feat(server): implement useragent_delete_grant hard delete cleanup

mise.lock

@@ -48,10 +48,6 @@ backend = "cargo:cargo-features-manager"
 version = "1.46.3"
 backend = "cargo:cargo-insta"
 
-[[tools."cargo:cargo-mutants"]]
-version = "27.0.0"
-backend = "cargo:cargo-mutants"
-
 [[tools."cargo:cargo-nextest"]]
 version = "0.9.126"
 backend = "cargo:cargo-nextest"
@@ -115,37 +111,30 @@ backend = "core:python"
 [tools.python."platforms.linux-arm64"]
 checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.linux-arm64-musl"]
 checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.linux-x64"]
 checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.linux-x64-musl"]
 checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.macos-arm64"]
 checksum = "sha256:c43aecde4a663aebff99b9b83da0efec506479f1c3f98331442f33d2c43501f9"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-apple-darwin-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.macos-x64"]
 checksum = "sha256:9ab41dbc2f100a2a45d1833b9c11165f51051c558b5213eda9a9731d5948a0c0"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-apple-darwin-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [tools.python."platforms.windows-x64"]
 checksum = "sha256:bbe19034b35b0267176a7442575ae7dc6343480fd4d35598cb7700173d431e09"
 url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-pc-windows-msvc-install_only_stripped.tar.gz"
-provenance = "github-attestations"
 
 [[tools.rust]]
 version = "1.93.0"

mise.toml

@@ -12,7 +12,6 @@ protoc = "29.6"
 python = "3.14.3"
 ast-grep = "0.42.0"
 "cargo:cargo-edit" = "0.13.9"
-"cargo:cargo-mutants" = "27.0.0"
 
 [tasks.codegen]
 sources = ['protobufs/*.proto', 'protobufs/**/*.proto']

protobufs/shared/evm.proto

@@ -36,10 +36,6 @@ message GasLimitExceededViolation {
 }
 
 message EvalViolation {
-  message ChainIdMismatch {
-    uint64 expected = 1;
-    uint64 actual = 2;
-  }
   oneof kind {
     bytes invalid_target = 1; // 20-byte Ethereum address
     GasLimitExceededViolation gas_limit_exceeded = 2;
@@ -47,8 +43,6 @@ message EvalViolation {
     google.protobuf.Empty volumetric_limit_exceeded = 4;
     google.protobuf.Empty invalid_time = 5;
     google.protobuf.Empty invalid_transaction_type = 6;
-
-    ChainIdMismatch chain_id_mismatch = 7;
   }
 }
 

server/.cargo/mutants.toml

@@ -1 +0,0 @@
-test_tool = "nextest"

server/.gitignore

@@ -1,2 +0,0 @@
-mutants.out/
-mutants.out.old/

server/Cargo.lock

@@ -743,18 +743,17 @@ dependencies = [
  "k256",
  "kameo",
  "memsafe",
- "mutants",
  "pem",
- "proptest",
+ "postcard",
  "prost",
  "prost-types",
  "rand 0.10.0",
  "rcgen",
  "restructed",
  "rsa",
- "rstest",
  "rustls",
  "secrecy",
+ "serde",
  "serde_with",
  "sha2 0.10.9",
  "smlang",
@@ -1058,6 +1057,15 @@ dependencies = [
  "syn 2.0.117",
 ]
 
+[[package]]
+name = "atomic-polyfill"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8cf2bce30dfe09ef0bfaef228b9d414faaf7e563035494d7fe092dba54b300f4"
+dependencies = [
+ "critical-section",
+]
+
 [[package]]
 name = "atomic-waker"
 version = "1.1.2"
@@ -1448,6 +1456,15 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "cobs"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fa961b519f0b462e3a3b4a34b64d119eeaca1d59af726fe450bbba07a9fc0a1"
+dependencies = [
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "console"
 version = "0.15.11"
@@ -1555,6 +1572,12 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "critical-section"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b"
+
 [[package]]
 name = "crossbeam-utils"
 version = "0.8.21"
@@ -2020,6 +2043,18 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "embedded-io"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef1a6892d9eef45c8fa6b9e0086428a2cca8491aca8f787c534a3d6d0bcb3ced"
+
+[[package]]
+name = "embedded-io"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "edd0f118536f44f5ccd48bcb8b111bdc3de888b58c74639dfb034a357d0f206d"
+
 [[package]]
 name = "encode_unicode"
 version = "1.0.0"
@@ -2437,6 +2472,15 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "hash32"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b0c35f58762feb77d74ebe43bdbc3210f09be9fe6742234d573bacc26ed92b67"
+dependencies = [
+ "byteorder",
+]
+
 [[package]]
 name = "hashbrown"
 version = "0.12.3"
@@ -2471,6 +2515,20 @@ dependencies = [
  "serde_core",
 ]
 
+[[package]]
+name = "heapless"
+version = "0.7.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cdc6457c0eb62c71aac4bc17216026d8410337c4126773b9c5daba343f17964f"
+dependencies = [
+ "atomic-polyfill",
+ "hash32",
+ "rustc_version 0.4.1",
+ "serde",
+ "spin",
+ "stable_deref_trait",
+]
+
 [[package]]
 name = "heck"
 version = "0.5.0"
@@ -3178,12 +3236,6 @@ version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1d87ecb2933e8aeadb3e3a02b828fed80a7528047e68b4f424523a0981a3a084"
 
-[[package]]
-name = "mutants"
-version = "0.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "add0ac067452ff1aca8c5002111bd6b1c895baee6e45fcbc44e0193aea17be56"
-
 [[package]]
 name = "nom"
 version = "7.1.3"
@@ -3537,6 +3589,19 @@ version = "1.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
 
+[[package]]
+name = "postcard"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6764c3b5dd454e283a30e6dfe78e9b31096d9e32036b5d1eaac7a6119ccb9a24"
+dependencies = [
+ "cobs",
+ "embedded-io 0.4.0",
+ "embedded-io 0.6.1",
+ "heapless",
+ "serde",
+]
+
 [[package]]
 name = "potential_utf"
 version = "0.1.4"
@@ -3648,9 +3713,9 @@ dependencies = [
 
 [[package]]
 name = "proptest"
-version = "1.11.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744"
+checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532"
 dependencies = [
  "bit-set",
  "bit-vec",
@@ -4725,6 +4790,9 @@ name = "spin"
 version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+dependencies = [
+ "lock_api",
+]
 
 [[package]]
 name = "spki"

server/Cargo.toml

@@ -44,4 +44,3 @@ sha2 = "0.10"
 spki = "0.7"
 prost = "0.14.3"
 miette = { version = "7.6.0", features = ["fancy", "serde"] }
-mutants = "0.0.4"

server/crates/arbiter-server/Cargo.toml

@@ -58,11 +58,10 @@ prost-types.workspace = true
 prost.workspace = true
 arbiter-tokens-registry.path = "../arbiter-tokens-registry"
 anyhow = "1.0.102"
+postcard = { version = "1.1.3", features = ["use-std"] }
+serde = { version = "1.0.228", features = ["derive"] }
 serde_with = "3.18.0"
-mutants.workspace = true
 
