
+                // avoid accidentally deleting other entities that share the same integer ID.
+                let entity_id = grant_id.to_be_bytes().to_vec();
+                diesel::delete(
+                    schema::integrity_envelope::table
+                        .filter(schema::integrity_envelope::entity_id.eq(entity_id))
+                        .filter(
+                            schema::integrity_envelope::entity_kind
+                                .eq("EtherTransfer")
+                                .or(schema::integrity_envelope::entity_kind.eq("TokenTransfer")),
+                        ),
+                )
+                .execute(conn)
+                .await?;
+
+                // Finally remove the basic grant row itself (idempotent if it doesn't exist).
+                diesel::delete(
+                    schema::evm_basic_grant::table.filter(schema::evm_basic_grant::id.eq(grant_id)),
+                )
+                .execute(conn)
+                .await?;
+
+                diesel::result::QueryResult::Ok(())
+            })
+        })
+        .await
+        .map_err(DatabaseError::from)?;
+
+        Ok(())
     }
 
     #[message]
@@ -270,3 +359,6 @@ impl EvmActor {
         Ok(signer.sign_transaction_sync(&mut transaction)?)
     }
 }
+
+#[cfg(test)]
+mod tests;

server/crates/arbiter-server/src/actors/evm/tests.rs

@@ -0,0 +1,283 @@
+use diesel::{ExpressionMethods as _, QueryDsl as _, dsl::insert_into};
+use diesel_async::RunQueryDsl;
+use kameo::actor::Spawn as _;
+
+use crate::{
+    actors::{evm::EvmActor, keyholder::KeyHolder},
+    db::{self, models, schema},
+};
+
+#[tokio::test]
+async fn delete_ether_grant_cleans_related_tables() {
+    let db = db::create_test_pool().await;
+    let keyholder = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
+    let mut actor = EvmActor::new(keyholder, db.clone());
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_id: i32 = insert_into(schema::evm_basic_grant::table)
+        .values(&models::NewEvmBasicGrant {
+            wallet_access_id: 1,
+            chain_id: 1,
+            valid_from: None,
+            valid_until: None,
+            max_gas_fee_per_gas: None,
+            max_priority_fee_per_gas: None,
+            rate_limit_count: None,
+            rate_limit_window_secs: None,
+            revoked_at: None,
+        })
+        .returning(schema::evm_basic_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    let limit_id: i32 = insert_into(schema::evm_ether_transfer_limit::table)
+        .values(&models::NewEvmEtherTransferLimit {
+            window_secs: 60,
+            max_volume: vec![1],
+        })
+        .returning(schema::evm_ether_transfer_limit::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    let ether_grant_id: i32 = insert_into(schema::evm_ether_transfer_grant::table)
+        .values(&models::NewEvmEtherTransferGrant {
+            basic_grant_id: basic_id,
+            limit_id,
+        })
+        .returning(schema::evm_ether_transfer_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_ether_transfer_grant_target::table)
+        .values(&models::NewEvmEtherTransferGrantTarget {
+            grant_id: ether_grant_id,
+            address: vec![0u8; 20],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_transaction_log::table)
+        .values(&models::NewEvmTransactionLog {
+            grant_id: basic_id,
+            wallet_access_id: 1,
+            chain_id: 1,
+            eth_value: vec![0],
+            signed_at: models::SqliteTimestamp::now(),
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::integrity_envelope::table)
+        .values(&models::NewIntegrityEnvelope {
+            entity_kind: "EtherTransfer".to_owned(),
+            entity_id: basic_id.to_be_bytes().to_vec(),
+            payload_version: 1,
+            key_version: 1,
+            mac: vec![0u8; 32],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    drop(conn);
+
+    actor.useragent_delete_grant(basic_id).await.unwrap();
+
+    // Idempotency: second delete should be a no-op.
+    actor.useragent_delete_grant(basic_id).await.unwrap();
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_count: i64 = schema::evm_basic_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(basic_count, 0);
+
+    let ether_grant_count: i64 = schema::evm_ether_transfer_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(ether_grant_count, 0);
+
+    let target_count: i64 = schema::evm_ether_transfer_grant_target::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(target_count, 0);
+
+    let limit_count: i64 = schema::evm_ether_transfer_limit::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(limit_count, 0);
+
+    let log_count: i64 = schema::evm_transaction_log::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(log_count, 0);
+
+    let envelope_count: i64 = schema::integrity_envelope::table
+        .filter(schema::integrity_envelope::entity_kind.eq("EtherTransfer"))
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(envelope_count, 0);
+}
+
+#[tokio::test]
+async fn delete_token_grant_cleans_related_tables() {
+    let db = db::create_test_pool().await;
+    let keyholder = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
+    let mut actor = EvmActor::new(keyholder, db.clone());
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_id: i32 = insert_into(schema::evm_basic_grant::table)
+        .values(&models::NewEvmBasicGrant {
+            wallet_access_id: 1,
+            chain_id: 1,
+            valid_from: None,
+            valid_until: None,
+            max_gas_fee_per_gas: None,
+            max_priority_fee_per_gas: None,
+            rate_limit_count: None,
+            rate_limit_window_secs: None,
+            revoked_at: None,
+        })
+        .returning(schema::evm_basic_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    let token_grant_id: i32 = insert_into(schema::evm_token_transfer_grant::table)
+        .values(&models::NewEvmTokenTransferGrant {
+            basic_grant_id: basic_id,
+            token_contract: vec![1u8; 20],
+            receiver: None,
+        })
+        .returning(schema::evm_token_transfer_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_token_transfer_volume_limit::table)
+        .values(&models::NewEvmTokenTransferVolumeLimit {
+            grant_id: token_grant_id,
+            window_secs: 60,
+            max_volume: vec![1],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_token_transfer_volume_limit::table)
+        .values(&models::NewEvmTokenTransferVolumeLimit {
+            grant_id: token_grant_id,
+            window_secs: 3600,
+            max_volume: vec![2],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    let tx_log_id: i32 = insert_into(schema::evm_transaction_log::table)
+        .values(&models::NewEvmTransactionLog {
+            grant_id: basic_id,
+            wallet_access_id: 1,
+            chain_id: 1,
+            eth_value: vec![0],
+            signed_at: models::SqliteTimestamp::now(),
+        })
+        .returning(schema::evm_transaction_log::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_token_transfer_log::table)
+        .values(&models::NewEvmTokenTransferLog {
+            grant_id: token_grant_id,
+            log_id: tx_log_id,
+            chain_id: 1,
+            token_contract: vec![1u8; 20],
+            recipient_address: vec![2u8; 20],
+            value: vec![3],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::integrity_envelope::table)
+        .values(&models::NewIntegrityEnvelope {
+            entity_kind: "TokenTransfer".to_owned(),
+            entity_id: basic_id.to_be_bytes().to_vec(),
+            payload_version: 1,
+            key_version: 1,
+            mac: vec![0u8; 32],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    drop(conn);
+
+    actor.useragent_delete_grant(basic_id).await.unwrap();
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_count: i64 = schema::evm_basic_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(basic_count, 0);
+
+    let token_grant_count: i64 = schema::evm_token_transfer_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(token_grant_count, 0);
+
+    let token_limits_count: i64 = schema::evm_token_transfer_volume_limit::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(token_limits_count, 0);
+
+    let token_logs_count: i64 = schema::evm_token_transfer_log::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(token_logs_count, 0);
+
+    let tx_logs_count: i64 = schema::evm_transaction_log::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(tx_logs_count, 0);
+
+    let envelope_count: i64 = schema::integrity_envelope::table
+        .filter(schema::integrity_envelope::entity_kind.eq("TokenTransfer"))
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(envelope_count, 0);
+}

