Add account key metadata utility functions to FVM pkgs

[fxamacker]

Updates #8314 #7573

This PR copies account public key metadata utility functions from migrations package to FVM packages.

These functions are used in validation programs (to check storage) and also used in unit tests for decoding and parsing.

Also, this PR refactors NewKeyMetadataAppenderFromBytes() function to extract some code to functions for reuse.

Summary by CodeRabbit

• New Features

  • Added utilities to decode account key metadata components (weights, revocation flags, key-index mappings, and digest lists) and to decode batched public keys from binary payloads
  • Added a high-level metadata decoder to extract and validate all key metadata components end-to-end

• Tests

  • Expanded test coverage for all decoding paths, including single- and multi-batch scenarios and end-to-end metadata round-trips

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds exported decoders and supporting parsing for account key metadata and batched public keys in the FVM environment: DecodeWeightAndRevokedStatuses, DecodeMappings, DecodeDigests, DecodeKeyMetadata, and DecodeBatchPublicKeys, plus associated tests and refactored internal parsing.

Changes

Cohort / File(s)	Summary
Digest decoding fvm/environment/account-key-metadata/digest.go, fvm/environment/account-key-metadata/digest_test.go	Added DecodeDigests([]byte) ([]uint64, error) to parse fixed-size big-endian digests with length validation; tests cover nil/empty, truncated, and valid cases.
Mapping decoding fvm/environment/account-key-metadata/key_index_mapping_group.go, fvm/environment/account-key-metadata/key_index_mapping_group_test.go	Added DecodeMappings([]byte) ([]uint32, error) to decode mapping groups (consecutive and non-consecutive runs); tests refactored for round-trip encoding/decoding and per-index verification.
Weight & revoked status decoding fvm/environment/account-key-metadata/weight_and_revoked_group.go, fvm/environment/account-key-metadata/weight_and_revoked_group_test.go	Added exported WeightAndRevokedStatus{Weight uint16; Revoked bool} and DecodeWeightAndRevokedStatuses([]byte) ([]WeightAndRevokedStatus, error) with run-length expansion; tests updated to use exported type and decoding validation.
Key metadata decoding & parsing fvm/environment/account-key-metadata/metadata.go, fvm/environment/account-key-metadata/metadata_test.go	Extracted parsing into parseKeyMetadata and added DecodeKeyMetadata([]byte, bool) to produce structured weight/status, mapping, and digest outputs; tests added for deduplicated and non-deduplicated flows.
Batch public key decoding fvm/environment/account_public_key_util.go, fvm/environment/account_public_key_util_test.go	Added DecodeBatchPublicKeys([]byte) ([][]byte, error) to decode size-prefixed batch public keys; tests adjusted to return encoded batch payloads and verify decoded key slices.

Sequence Diagram(s)

(omitted — changes are library decoding utilities without multi-component sequential interactions)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• Remove account public key migration and add reuseable functions to FVM #8314: Matches the objective to add reusable FVM utility decoders for account key metadata and batched public keys.

Suggested reviewers

• peterargue
• vishalchangrani

Poem

🐰 Hooray, I hop to parse the bytes,
I split digests, mappings, and weights in flights,
Batch keys unfurled, statuses clear,
Decoders stitched with testing cheer,
A little rabbit clap for coder delights! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding account key metadata utility functions to FVM packages, which is reflected across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7735f68 and 625c480.

📒 Files selected for processing (2)

• fvm/environment/account-key-metadata/digest_test.go
• fvm/environment/account_public_key_util.go

🚧 Files skipped from review as they are similar to previous changes (2)

• fvm/environment/account_public_key_util.go
• fvm/environment/account-key-metadata/digest_test.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (33)