 [dev-dependencies]
 insta = "1.46.3"
-proptest = "1.11.0"
-rstest.workspace = true
 test-log = { version = "0.2", default-features = false, features = ["trace"] }

server/crates/arbiter-server/src/actors/evm/mod.rs

@@ -1,17 +1,18 @@
 use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
 use diesel::{
-    ExpressionMethods, OptionalExtension as _, QueryDsl, SelectableHelper as _, dsl::insert_into,
+    BoolExpressionMethods as _, ExpressionMethods, OptionalExtension as _, QueryDsl,
+    SelectableHelper as _, dsl::insert_into,
 };
-use diesel_async::RunQueryDsl;
+use diesel_async::{AsyncConnection as _, RunQueryDsl};
 use kameo::{Actor, actor::ActorRef, messages};
 use rand::{SeedableRng, rng, rngs::StdRng};
 
 use crate::{
-    actors::keyholder::{CreateNew, Decrypt, GetState, KeyHolder, KeyHolderState},
+    actors::keyholder::{CreateNew, Decrypt, KeyHolder},
     crypto::integrity,
     db::{
         DatabaseError, DatabasePool,
-        models::{self, SqliteTimestamp},
+        models::{self},
         schema,
     },
     evm::{
@@ -159,27 +160,114 @@ impl EvmActor {
 
     #[message]
     pub async fn useragent_delete_grant(&mut self, grant_id: i32) -> Result<(), Error> {
-        // let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
+        let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
-        // let keyholder = self.keyholder.clone();
 
-        // diesel_async::AsyncConnection::transaction(&mut conn, |conn| {
+        // We intentionally perform a hard delete here to avoid leaving revoked grants and their
-        //     Box::pin(async move {
+        // related rows as long-lived DB garbage. We also don't rely on SQLite FK cascades because
-        //         diesel::update(schema::evm_basic_grant::table)
+        // they can be disabled per-connection.
-        //             .filter(schema::evm_basic_grant::id.eq(grant_id))
+        conn.transaction(|conn| {
-        //             .set(schema::evm_basic_grant::revoked_at.eq(SqliteTimestamp::now()))
+            Box::pin(async move {
-        //             .execute(conn)
+                // First, resolve policy-specific rows by basic grant id.
-        //             .await?;
+                let token_grant_id: Option<i32> = schema::evm_token_transfer_grant::table
+                    .select(schema::evm_token_transfer_grant::id)
+                    .filter(schema::evm_token_transfer_grant::basic_grant_id.eq(grant_id))
+                    .first::<i32>(conn)
+                    .await
+                    .optional()?;
 
-        //         let signed = integrity::evm::load_signed_grant_by_basic_id(conn, grant_id).await?;
+                let ether_grant: Option<(i32, i32)> = schema::evm_ether_transfer_grant::table
+                    .select((
+                        schema::evm_ether_transfer_grant::id,
+                        schema::evm_ether_transfer_grant::limit_id,
+                    ))
+                    .filter(schema::evm_ether_transfer_grant::basic_grant_id.eq(grant_id))
+                    .first::<(i32, i32)>(conn)
+                    .await
+                    .optional()?;
 
-        //         diesel::result::QueryResult::Ok(())
+                // Token-transfer: logs must be deleted before transaction logs (FK restrict).
-        //     })
+                if let Some(token_grant_id) = token_grant_id {
-        // })
+                    diesel::delete(
-        // .await
+                        schema::evm_token_transfer_log::table
-        // .map_err(DatabaseError::from)?;
+                            .filter(schema::evm_token_transfer_log::grant_id.eq(token_grant_id)),
+                    )
+                    .execute(conn)
+                    .await?;
 
-        // Ok(())
+                    diesel::delete(schema::evm_token_transfer_volume_limit::table.filter(
-        todo!()
+                        schema::evm_token_transfer_volume_limit::grant_id.eq(token_grant_id),
+                    ))
+                    .execute(conn)
+                    .await?;
+
+                    diesel::delete(
+                        schema::evm_token_transfer_grant::table
+                            .filter(schema::evm_token_transfer_grant::id.eq(token_grant_id)),
+                    )
+                    .execute(conn)
+                    .await?;
+                }
+
+                // Shared transaction logs for any grant kind.
+                diesel::delete(
+                    schema::evm_transaction_log::table
+                        .filter(schema::evm_transaction_log::grant_id.eq(grant_id)),
+                )
+                .execute(conn)
+                .await?;
+
+                // Ether-transfer: delete targets, grant row, then its limit row.
+                if let Some((ether_grant_id, limit_id)) = ether_grant {
+                    diesel::delete(schema::evm_ether_transfer_grant_target::table.filter(
+                        schema::evm_ether_transfer_grant_target::grant_id.eq(ether_grant_id),
+                    ))
+                    .execute(conn)
+                    .await?;
+
+                    diesel::delete(
+                        schema::evm_ether_transfer_grant::table
+                            .filter(schema::evm_ether_transfer_grant::id.eq(ether_grant_id)),
+                    )
+                    .execute(conn)
+                    .await?;
+
+                    diesel::delete(
+                        schema::evm_ether_transfer_limit::table
+                            .filter(schema::evm_ether_transfer_limit::id.eq(limit_id)),
+                    )
+                    .execute(conn)
+                    .await?;
+                }
+
+                // Integrity envelopes are not FK-constrained; delete only grant-related kinds to
+                // avoid accidentally deleting other entities that share the same integer ID.
+                let entity_id = grant_id.to_be_bytes().to_vec();
+                diesel::delete(
+                    schema::integrity_envelope::table
+                        .filter(schema::integrity_envelope::entity_id.eq(entity_id))
+                        .filter(
+                            schema::integrity_envelope::entity_kind
+                                .eq("EtherTransfer")
+                                .or(schema::integrity_envelope::entity_kind.eq("TokenTransfer")),
+                        ),
+                )
+                .execute(conn)
+                .await?;
+
+                // Finally remove the basic grant row itself (idempotent if it doesn't exist).
+                diesel::delete(
+                    schema::evm_basic_grant::table.filter(schema::evm_basic_grant::id.eq(grant_id)),
+                )
+                .execute(conn)
+                .await?;
+
+                diesel::result::QueryResult::Ok(())
+            })
+        })
+        .await
+        .map_err(DatabaseError::from)?;
+
+        Ok(())
     }
 