server/crates/arbiter-server/src/crypto/mod.rs

@@ -102,21 +102,11 @@ impl KeyCell {
     }
 }
 
+/// User password might be of different length, have not enough entropy, etc...
 /// Derive a fixed-length key from the password using Argon2id, which is designed for password hashing and key derivation.
 pub fn derive_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell {
-    let params = {
-    #[cfg(debug_assertions)]
-    {
-        argon2::Params::new(8, 1, 1, None).unwrap()
-    }
-
-    #[cfg(not(debug_assertions))]
-    {
-        argon2::Params::new(262_144, 3, 4, None).unwrap()
-    }
-};
-
     #[allow(clippy::unwrap_used)]
+    let params = argon2::Params::new(262_144, 3, 4, None).unwrap();
     let hasher = Argon2::new(Algorithm::Argon2id, argon2::Version::V0x13, params);
     let mut key = SafeCell::new(Key::default());
     password.read_inline(|password_source| {

server/crates/arbiter-server/src/db/mod.rs

@@ -133,7 +133,6 @@ pub async fn create_pool(url: Option<&str>) -> Result<DatabasePool, DatabaseSetu
     Ok(pool)
 }
 
-#[mutants::skip]
 pub async fn create_test_pool() -> DatabasePool {
     use rand::distr::{Alphanumeric, SampleString as _};
 

server/crates/arbiter-server/src/main.rs

@@ -10,7 +10,6 @@ use tracing::info;
 const PORT: u16 = 50051;
 
 #[tokio::main]
-#[mutants::skip]
 async fn main() -> anyhow::Result<()> {
     aws_lc_rs::default_provider().install_default().unwrap();