• GitHub Check: Lint (./)
• GitHub Check: Lint (./insecure/)
• GitHub Check: Lint (./integration/)
• GitHub Check: Unit Tests (engine/common)
• GitHub Check: Unit Tests (utils)
• GitHub Check: Unit Tests (module/dkg)
• GitHub Check: Unit Tests (engine/execution/computation)
• GitHub Check: Unit Tests (engine/execution)
• GitHub Check: Unit Tests (engine)
• GitHub Check: Unit Tests (engine/collection)
• GitHub Check: Unit Tests (network/test/cohort2)
• GitHub Check: Unit Tests (network/p2p/scoring)
• GitHub Check: Unit Tests (network/p2p)
• GitHub Check: Unit Tests (network/p2p/connection)
• GitHub Check: Unit Tests (network)
• GitHub Check: Unit Tests (module)
• GitHub Check: Unit Tests (fvm)
• GitHub Check: Unit Tests (state)
• GitHub Check: Unit Tests (ledger)
• GitHub Check: Unit Tests (network/test/cohort1)
• GitHub Check: Unit Tests (others)
• GitHub Check: Unit Tests (network/alsp)
• GitHub Check: Unit Tests (engine/verification)
• GitHub Check: Unit Tests (engine/consensus)
• GitHub Check: Unit Tests (cmd)
• GitHub Check: Unit Tests (storage)
• GitHub Check: Unit Tests (admin)
• GitHub Check: Unit Tests (engine/access)
• GitHub Check: Unit Tests (consensus)
• GitHub Check: Unit Tests (engine/execution/ingestion)
• GitHub Check: Integration Tests Others (integration)
• GitHub Check: Docker Build
• GitHub Check: analyze-code (go)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 57.26496% with 50 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
fvm/environment/account-key-metadata/metadata.go	51.16%	15 Missing and 6 partials ⚠️
fvm/environment/account_public_key_util.go	37.03%	14 Missing and 3 partials ⚠️
...nt/account-key-metadata/key_index_mapping_group.go	66.66%	5 Missing and 1 partial ⚠️
...t/account-key-metadata/weight_and_revoked_group.go	64.70%	5 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @fvm/environment/account_public_key_util.go:
- Line 391: Fix the typo in the error message string used when extra bytes
remain in batch public key parsing: change "batch public key data has trailiing
data (%d bytes): %x" to "batch public key data has trailing data (%d bytes): %x"
in the code that constructs the error (the string literal used in the error
return/log inside the batch public key parsing function).

In @fvm/environment/account-key-metadata/digest_test.go:
- Around line 137-141: Update the test case name string currently set to "1
digests" to the correct singular form "1 digest" in the test table entry (the
struct with fields name: "1 digests", encodedDigests: []byte{0,0,0,0,0,0,0,1},
digests: []uint64{1}); simply change the name field value to "1 digest" so the
test description is grammatically correct.

🧹 Nitpick comments (2)

fvm/environment/account_public_key_util.go (1)

359-398: Consider refactoring getRawStoredPublicKey to use DecodeBatchPublicKeys.

The decoding logic in DecodeBatchPublicKeys (lines 368-385) duplicates similar logic in getRawStoredPublicKey (lines 263-280). Now that DecodeBatchPublicKeys is exported, getRawStoredPublicKey could potentially call it to decode the batch and then select the key at the desired index, reducing duplication.

♻️ Example refactor

In getRawStoredPublicKey, after retrieving the batch register value (line 254-262), you could replace the inline decoding loop (lines 263-280) with:

encodedKeys, err := DecodeBatchPublicKeys(b)
if err != nil {
	return nil, err
}

if keyIndexInBatch >= uint32(len(encodedKeys)) {
	return nil, errors.NewStoredPublicKeyNotFoundError(
		fmt.Sprintf("%s register doesn't have key at index %d", batchRegisterKey, keyIndexInBatch),
		address,
		storedKeyIndex)
}

return slices.Clone(encodedKeys[keyIndexInBatch]), nil

fvm/environment/account-key-metadata/digest_test.go (1)

152-161: Consider skipping the equality assertion when an error is expected.

When tc.hasError is true, the test still asserts require.Equal(t, tc.digests, decoded) on line 160. While this works (both are nil), it's cleaner to either:

1. Skip the assertion when an error is expected, or
2. Explicitly set digests: nil in the error test case for clarity.

♻️ Suggested improvement

 		t.Run(tc.name, func(t *testing.T) {
 			decoded, err := DecodeDigests(tc.encodedDigests)
 			if tc.hasError {
 				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
+				return
 			}
+			require.NoError(t, err)
 			require.Equal(t, tc.digests, decoded)
 		})

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cc98a15 and 7735f68.