     #[message]
@@ -271,3 +359,6 @@ impl EvmActor {
         Ok(signer.sign_transaction_sync(&mut transaction)?)
     }
 }
+
+#[cfg(test)]
+mod tests;

server/crates/arbiter-server/src/actors/evm/tests.rs

@@ -0,0 +1,283 @@
+use diesel::{ExpressionMethods as _, QueryDsl as _, dsl::insert_into};
+use diesel_async::RunQueryDsl;
+use kameo::actor::Spawn as _;
+
+use crate::{
+    actors::{evm::EvmActor, keyholder::KeyHolder},
+    db::{self, models, schema},
+};
+
+#[tokio::test]
+async fn delete_ether_grant_cleans_related_tables() {
+    let db = db::create_test_pool().await;
+    let keyholder = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
+    let mut actor = EvmActor::new(keyholder, db.clone());
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_id: i32 = insert_into(schema::evm_basic_grant::table)
+        .values(&models::NewEvmBasicGrant {
+            wallet_access_id: 1,
+            chain_id: 1,
+            valid_from: None,
+            valid_until: None,
+            max_gas_fee_per_gas: None,
+            max_priority_fee_per_gas: None,
+            rate_limit_count: None,
+            rate_limit_window_secs: None,
+            revoked_at: None,
+        })
+        .returning(schema::evm_basic_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    let limit_id: i32 = insert_into(schema::evm_ether_transfer_limit::table)
+        .values(&models::NewEvmEtherTransferLimit {
+            window_secs: 60,
+            max_volume: vec![1],
+        })
+        .returning(schema::evm_ether_transfer_limit::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    let ether_grant_id: i32 = insert_into(schema::evm_ether_transfer_grant::table)
+        .values(&models::NewEvmEtherTransferGrant {
+            basic_grant_id: basic_id,
+            limit_id,
+        })
+        .returning(schema::evm_ether_transfer_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_ether_transfer_grant_target::table)
+        .values(&models::NewEvmEtherTransferGrantTarget {
+            grant_id: ether_grant_id,
+            address: vec![0u8; 20],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_transaction_log::table)
+        .values(&models::NewEvmTransactionLog {
+            grant_id: basic_id,
+            wallet_access_id: 1,
+            chain_id: 1,
+            eth_value: vec![0],
+            signed_at: models::SqliteTimestamp::now(),
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::integrity_envelope::table)
+        .values(&models::NewIntegrityEnvelope {
+            entity_kind: "EtherTransfer".to_owned(),
+            entity_id: basic_id.to_be_bytes().to_vec(),
+            payload_version: 1,
+            key_version: 1,
+            mac: vec![0u8; 32],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    drop(conn);
+
+    actor.useragent_delete_grant(basic_id).await.unwrap();
+
+    // Idempotency: second delete should be a no-op.
+    actor.useragent_delete_grant(basic_id).await.unwrap();
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_count: i64 = schema::evm_basic_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(basic_count, 0);
+
+    let ether_grant_count: i64 = schema::evm_ether_transfer_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(ether_grant_count, 0);
+
+    let target_count: i64 = schema::evm_ether_transfer_grant_target::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(target_count, 0);
+
+    let limit_count: i64 = schema::evm_ether_transfer_limit::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(limit_count, 0);
+
+    let log_count: i64 = schema::evm_transaction_log::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(log_count, 0);
+
+    let envelope_count: i64 = schema::integrity_envelope::table
+        .filter(schema::integrity_envelope::entity_kind.eq("EtherTransfer"))
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(envelope_count, 0);
+}
+
+#[tokio::test]
+async fn delete_token_grant_cleans_related_tables() {
+    let db = db::create_test_pool().await;
+    let keyholder = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
+    let mut actor = EvmActor::new(keyholder, db.clone());
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_id: i32 = insert_into(schema::evm_basic_grant::table)
+        .values(&models::NewEvmBasicGrant {
+            wallet_access_id: 1,
+            chain_id: 1,
+            valid_from: None,
+            valid_until: None,
+            max_gas_fee_per_gas: None,
+            max_priority_fee_per_gas: None,
+            rate_limit_count: None,
+            rate_limit_window_secs: None,
+            revoked_at: None,
+        })
+        .returning(schema::evm_basic_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    let token_grant_id: i32 = insert_into(schema::evm_token_transfer_grant::table)
+        .values(&models::NewEvmTokenTransferGrant {
+            basic_grant_id: basic_id,
+            token_contract: vec![1u8; 20],
+            receiver: None,
+        })
+        .returning(schema::evm_token_transfer_grant::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_token_transfer_volume_limit::table)
+        .values(&models::NewEvmTokenTransferVolumeLimit {
+            grant_id: token_grant_id,
+            window_secs: 60,
+            max_volume: vec![1],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_token_transfer_volume_limit::table)
+        .values(&models::NewEvmTokenTransferVolumeLimit {
+            grant_id: token_grant_id,
+            window_secs: 3600,
+            max_volume: vec![2],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    let tx_log_id: i32 = insert_into(schema::evm_transaction_log::table)
+        .values(&models::NewEvmTransactionLog {
+            grant_id: basic_id,
+            wallet_access_id: 1,
+            chain_id: 1,
+            eth_value: vec![0],
+            signed_at: models::SqliteTimestamp::now(),
+        })
+        .returning(schema::evm_transaction_log::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::evm_token_transfer_log::table)
+        .values(&models::NewEvmTokenTransferLog {
+            grant_id: token_grant_id,
+            log_id: tx_log_id,
+            chain_id: 1,
+            token_contract: vec![1u8; 20],
+            recipient_address: vec![2u8; 20],
+            value: vec![3],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    insert_into(schema::integrity_envelope::table)
+        .values(&models::NewIntegrityEnvelope {
+            entity_kind: "TokenTransfer".to_owned(),
+            entity_id: basic_id.to_be_bytes().to_vec(),
+            payload_version: 1,
+            key_version: 1,
+            mac: vec![0u8; 32],
+        })
+        .execute(&mut conn)
+        .await
+        .unwrap();
+
+    drop(conn);
+
+    actor.useragent_delete_grant(basic_id).await.unwrap();
+
+    let mut conn = db.get().await.unwrap();
+
+    let basic_count: i64 = schema::evm_basic_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(basic_count, 0);
+
+    let token_grant_count: i64 = schema::evm_token_transfer_grant::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(token_grant_count, 0);
+
+    let token_limits_count: i64 = schema::evm_token_transfer_volume_limit::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(token_limits_count, 0);
+
+    let token_logs_count: i64 = schema::evm_token_transfer_log::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(token_logs_count, 0);
+
+    let tx_logs_count: i64 = schema::evm_transaction_log::table
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(tx_logs_count, 0);
+
+    let envelope_count: i64 = schema::integrity_envelope::table
+        .filter(schema::integrity_envelope::entity_kind.eq("TokenTransfer"))
+        .count()
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+    assert_eq!(envelope_count, 0);
+}

server/crates/arbiter-server/src/actors/user_agent/auth/state.rs

@@ -103,6 +103,7 @@ async fn verify_integrity(
     })?;
 
     Ok(())
+
 }
 
 async fn create_nonce(

server/crates/arbiter-server/src/actors/user_agent/mod.rs

@@ -1,23 +1,59 @@
 use crate::{
-    actors::{GlobalActors, client::ClientProfile},
+    actors::{GlobalActors, client::ClientProfile}, crypto::integrity::Integrable, db::{self, models::KeyType}
-    crypto::integrity::Integrable,
-    db::{self, models::KeyType},
 };
 
+fn serialize_ecdsa<S>(key: &k256::ecdsa::VerifyingKey, serializer: S) -> Result<S::Ok, S::Error>
+where
+    S: serde::Serializer,
+{
+    // Serialize as hex string for easier debugging (33 bytes compressed SEC1 format)
+    let key = key.to_encoded_point(true);
+    let bytes = key.as_bytes();
+    serializer.serialize_bytes(bytes)
+}
+
+fn deserialize_ecdsa<'de, D>(deserializer: D) -> Result<k256::ecdsa::VerifyingKey, D::Error>
+where
+    D: serde::Deserializer<'de>,
+{
+    struct EcdsaVisitor;
+
+    impl<'de> serde::de::Visitor<'de> for EcdsaVisitor {
+        type Value = k256::ecdsa::VerifyingKey;
+
+        fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
+            formatter.write_str("a compressed SEC1-encoded ECDSA public key")
+        }
+
+        fn visit_bytes<E>(self, v: &[u8]) -> Result<Self::Value, E>
+        where
+            E: serde::de::Error,
+        {
+            let point = k256::EncodedPoint::from_bytes(v)
+                .map_err(|_| E::custom("invalid compressed SEC1 format"))?;
+            k256::ecdsa::VerifyingKey::from_encoded_point(&point)
+                .map_err(|_| E::custom("invalid ECDSA public key"))
+        }
+    }
+
+    deserializer.deserialize_bytes(EcdsaVisitor)
+}
+
 /// Abstraction over Ed25519 / ECDSA-secp256k1 / RSA public keys used during the auth handshake.
-#[derive(Clone, Debug)]
+#[derive(Clone, Debug, Serialize)]
 pub enum AuthPublicKey {
     Ed25519(ed25519_dalek::VerifyingKey),
     /// Compressed SEC1 public key; signature bytes are raw 64-byte (r||s).
+    #[serde(serialize_with = "serialize_ecdsa", deserialize_with = "deserialize_ecdsa")]
     EcdsaSecp256k1(k256::ecdsa::VerifyingKey),
     /// RSA-2048+ public key (Windows Hello / KeyCredentialManager); signature bytes are PSS+SHA-256.
     Rsa(rsa::RsaPublicKey),
 }
 
-#[derive(Debug)]
+#[derive(Debug, Serialize)]
 pub struct UserAgentCredentials {
     pub pubkey: AuthPublicKey,
-    pub nonce: i32,
+    pub nonce: i32
 }
 
 impl Integrable for UserAgentCredentials {
@@ -102,19 +138,5 @@ pub mod auth;
 pub mod session;
 
 pub use auth::authenticate;
+use serde::Serialize;
 pub use session::UserAgentSession;
-
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for AuthPublicKey {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        hasher.update(&self.to_stored_bytes());
-    }
-}
-
-impl Hashable for UserAgentCredentials {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.pubkey.hash(hasher);
-        self.nonce.hash(hasher);
-    }
-}

server/crates/arbiter-server/src/crypto/integrity/v1.rs

@@ -1,7 +1,7 @@
-use crate::{
+use crate::{actors::keyholder, crypto::KeyCell,safe_cell::SafeCellHandle as _};
-    actors::keyholder, crypto::integrity::hashing::Hashable, safe_cell::SafeCellHandle as _,
+use chacha20poly1305::Key;
-};
 use hmac::{Hmac, Mac as _};
+use serde::Serialize;
 use sha2::Sha256;
 
 use diesel::{ExpressionMethods as _, QueryDsl, dsl::insert_into, sqlite::Sqlite};
@@ -9,8 +9,6 @@ use diesel_async::{AsyncConnection, RunQueryDsl};
 use kameo::{actor::ActorRef, error::SendError};
 use sha2::Digest as _;
 
-pub mod hashing;
-
 use crate::{
     actors::keyholder::{KeyHolder, SignIntegrity, VerifyIntegrity},
     db::{
@@ -45,6 +43,9 @@ pub enum Error {
 
     #[error("Integrity MAC mismatch for entity {entity_kind}")]
     MacMismatch { entity_kind: &'static str },
+
+    #[error("Payload serialization error: {0}")]
+    PayloadSerialization(#[from] postcard::Error),
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -58,15 +59,13 @@ pub const INTEGRITY_SUBKEY_TAG: &[u8] = b"arbiter/db-integrity-key/v1";
 
 pub type HmacSha256 = Hmac<Sha256>;
 
-pub trait Integrable: Hashable {
+pub trait Integrable: Serialize {
     const KIND: &'static str;
     const VERSION: i32 = 1;
 }
 
-fn payload_hash(payload: &impl Hashable) -> [u8; 32] {
+fn payload_hash(payload: &[u8]) -> [u8; 32] {
-    let mut hasher = Sha256::new();
+    Sha256::digest(payload).into()
-    payload.hash(&mut hasher);
-    hasher.finalize().into()
 }
 
 fn push_len_prefixed(out: &mut Vec<u8>, bytes: &[u8]) {
@@ -110,7 +109,8 @@ pub async fn sign_entity<E: Integrable>(
     entity: &E,
     entity_id: impl IntoId,
 ) -> Result<(), Error> {
-    let payload_hash = payload_hash(&entity);
+    let payload = postcard::to_stdvec(entity)?;
+    let payload_hash = payload_hash(&payload);
 
     let entity_id = entity_id.into_id();
 
@@ -162,9 +162,7 @@ pub async fn verify_entity<E: Integrable>(
         .first(conn)
         .await
         .map_err(|err| match err {
-            diesel::result::Error::NotFound => Error::MissingEnvelope {
+            diesel::result::Error::NotFound => Error::MissingEnvelope { entity_kind: E::KIND },
-                entity_kind: E::KIND,
-            },
             other => Error::Database(db::DatabaseError::from(other)),
         })?;
 
@@ -176,8 +174,14 @@ pub async fn verify_entity<E: Integrable>(
         });
     }
 
-    let payload_hash = payload_hash(&entity);
+    let payload = postcard::to_stdvec(entity)?;
-    let mac_input = build_mac_input(E::KIND, &entity_id, envelope.payload_version, &payload_hash);
+    let payload_hash = payload_hash(&payload);
+    let mac_input = build_mac_input(
+        E::KIND,
+        &entity_id,
+        envelope.payload_version,
+        &payload_hash,
+    );
 
     let result = keyholder
         .ask(VerifyIntegrity {
@@ -185,16 +189,13 @@ pub async fn verify_entity<E: Integrable>(
             expected_mac: envelope.mac,
             key_version: envelope.key_version,
         })
-        .await;
+        .await
+        ;
 
     match result {
         Ok(true) => Ok(AttestationStatus::Attested),
-        Ok(false) => Err(Error::MacMismatch {
+        Ok(false) => Err(Error::MacMismatch { entity_kind: E::KIND }),
-            entity_kind: E::KIND,
+        Err(SendError::HandlerError(keyholder::Error::NotBootstrapped)) => Ok(AttestationStatus::Unavailable),
-        }),
-        Err(SendError::HandlerError(keyholder::Error::NotBootstrapped)) => {
-            Ok(AttestationStatus::Unavailable)
-        }
         Err(_) => Err(Error::KeyholderSend),
     }
 }
@@ -204,10 +205,6 @@ mod tests {
     use diesel::{ExpressionMethods as _, QueryDsl};
     use diesel_async::RunQueryDsl;
     use kameo::{actor::ActorRef, prelude::Spawn};
-    use rand::seq::SliceRandom;
-    use sha2::Digest;
-
-    use proptest::prelude::*;
 
     use crate::{
         actors::keyholder::{Bootstrap, KeyHolder},
@@ -216,20 +213,13 @@ mod tests {
     };
 
     use super::{Error, Integrable, sign_entity, verify_entity};
-    use super::{hashing::Hashable, payload_hash};
 