📒 Files selected for processing (10)

• fvm/environment/account-key-metadata/digest.go
• fvm/environment/account-key-metadata/digest_test.go
• fvm/environment/account-key-metadata/key_index_mapping_group.go
• fvm/environment/account-key-metadata/key_index_mapping_group_test.go
• fvm/environment/account-key-metadata/metadata.go
• fvm/environment/account-key-metadata/metadata_test.go
• fvm/environment/account-key-metadata/weight_and_revoked_group.go
• fvm/environment/account-key-metadata/weight_and_revoked_group_test.go
• fvm/environment/account_public_key_util.go
• fvm/environment/account_public_key_util_test.go

🧰 Additional context used

📓 Path-based instructions (5)

**/*.go

📄 CodeRabbit inference engine (.cursor/rules/coding_conventions.mdc)

Follow Go coding conventions as documented in @docs/agents/CodingConventions.md

Follow Go coding standards and conventions as documented in @docs/agents/GoDocs.md

**/*.go: Follow the existing module structure in /module/, /engine/, /model/ and use dependency injection patterns for component composition
Implement proper interfaces before concrete types
Follow Go naming conventions and the project's coding style defined in /docs/CodingConventions.md
Use mock generators: run make generate-mocks after interface changes
All inputs must be considered potentially byzantine; error classification is context-dependent and no code path is safe unless explicitly proven and documented
Use comprehensive error wrapping for debugging; avoid fmt.Errorf, use irrecoverable package for exceptions
NEVER log and continue on best effort basis; ALWAYS explicitly handle errors
Uses golangci-lint with custom configurations (.golangci.yml) and custom linters for Flow-specific conventions (struct write checking)

Files:

• fvm/environment/account-key-metadata/digest.go
• fvm/environment/account_public_key_util_test.go
• fvm/environment/account-key-metadata/key_index_mapping_group_test.go
• fvm/environment/account-key-metadata/digest_test.go
• fvm/environment/account_public_key_util.go
• fvm/environment/account-key-metadata/metadata.go
• fvm/environment/account-key-metadata/weight_and_revoked_group.go
• fvm/environment/account-key-metadata/key_index_mapping_group.go
• fvm/environment/account-key-metadata/metadata_test.go
• fvm/environment/account-key-metadata/weight_and_revoked_group_test.go

{crypto,fvm,ledger,storage}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Security checks for cryptographic misuse must be enforced using gosec

Files:

• fvm/environment/account-key-metadata/digest.go
• fvm/environment/account_public_key_util_test.go
• fvm/environment/account-key-metadata/key_index_mapping_group_test.go
• fvm/environment/account-key-metadata/digest_test.go
• fvm/environment/account_public_key_util.go
• fvm/environment/account-key-metadata/metadata.go
• fvm/environment/account-key-metadata/weight_and_revoked_group.go
• fvm/environment/account-key-metadata/key_index_mapping_group.go
• fvm/environment/account-key-metadata/metadata_test.go
• fvm/environment/account-key-metadata/weight_and_revoked_group_test.go

{crypto,fvm,ledger,access,engine}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Cryptographic operations require careful handling; refer to crypto library documentation for proper implementation

Files:

• fvm/environment/account-key-metadata/digest.go
• fvm/environment/account_public_key_util_test.go
• fvm/environment/account-key-metadata/key_index_mapping_group_test.go
• fvm/environment/account-key-metadata/digest_test.go
• fvm/environment/account_public_key_util.go
• fvm/environment/account-key-metadata/metadata.go
• fvm/environment/account-key-metadata/weight_and_revoked_group.go
• fvm/environment/account-key-metadata/key_index_mapping_group.go
• fvm/environment/account-key-metadata/metadata_test.go
• fvm/environment/account-key-metadata/weight_and_revoked_group_test.go

{storage,ledger,execution,fvm}/**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

State consistency is paramount; use proper synchronization primitives

Files:

• fvm/environment/account-key-metadata/digest.go
• fvm/environment/account_public_key_util_test.go
• fvm/environment/account-key-metadata/key_index_mapping_group_test.go
• fvm/environment/account-key-metadata/digest_test.go
• fvm/environment/account_public_key_util.go
• fvm/environment/account-key-metadata/metadata.go
• fvm/environment/account-key-metadata/weight_and_revoked_group.go
• fvm/environment/account-key-metadata/key_index_mapping_group.go
• fvm/environment/account-key-metadata/metadata_test.go
• fvm/environment/account-key-metadata/weight_and_revoked_group_test.go

**/*_test.go

📄 CodeRabbit inference engine (AGENTS.md)