-    #[derive(Clone)]
+    #[derive(Clone, serde::Serialize)]
     struct DummyEntity {
         payload_version: i32,
         payload: Vec<u8>,
     }
 
-    impl Hashable for DummyEntity {
-        fn hash<H: Digest>(&self, hasher: &mut H) {
-            self.payload_version.hash(hasher);
-            self.payload.hash(hasher);
-        }
-    }
     impl Integrable for DummyEntity {
         const KIND: &'static str = "dummy_entity";
     }
@@ -258,9 +248,7 @@ mod tests {
             payload: b"payload-v1".to_vec(),
         };
 
-        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
-            .await
-            .unwrap();
 
         let count: i64 = schema::integrity_envelope::table
             .filter(schema::integrity_envelope::entity_kind.eq("dummy_entity"))
@@ -271,9 +259,7 @@ mod tests {
             .unwrap();
 
         assert_eq!(count, 1, "envelope row must be created exactly once");
-        verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
-            .await
-            .unwrap();
     }
 
     #[tokio::test]
@@ -289,9 +275,7 @@ mod tests {
             payload: b"payload-v1".to_vec(),
         };
 
-        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
-            .await
-            .unwrap();
 
         diesel::update(schema::integrity_envelope::table)
             .filter(schema::integrity_envelope::entity_kind.eq("dummy_entity"))
@@ -320,9 +304,7 @@ mod tests {
             payload: b"payload-v1".to_vec(),
         };
 
-        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
-            .await
-            .unwrap();
 
         let tampered = DummyEntity {
             payload: b"payload-v1-but-tampered".to_vec(),

server/crates/arbiter-server/src/crypto/integrity/v1/hashing.rs

@@ -1,107 +0,0 @@
-use hmac::digest::Digest;
-use std::collections::HashSet;
-
-/// Deterministically hash a value by feeding its fields into the hasher in a consistent order.
-pub trait Hashable {
-    fn hash<H: Digest>(&self, hasher: &mut H);
-}
-
-macro_rules! impl_numeric {
-($($t:ty),*) => {
-    $(
-        impl Hashable for $t {
-            fn hash<H: Digest>(&self, hasher: &mut H) {
-                hasher.update(&self.to_be_bytes());
-            }
-        }
-    )*
-};
-}
-
-impl_numeric!(u8, u16, u32, u64, i8, i16, i32, i64);
-
-impl Hashable for &[u8] {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self);
-    }
-}
-
-impl Hashable for String {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.as_bytes());
-    }
-}
-
-impl<T: Hashable + PartialOrd> Hashable for Vec<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        let ref_sorted = {
-            let mut sorted = self.iter().collect::<Vec<_>>();
-            sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
-            sorted
-        };
-        for item in ref_sorted {
-            item.hash(hasher);
-        }
-    }
-}
-
-impl<T: Hashable + PartialOrd> Hashable for HashSet<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        let ref_sorted = {
-            let mut sorted = self.iter().collect::<Vec<_>>();
-            sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
-            sorted
-        };
-        for item in ref_sorted {
-            item.hash(hasher);
-        }
-    }
-}
-
-impl<T: Hashable> Hashable for Option<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        match self {
-            Some(value) => {
-                hasher.update(&[1]);
-                value.hash(hasher);
-            }
-            None => hasher.update(&[0]),
-        }
-    }
-}
-
-impl<T: Hashable> Hashable for Box<T> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        self.as_ref().hash(hasher);
-    }
-}
-
-impl<T: Hashable> Hashable for &T {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        (*self).hash(hasher);
-    }
-}
-
-impl Hashable for alloy::primitives::Address {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.as_slice());
-    }
-}
-
-impl Hashable for alloy::primitives::U256 {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(self.to_be_bytes::<32>());
-    }
-}
-
-impl Hashable for chrono::Duration {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(&self.num_seconds().to_be_bytes());
-    }
-}
-
-impl Hashable for chrono::DateTime<chrono::Utc> {
-    fn hash<H: Digest>(&self, hasher: &mut H) {
-        hasher.update(&self.timestamp_millis().to_be_bytes());
-    }
-}

server/crates/arbiter-server/src/crypto/mod.rs

@@ -102,21 +102,11 @@ impl KeyCell {
     }
 }
 
+/// User password might be of different length, have not enough entropy, etc...
 /// Derive a fixed-length key from the password using Argon2id, which is designed for password hashing and key derivation.
 pub fn derive_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell {
-    let params = {
-        #[cfg(debug_assertions)]
-        {
-            argon2::Params::new(8, 1, 1, None).unwrap()
-        }
-
-        #[cfg(not(debug_assertions))]
-        {
-            argon2::Params::new(262_144, 3, 4, None).unwrap()
-        }
-    };
-
     #[allow(clippy::unwrap_used)]
+    let params = argon2::Params::new(262_144, 3, 4, None).unwrap();
     let hasher = Argon2::new(Algorithm::Argon2id, argon2::Version::V0x13, params);
     let mut key = SafeCell::new(Key::default());
     password.read_inline(|password_source| {

server/crates/arbiter-server/src/db/mod.rs

@@ -133,7 +133,6 @@ pub async fn create_pool(url: Option<&str>) -> Result<DatabasePool, DatabaseSetu
     Ok(pool)
 }
 
-#[mutants::skip]
 pub async fn create_test_pool() -> DatabasePool {
     use rand::distr::{Alphanumeric, SampleString as _};
 

server/crates/arbiter-server/src/evm/mod.rs

@@ -21,8 +21,8 @@ use crate::{
         schema::{self, evm_transaction_log},
     },
     evm::policies::{
-        CombinedSettings, DatabaseID, EvalContext, EvalViolation, Grant, Policy,
+        DatabaseID, EvalContext, EvalViolation, Grant, Policy, CombinedSettings, SharedGrantSettings,
-        SharedGrantSettings, SpecificGrant, SpecificMeaning, ether_transfer::EtherTransfer,
+        SpecificGrant, SpecificMeaning, ether_transfer::EtherTransfer,
         token_transfers::TokenTransfer,
     },
 };
@@ -90,14 +90,6 @@ async fn check_shared_constraints(
     let mut violations = Vec::new();
     let now = Utc::now();
 
-    if shared.chain != context.chain {
-        violations.push(EvalViolation::MismatchingChainId {
-            expected: shared.chain,
-            actual: context.chain,
-        });
-        return Ok(violations);
-    }
-
     // Validity window
     if shared.valid_from.is_some_and(|t| now < t) || shared.valid_until.is_some_and(|t| now > t) {
         violations.push(EvalViolation::InvalidTime);
@@ -258,7 +250,12 @@ impl Engine {
 
                     P::create_grant(&basic_grant, &full_grant.specific, conn).await?;
 
-                    integrity::sign_entity(conn, &keyholder, &full_grant, basic_grant.id)
+                    integrity::sign_entity(
+                        conn,
+                        &keyholder,
+                        &full_grant,
+                    basic_grant.id,
+                    )
                     .await
                     .map_err(|_| diesel::result::Error::RollbackTransaction)?;
 
@@ -345,255 +342,3 @@ impl Engine {
         Err(VetError::UnsupportedTransactionType)
     }
 }
-
-#[cfg(test)]
-mod tests {
-    use alloy::primitives::{Address, Bytes, U256, address};
-    use chrono::{Duration, Utc};
-    use diesel::{SelectableHelper, insert_into};
-    use diesel_async::RunQueryDsl;
-    use rstest::rstest;
-
-    use crate::db::{
-        self, DatabaseConnection,
-        models::{
-            EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp,
-        },
-        schema::{evm_basic_grant, evm_transaction_log},
-    };
-    use crate::evm::policies::{
-        EvalContext, EvalViolation, SharedGrantSettings, TransactionRateLimit,
-    };
-
-    use super::check_shared_constraints;
-
-    const WALLET_ACCESS_ID: i32 = 1;
-    const CHAIN_ID: u64 = 1;
-    const RECIPIENT: Address = address!("1111111111111111111111111111111111111111");
-
-    fn context() -> EvalContext {
-        EvalContext {
-            target: EvmWalletAccess {
-                id: WALLET_ACCESS_ID,
-                wallet_id: 10,
-                client_id: 20,
-                created_at: SqliteTimestamp(Utc::now()),
-            },
-            chain: CHAIN_ID,
-            to: RECIPIENT,
-            value: U256::ZERO,
-            calldata: Bytes::new(),
-            max_fee_per_gas: 100,
-            max_priority_fee_per_gas: 10,
-        }
-    }
-
-    fn shared_settings() -> SharedGrantSettings {
-        SharedGrantSettings {
-            wallet_access_id: WALLET_ACCESS_ID,
-            chain: CHAIN_ID,
-            valid_from: None,
-            valid_until: None,
-            max_gas_fee_per_gas: None,
-            max_priority_fee_per_gas: None,
-            rate_limit: None,
-        }
-    }
-
-    async fn insert_basic_grant(
-        conn: &mut DatabaseConnection,
-        shared: &SharedGrantSettings,
-    ) -> EvmBasicGrant {
-        insert_into(evm_basic_grant::table)
-            .values(NewEvmBasicGrant {
-                wallet_access_id: shared.wallet_access_id,
-                chain_id: shared.chain as i32,
-                valid_from: shared.valid_from.map(SqliteTimestamp),
-                valid_until: shared.valid_until.map(SqliteTimestamp),
-                max_gas_fee_per_gas: shared
-                    .max_gas_fee_per_gas
-                    .map(|fee| super::utils::u256_to_bytes(fee).to_vec()),
-                max_priority_fee_per_gas: shared
-                    .max_priority_fee_per_gas
-                    .map(|fee| super::utils::u256_to_bytes(fee).to_vec()),
-                rate_limit_count: shared.rate_limit.as_ref().map(|limit| limit.count as i32),
-                rate_limit_window_secs: shared
-                    .rate_limit
-                    .as_ref()
-                    .map(|limit| limit.window.num_seconds() as i32),
-                revoked_at: None,
-            })
-            .returning(EvmBasicGrant::as_select())
-            .get_result(conn)
-            .await
-            .unwrap()
-    }
-
-    #[rstest]
-    #[case::matching_chain(CHAIN_ID, false)]
-    #[case::mismatching_chain(CHAIN_ID + 1, true)]
-    #[tokio::test]
-    async fn check_shared_constraints_enforces_chain_id(
-        #[case] context_chain: u64,
-        #[case] expect_mismatch: bool,
-    ) {
-        let db = db::create_test_pool().await;
-        let mut conn = db.get().await.unwrap();
-
-        let context = EvalContext {
-            chain: context_chain,
-            ..context()
-        };
-
-        let violations = check_shared_constraints(&context, &shared_settings(), 999, &mut *conn)
-            .await
-            .unwrap();
-
-        assert_eq!(
-            violations
-                .iter()
-                .any(|violation| matches!(violation, EvalViolation::MismatchingChainId { .. })),
-            expect_mismatch
-        );
-
-        if expect_mismatch {
-            assert_eq!(violations.len(), 1);
-        } else {
-            assert!(violations.is_empty());
-        }
-    }
-
-    #[rstest]
-    #[case::valid_from_in_bounds(Some(Utc::now() - Duration::hours(1)), None, false)]
-    #[case::valid_from_out_of_bounds(Some(Utc::now() + Duration::hours(1)), None, true)]
-    #[case::valid_until_in_bounds(None, Some(Utc::now() + Duration::hours(1)), false)]
-    #[case::valid_until_out_of_bounds(None, Some(Utc::now() - Duration::hours(1)), true)]
-    #[tokio::test]
-    async fn check_shared_constraints_enforces_validity_window(
-        #[case] valid_from: Option<chrono::DateTime<Utc>>,
-        #[case] valid_until: Option<chrono::DateTime<Utc>>,
-        #[case] expect_invalid_time: bool,
-    ) {
-        let db = db::create_test_pool().await;
-        let mut conn = db.get().await.unwrap();
-
-        let shared = SharedGrantSettings {
-            valid_from,
-            valid_until,
-            ..shared_settings()
-        };
-
-        let violations = check_shared_constraints(&context(), &shared, 999, &mut *conn)
-            .await
-            .unwrap();
-
-        assert_eq!(
-            violations
-                .iter()
-                .any(|violation| matches!(violation, EvalViolation::InvalidTime)),
-            expect_invalid_time
-        );
-
-        if expect_invalid_time {
-            assert_eq!(violations.len(), 1);
-        } else {
-            assert!(violations.is_empty());
-        }
-    }
-
-    #[rstest]
-    #[case::max_fee_within_limit(Some(U256::from(100u64)), None, 100, 10, false)]
-    #[case::max_fee_exceeded(Some(U256::from(99u64)), None, 100, 10, true)]
-    #[case::priority_fee_within_limit(None, Some(U256::from(10u64)), 100, 10, false)]
-    #[case::priority_fee_exceeded(None, Some(U256::from(9u64)), 100, 10, true)]
-    #[tokio::test]
-    async fn check_shared_constraints_enforces_gas_fee_caps(
-        #[case] max_gas_fee_per_gas: Option<U256>,
-        #[case] max_priority_fee_per_gas: Option<U256>,
-        #[case] actual_max_fee_per_gas: u128,
-        #[case] actual_max_priority_fee_per_gas: u128,
-        #[case] expect_gas_limit_violation: bool,
-    ) {
-        let db = db::create_test_pool().await;
-        let mut conn = db.get().await.unwrap();
-
-        let context = EvalContext {
-            max_fee_per_gas: actual_max_fee_per_gas,
-            max_priority_fee_per_gas: actual_max_priority_fee_per_gas,
-            ..context()
-        };
-
-        let shared = SharedGrantSettings {
-            max_gas_fee_per_gas,
-            max_priority_fee_per_gas,
-            ..shared_settings()
-        };
-        let violations = check_shared_constraints(&context, &shared, 999, &mut *conn)
-            .await
-            .unwrap();
-
-        assert_eq!(
-            violations
-                .iter()
-                .any(|violation| matches!(violation, EvalViolation::GasLimitExceeded { .. })),
-            expect_gas_limit_violation
-        );
-
-        if expect_gas_limit_violation {
-            assert_eq!(violations.len(), 1);
-        } else {
-            assert!(violations.is_empty());
-        }
-    }
-
-    #[rstest]
-    #[case::under_rate_limit(2, false)]
-    #[case::at_rate_limit(1, true)]
-    #[tokio::test]
-    async fn check_shared_constraints_enforces_rate_limit(
-        #[case] rate_limit_count: u32,
-        #[case] expect_rate_limit_violation: bool,
-    ) {
-        let db = db::create_test_pool().await;
-        let mut conn = db.get().await.unwrap();
-
-        let shared = SharedGrantSettings {
-            rate_limit: Some(TransactionRateLimit {
-                count: rate_limit_count,
-                window: Duration::hours(1),
-            }),
-            ..shared_settings()
-        };
-
-        let basic_grant = insert_basic_grant(&mut conn, &shared).await;
-
-        insert_into(evm_transaction_log::table)
-            .values(NewEvmTransactionLog {
-                grant_id: basic_grant.id,
-                wallet_access_id: WALLET_ACCESS_ID,
-                chain_id: CHAIN_ID as i32,
-                eth_value: super::utils::u256_to_bytes(U256::ZERO).to_vec(),
-                signed_at: SqliteTimestamp(Utc::now()),
-            })
-            .execute(&mut *conn)
-            .await
-            .unwrap();
-
-        let violations = check_shared_constraints(&context(), &shared, basic_grant.id, &mut *conn)
-            .await
-            .unwrap();
-
-        assert_eq!(
-            violations
-                .iter()
-                .any(|violation| matches!(violation, EvalViolation::RateLimitExceeded)),
-            expect_rate_limit_violation
-        );
-
-        if expect_rate_limit_violation {
-            assert_eq!(violations.len(), 1);
-        } else {
-            assert!(violations.is_empty());
-        }
-    }
-}