**/*_test.go: Unit tests should be co-located with the code they test
Follow the existing pattern of *_test.go files for test naming
Use fixtures for realistic test data as defined in /utils/unittest/

Files:

• fvm/environment/account_public_key_util_test.go
• fvm/environment/account-key-metadata/key_index_mapping_group_test.go
• fvm/environment/account-key-metadata/digest_test.go
• fvm/environment/account-key-metadata/metadata_test.go
• fvm/environment/account-key-metadata/weight_and_revoked_group_test.go

🧠 Learnings (1)

📚 Learning: 2025-12-23T00:28:41.005Z

Learnt from: CR
Repo: onflow/flow-go PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T00:28:41.005Z
Learning: Applies to {crypto,fvm,ledger,access,engine}/**/*.go : Cryptographic operations require careful handling; refer to crypto library documentation for proper implementation

Applied to files:

• fvm/environment/account-key-metadata/digest.go

🧬 Code graph analysis (6)

fvm/environment/account_public_key_util_test.go (2)

model/flow/ledger.go (2)

• AccountPublicKey0RegisterID (65-70)
• AccountBatchPublicKeyRegisterID (72-77)

fvm/environment/account_public_key_util.go (2)

• DecodeBatchPublicKeys (360-398)
• MaxPublicKeyCountInBatch (14-14)

fvm/environment/account_public_key_util.go (2)

fvm/errors/errors.go (1)

• NewCodedFailuref (319-330)

fvm/errors/codes.go (1)

• FailureCodeBatchPublicKeyDecodingFailure (40-40)

fvm/environment/account-key-metadata/metadata.go (2)

fvm/errors/account_key.go (2)

• NewKeyMetadataEmptyError (7-12)
• NewKeyMetadataTrailingDataError (40-47)

fvm/environment/account-key-metadata/weight_and_revoked_group.go (2)

• WeightAndRevokedStatus (326-329)
• DecodeWeightAndRevokedStatuses (332-358)

fvm/environment/account-key-metadata/weight_and_revoked_group.go (1)

fvm/errors/account_key.go (1)

• NewKeyMetadataUnexpectedLengthError (28-36)

fvm/environment/account-key-metadata/metadata_test.go (2)

fvm/environment/account-key-metadata/weight_and_revoked_group.go (1)

• WeightAndRevokedStatus (326-329)

fvm/environment/account-key-metadata/metadata.go (1)

• DecodeKeyMetadata (371-407)

fvm/environment/account-key-metadata/weight_and_revoked_group_test.go (1)

fvm/environment/account-key-metadata/weight_and_revoked_group.go (2)

• WeightAndRevokedStatus (326-329)
• DecodeWeightAndRevokedStatuses (332-358)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (34)

• GitHub Check: Lint (./integration/)
• GitHub Check: Lint (./insecure/)
• GitHub Check: Lint (./)
• GitHub Check: Unit Tests (utils)
• GitHub Check: Unit Tests (network/test/cohort1)
• GitHub Check: Unit Tests (others)
• GitHub Check: Unit Tests (network)
• GitHub Check: Unit Tests (network/test/cohort2)
• GitHub Check: Unit Tests (network/p2p)
• GitHub Check: Unit Tests (network/alsp)
• GitHub Check: Unit Tests (network/p2p/node)
• GitHub Check: Unit Tests (network/p2p/scoring)
• GitHub Check: Unit Tests (engine/execution)
• GitHub Check: Unit Tests (ledger)
• GitHub Check: Unit Tests (admin)
• GitHub Check: Unit Tests (engine/collection)
• GitHub Check: Unit Tests (engine/access)
• GitHub Check: Unit Tests (network/p2p/connection)
• GitHub Check: Unit Tests (consensus)
• GitHub Check: Unit Tests (storage)
• GitHub Check: Unit Tests (cmd)
• GitHub Check: Unit Tests (engine/verification)
• GitHub Check: Unit Tests (fvm)
• GitHub Check: Unit Tests (engine/common)
• GitHub Check: Unit Tests (engine/consensus)
• GitHub Check: Unit Tests (engine/execution/computation)
• GitHub Check: Unit Tests (module/dkg)
• GitHub Check: Unit Tests (state)
• GitHub Check: Integration Tests Others (integration)
• GitHub Check: Unit Tests Insecure (insecure)
• GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/rpc_inspector)
• GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/scoring)
• GitHub Check: Docker Build
• GitHub Check: analyze-code (go)

🔇 Additional comments (13)

fvm/environment/account_public_key_util.go (1)

357-398: LGTM! Well-structured utility function.