server/crates/arbiter-server/src/evm/policies.rs

@@ -7,12 +7,11 @@ use diesel::{
 };
 use diesel_async::{AsyncConnection, RunQueryDsl};
 
+use serde::Serialize;
 use thiserror::Error;
 
 use crate::{
-    crypto::integrity::v1::Integrable,
+    crypto::integrity::v1::Integrable, db::models::{self, EvmBasicGrant, EvmWalletAccess}, evm::utils
-    db::models::{self, EvmBasicGrant, EvmWalletAccess},
-    evm::utils,
 };
 
 pub mod ether_transfer;
@@ -56,14 +55,11 @@ pub enum EvalViolation {
 
     #[error("Transaction type is not allowed by this grant")]
     InvalidTransactionType,
-
-    #[error("Mismatching chain ID")]
-    MismatchingChainId { expected: ChainId, actual: ChainId },
 }
 
 pub type DatabaseID = i32;
 
-#[derive(Debug)]
+#[derive(Debug, Serialize)]
 pub struct Grant<PolicySettings> {
     pub id: DatabaseID,
     pub common_settings_id: DatabaseID, // ID of the basic grant for shared-logic checks like rate limits and validity periods
@@ -127,19 +123,19 @@ pub enum SpecificMeaning {
     TokenTransfer(token_transfers::Meaning),
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
 pub struct TransactionRateLimit {
     pub count: u32,
     pub window: Duration,
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
 pub struct VolumeRateLimit {
     pub max_volume: U256,
     pub window: Duration,
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
 pub struct SharedGrantSettings {
     pub wallet_access_id: i32,
     pub chain: ChainId,
@@ -200,7 +196,7 @@ pub enum SpecificGrant {
     TokenTransfer(token_transfers::Settings),
 }
 
-#[derive(Debug)]
+#[derive(Debug, Serialize)]
 pub struct CombinedSettings<PolicyGrant> {
     pub shared: SharedGrantSettings,
     pub specific: PolicyGrant,
@@ -220,37 +216,3 @@ impl<P: Integrable> Integrable for CombinedSettings<P> {
     const VERSION: i32 = P::VERSION;
 }
 
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for TransactionRateLimit {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.count.hash(hasher);
-        self.window.hash(hasher);
-    }
-}
-
-impl Hashable for VolumeRateLimit {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.max_volume.hash(hasher);
-        self.window.hash(hasher);
-    }
-}
-
-impl Hashable for SharedGrantSettings {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.wallet_access_id.hash(hasher);
-        self.chain.hash(hasher);
-        self.valid_from.hash(hasher);
-        self.valid_until.hash(hasher);
-        self.max_gas_fee_per_gas.hash(hasher);
-        self.max_priority_fee_per_gas.hash(hasher);
-        self.rate_limit.hash(hasher);
-    }
-}
-
-impl<P: Hashable> Hashable for CombinedSettings<P> {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.shared.hash(hasher);
-        self.specific.hash(hasher);
-    }
-}

server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs

@@ -52,7 +52,7 @@ impl From<Meaning> for SpecificMeaning {
 }
 
 // A grant for ether transfers, which can be scoped to specific target addresses and volume limits
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, serde::Serialize)]
 pub struct Settings {
     pub target: Vec<Address>,
     pub limit: VolumeRateLimit,
@@ -61,15 +61,6 @@ impl Integrable for Settings {
     const KIND: &'static str = "EtherTransfer";
 }
 
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for Settings {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.target.hash(hasher);
-        self.limit.hash(hasher);
-    }
-}
-
 impl From<Settings> for SpecificGrant {
     fn from(val: Settings) -> SpecificGrant {
         SpecificGrant::EtherTransfer(val)

server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs

@@ -84,6 +84,8 @@ fn shared() -> SharedGrantSettings {
     }
 }
 
+// ── analyze ─────────────────────────────────────────────────────────────
+
 #[test]
 fn analyze_matches_empty_calldata() {
     let m = EtherTransfer::analyze(&ctx(ALLOWED, U256::from(1_000u64))).unwrap();
@@ -100,6 +102,8 @@ fn analyze_rejects_nonempty_calldata() {
     assert!(EtherTransfer::analyze(&context).is_none());
 }
 
+// ── evaluate ────────────────────────────────────────────────────────────
+
 #[tokio::test]
 async fn evaluate_passes_for_allowed_target() {
     let db = db::create_test_pool().await;
@@ -272,6 +276,8 @@ async fn evaluate_passes_at_exactly_volume_limit() {
     );
 }
 
+// ── try_find_grant ───────────────────────────────────────────────────────
+
 #[tokio::test]
 async fn try_find_grant_roundtrip() {
     let db = db::create_test_pool().await;
@@ -330,36 +336,7 @@ async fn try_find_grant_wrong_target_returns_none() {
     assert!(found.is_none());
 }
 