The DecodeBatchPublicKeys function correctly handles edge cases (empty input, boundary validation, trailing data detection) and provides clear error messages. The implementation aligns well with the existing batch public key encoding pattern.

fvm/environment/account_public_key_util_test.go (1)

241-263: LGTM! Comprehensive test coverage for DecodeBatchPublicKeys.

The test additions effectively verify the new DecodeBatchPublicKeys utility across multiple scenarios:

• Single batch with 2 keys (including nil placeholder)
• Full batch at maximum capacity
• Multiple batches

Each test correctly builds expected encoded keys and validates the decode operation returns the expected byte slices. The encode/decode roundtrip verification provides strong confidence in the implementation.

Also applies to: 273-306, 317-360

fvm/environment/account-key-metadata/digest.go (1)

85-104: LGTM!

The DecodeDigests function is well-implemented:

• Proper length validation against digestSize
• Efficient slice pre-allocation with correct capacity
• Safe byte slicing due to length validation
• Correctly handles nil/empty input by returning an empty slice

fvm/environment/account-key-metadata/metadata_test.go (1)

645-778: LGTM!

The TestDecodeKeyMetadata function provides comprehensive test coverage for the new DecodeKeyMetadata API:

• Tests both deduplicated and non-deduplicated paths
• Verifies all returned components (weight/revoked statuses, mappings, digests, and start indices)
• Test data aligns with existing TestGetKeyMetadata cases for consistency
• Properly handles nil mappings for non-deduplicated cases

fvm/environment/account-key-metadata/key_index_mapping_group_test.go (2)

118-123: LGTM!

Good addition of the DecodeMappings round-trip verification to existing tests, ensuring the decoder is consistent with the encoder.

---

143-149: No action required. The project requires Go 1.25.0 (from go.mod), which fully supports the for i := range len(m) syntax introduced in Go 1.22.

fvm/environment/account-key-metadata/key_index_mapping_group.go (1)

221-250: LGTM!

The DecodeMappings function correctly decodes mapping groups:

• Proper length validation against mappingGroupSize
• Correctly handles both consecutive and non-consecutive groups
• Logic is consistent with the existing getStoredKeyIndexFromMappings function

Note: The initial capacity len(b)/mappingGroupSize is a lower bound since RLE-encoded groups expand to multiple entries. This is acceptable as append will grow the slice as needed.

fvm/environment/account-key-metadata/weight_and_revoked_group.go (1)

325-358: LGTM!

The new WeightAndRevokedStatus struct and DecodeWeightAndRevokedStatuses function are well-implemented:

• Clean public API that mirrors the internal representation
• Proper length validation using weightAndRevokedStatusGroupSize
• Decoding logic is consistent with existing getWeightAndRevokedStatus
• Reuses existing parsing functions (parseRunLength, parseWeightAndRevokedStatus)

fvm/environment/account-key-metadata/weight_and_revoked_group_test.go (2)

35-42: LGTM!

The test data structures have been correctly updated to use the new public WeightAndRevokedStatus type with its exported fields Weight and Revoked.

---

113-117: Good addition of round-trip verification.

Adding DecodeWeightAndRevokedStatuses verification ensures the decoder produces results consistent with the encoder, providing end-to-end validation.

fvm/environment/account-key-metadata/metadata.go (3)

138-155: LGTM! Clean refactoring that improves code reusability.

The extraction of parsing logic into parseKeyMetadata() reduces duplication and improves maintainability. The use of slices.Clone() appropriately prevents mutation issues as documented in the function comment.

---

157-199: LGTM! Well-structured parsing with comprehensive validation.

The function properly validates input (empty check at lines 165-168, trailing data check at lines 190-196) and handles errors consistently. The sequential parsing with early returns on error is clear and correct.

---

367-407: Code implementation is correct and all dependencies are in place.

Both DecodeMappings() and DecodeDigests() functions are properly defined in the codebase (key_index_mapping_group.go and digest.go respectively), with appropriate error handling. The DecodeKeyMetadata() function correctly coordinates these lower-level decoders with clean error handling and named returns.