-proptest::proptest! {
+// ── find_all_grants ──────────────────────────────────────────────────────
-    #[test]
-    fn target_order_does_not_affect_hash(
-        raw_addrs in proptest::collection::vec(proptest::prelude::any::<[u8; 20]>(), 0..8),
-        seed in proptest::prelude::any::<u64>(),
-        max_volume in proptest::prelude::any::<u64>(),
-        window_secs in 1i64..=86400,
-    ) {
-        use rand::{SeedableRng, seq::SliceRandom};
-        use sha2::Digest;
-        use crate::crypto::integrity::hashing::Hashable;
-
-        let addrs: Vec<Address> = raw_addrs.iter().map(|b| Address::from(*b)).collect();
-        let mut shuffled = addrs.clone();
-        shuffled.shuffle(&mut rand::rngs::StdRng::seed_from_u64(seed));
-
-        let limit = VolumeRateLimit {
-            max_volume: U256::from(max_volume),
-            window: Duration::seconds(window_secs),
-        };
-
-        let mut h1 = sha2::Sha256::new();
-        Settings { target: addrs, limit: limit.clone() }.hash(&mut h1);
-
-        let mut h2 = sha2::Sha256::new();
-        Settings { target: shuffled, limit }.hash(&mut h2);
-
-        proptest::prop_assert_eq!(h1.finalize(), h2.finalize());
-    }
-}
 
 #[tokio::test]
 async fn find_all_grants_empty_db() {

server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs

@@ -1,5 +1,17 @@
 use std::collections::HashMap;
 
+use alloy::{
+    primitives::{Address, U256},
+    sol_types::SolCall,
+};
+use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo};
+use chrono::{DateTime, Duration, Utc};
+use diesel::dsl::{auto_type, insert_into};
+use diesel::sqlite::Sqlite;
+use diesel::{ExpressionMethods, prelude::*};
+use diesel_async::{AsyncConnection, RunQueryDsl};
+use serde::Serialize;
+
 use crate::db::schema::{
     evm_basic_grant, evm_token_transfer_grant, evm_token_transfer_log,
     evm_token_transfer_volume_limit,
@@ -20,16 +32,6 @@ use crate::{
     },
     evm::policies::CombinedSettings,
 };
-use alloy::{
-    primitives::{Address, U256},
-    sol_types::SolCall,
-};
-use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo};
-use chrono::{DateTime, Duration, Utc};
-use diesel::dsl::{auto_type, insert_into};
-use diesel::sqlite::Sqlite;
-use diesel::{ExpressionMethods, prelude::*};
-use diesel_async::{AsyncConnection, RunQueryDsl};
 
 use super::{DatabaseID, EvalContext, EvalViolation};
 
@@ -62,7 +64,7 @@ impl From<Meaning> for SpecificMeaning {
 }
 
 // A grant for token transfers, which can be scoped to specific target addresses and volume limits
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, Serialize)]
 pub struct Settings {
     pub token_contract: Address,
     pub target: Option<Address>,
@@ -71,17 +73,6 @@ pub struct Settings {
 impl Integrable for Settings {
     const KIND: &'static str = "TokenTransfer";
 }
-
-use crate::crypto::integrity::hashing::Hashable;
-
-impl Hashable for Settings {
-    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
-        self.token_contract.hash(hasher);
-        self.target.hash(hasher);
-        self.volume_limits.hash(hasher);
-    }
-}
-
 impl From<Settings> for SpecificGrant {
     fn from(val: Settings) -> SpecificGrant {
         SpecificGrant::TokenTransfer(val)

server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs

@@ -101,6 +101,8 @@ fn shared() -> SharedGrantSettings {
     }
 }
 
+// ── analyze ─────────────────────────────────────────────────────────────
+
 #[test]
 fn analyze_known_token_valid_calldata() {
     let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
@@ -126,6 +128,8 @@ fn analyze_empty_calldata_returns_none() {
     assert!(TokenTransfer::analyze(&ctx(DAI, Bytes::new())).is_none());
 }
 
+// ── evaluate ────────────────────────────────────────────────────────────
+
 #[tokio::test]
 async fn evaluate_rejects_nonzero_eth_value() {
     let db = db::create_test_pool().await;
@@ -408,39 +412,7 @@ async fn try_find_grant_unknown_token_returns_none() {
     assert!(found.is_none());
 }
 
-proptest::proptest! {
+// ── find_all_grants ──────────────────────────────────────────────────────
-    #[test]
-    fn volume_limits_order_does_not_affect_hash(
-        raw_limits in proptest::collection::vec(
-            (proptest::prelude::any::<u64>(), 1i64..=86400),
-            0..8,
-        ),
-        seed in proptest::prelude::any::<u64>(),
-    ) {
-        use rand::{SeedableRng, seq::SliceRandom};
-        use sha2::Digest;
-        use crate::crypto::integrity::hashing::Hashable;
-
-        let limits: Vec<VolumeRateLimit> = raw_limits
-            .iter()
-            .map(|(max_vol, window_secs)| VolumeRateLimit {
-                max_volume: U256::from(*max_vol),
-                window: Duration::seconds(*window_secs),
-            })
-            .collect();
-
-        let mut shuffled = limits.clone();
-        shuffled.shuffle(&mut rand::rngs::StdRng::seed_from_u64(seed));
-
-        let mut h1 = sha2::Sha256::new();
-        Settings { token_contract: DAI, target: None, volume_limits: limits }.hash(&mut h1);
-
-        let mut h2 = sha2::Sha256::new();
-        Settings { token_contract: DAI, target: None, volume_limits: shuffled }.hash(&mut h2);
-
-        proptest::prop_assert_eq!(h1.finalize(), h2.finalize());
-    }
-}
 
 #[tokio::test]
 async fn find_all_grants_empty_db() {

server/crates/arbiter-server/src/grpc/common/outbound.rs

@@ -8,7 +8,7 @@ use arbiter_proto::proto::{
         EvalViolation as ProtoEvalViolation, GasLimitExceededViolation, NoMatchingGrantError,
         PolicyViolationsError, SpecificMeaning as ProtoSpecificMeaning,
         TokenInfo as ProtoTokenInfo, TransactionEvalError as ProtoTransactionEvalError,
-        eval_violation as proto_eval_violation, eval_violation::Kind as ProtoEvalViolationKind,
+        eval_violation::Kind as ProtoEvalViolationKind,
         specific_meaning::Meaning as ProtoSpecificMeaningKind,
         transaction_eval_error::Kind as ProtoTransactionEvalErrorKind,
     },
@@ -79,12 +79,6 @@ impl Convert for EvalViolation {
             EvalViolation::InvalidTransactionType => {
                 ProtoEvalViolationKind::InvalidTransactionType(())
             }
-            EvalViolation::MismatchingChainId { expected, actual } => {
-                ProtoEvalViolationKind::ChainIdMismatch(proto_eval_violation::ChainIdMismatch {
-                    expected,
-                    actual,
-                })
-            }
         };
 
         ProtoEvalViolation { kind: Some(kind) }

server/crates/arbiter-server/src/main.rs

@@ -10,7 +10,6 @@ use tracing::info;
 const PORT: u16 = 50051;
 
 #[tokio::main]
-#[mutants::skip]
 async fn main() -> anyhow::Result<()> {
     aws_lc_rs::default_provider().install_default().unwrap();