clippy

integration_tests/tests/private_pda.rs

@@ -22,11 +22,15 @@ use wallet::{
     cli::{Command, account::AccountSubcommand},
 };
 
-/// Funds a private PDA via the proxy program with a chained call to auth_transfer.
+/// Funds a private PDA via the proxy program with a chained call to `auth_transfer`.
 ///
-/// A direct call to auth_transfer cannot establish the PDA-to-npk binding because it uses
+/// A direct call to `auth_transfer` cannot establish the PDA-to-npk binding because it uses
 /// `Claim::Authorized` rather than `Claim::Pda`. Routing through the proxy provides the binding
-/// via `pda_seeds` in the chained call to auth_transfer.
+/// via `pda_seeds` in the chained call to `auth_transfer`.
+#[expect(
+    clippy::too_many_arguments,
+    reason = "test helper — grouping args would obscure intent"
+)]
 async fn fund_private_pda(
     wallet: &WalletCore,
     sender: AccountId,
@@ -62,6 +66,10 @@ async fn fund_private_pda(
 /// Spends from an owned private PDA to a fresh private-foreign recipient.
 ///
 /// Alice must own the PDA in the wallet (i.e. it must have been synced after a receive).
+#[expect(
+    clippy::too_many_arguments,
+    reason = "test helper — grouping args would obscure intent"
+)]
 async fn spend_private_pda(
     wallet: &WalletCore,
     pda_account_id: AccountId,

nssa/core/src/encryption/mod.rs

@@ -130,8 +130,8 @@ mod tests {
     #[test]
     fn encrypt_same_length_for_account_and_pda() {
         let account = Account::default();
-        let secret = SharedSecretKey([0u8; 32]);
-        let commitment = crate::Commitment::new(&AccountId::new([0u8; 32]), &Account::default());
+        let secret = SharedSecretKey([0_u8; 32]);
+        let commitment = crate::Commitment::new(&AccountId::new([0_u8; 32]), &Account::default());
 
         let account_ct = EncryptionScheme::encrypt(
             &account,
@@ -143,8 +143,8 @@ mod tests {
         let pda_ct = EncryptionScheme::encrypt(
             &account,
             &PrivateAccountKind::Pda {
-                program_id: [1u32; 8],
-                seed: PdaSeed::new([2u8; 32]),
+                program_id: [1_u32; 8],
+                seed: PdaSeed::new([2_u8; 32]),
                 identifier: 42,
             },
             &secret,

nssa/core/src/program.rs

@@ -63,21 +63,24 @@ pub enum PrivateAccountKind {
 }
 
 impl PrivateAccountKind {
-    ///   Regular(ident):                  0x00 || ident (16 LE) || [0u8; 64]
-    ///   Pda { program_id, seed, ident }: 0x01 || program_id (32 LE) || seed (32) || ident (16 LE)
+    /// Header layout (all integers little-endian):
+    ///
+    /// ```text
+    /// Regular(ident):                  0x00 || ident (16 LE) || [0u8; 64]
+    /// Pda { program_id, seed, ident }: 0x01 || program_id (32) || seed (32) || ident (16 LE)
+    /// ```
     pub const HEADER_LEN: usize = 81;
 
     #[must_use]
-    pub fn identifier(&self) -> Identifier {
+    pub const fn identifier(&self) -> Identifier {
         match self {
-            Self::Regular(identifier) => *identifier,
-            Self::Pda { identifier, .. } => *identifier,
+            Self::Regular(identifier) | Self::Pda { identifier, .. } => *identifier,
         }
     }
 
     #[must_use]
     pub fn to_header_bytes(&self) -> [u8; Self::HEADER_LEN] {
-        let mut bytes = [0u8; Self::HEADER_LEN];
+        let mut bytes = [0_u8; Self::HEADER_LEN];
         match self {
             Self::Regular(identifier) => {
                 bytes[0] = 0x00;
@@ -90,9 +93,9 @@ impl PrivateAccountKind {
                 identifier,
             } => {
                 bytes[0] = 0x01;
-                for (i, &word) in program_id.iter().enumerate() {
-                    bytes[1 + i * 4..1 + (i + 1) * 4].copy_from_slice(&word.to_le_bytes());
-                }
+                let id_bytes: &[u8] =
+                    bytemuck::try_cast_slice(program_id).expect("ProgramId is castable to &[u8]");
+                bytes[1..33].copy_from_slice(id_bytes);
                 bytes[33..65].copy_from_slice(seed.as_bytes());
                 bytes[65..81].copy_from_slice(&identifier.to_le_bytes());
             }
@@ -109,11 +112,10 @@ impl PrivateAccountKind {
                 Some(Self::Regular(identifier))
             }
             0x01 => {
-                let mut program_id = [0u32; 8];
-                for (i, word) in program_id.iter_mut().enumerate() {
-                    *word =
-                        u32::from_le_bytes(bytes[1 + i * 4..1 + (i + 1) * 4].try_into().unwrap());
-                }
+                let program_id: ProgramId = bytemuck::try_cast_slice(&bytes[1..33])
+                    .expect("bytes are castable to &[u32]")
+                    .try_into()
+                    .expect("slice has exactly 8 u32 elements");
                 let seed = PdaSeed::new(bytes[33..65].try_into().unwrap());
                 let identifier = Identifier::from_le_bytes(bytes[65..81].try_into().unwrap());
                 Some(Self::Pda {
@@ -1009,8 +1011,8 @@ mod tests {
         );
     }
 
-    /// Different identifiers produce different addresses for the same (program_id, seed, npk),
-    /// confirming that each (program_id, seed, npk) controls a family of 2^128 addresses.
+    /// Different identifiers produce different addresses for the same `(program_id, seed, npk)`,
+    /// confirming that each `(program_id, seed, npk)` tuple controls a family of 2^128 addresses.
     #[test]
     fn for_private_pda_differs_for_different_identifier() {
         let program_id: ProgramId = [1; 8];
@@ -1043,8 +1045,8 @@ mod tests {
     fn private_account_kind_header_round_trips() {
         let regular = PrivateAccountKind::Regular(42);
         let pda = PrivateAccountKind::Pda {
-            program_id: [1u32; 8],
-            seed: PdaSeed::new([2u8; 32]),
+            program_id: [1_u32; 8],
+            seed: PdaSeed::new([2_u8; 32]),
             identifier: u128::MAX,
         };
         assert_eq!(
@@ -1060,7 +1062,7 @@ mod tests {
     #[cfg(feature = "host")]
     #[test]
     fn private_account_kind_unknown_discriminant_returns_none() {
-        let mut bytes = [0u8; PrivateAccountKind::HEADER_LEN];
+        let mut bytes = [0_u8; PrivateAccountKind::HEADER_LEN];
         bytes[0] = 0xFF;
         assert_eq!(PrivateAccountKind::from_header_bytes(&bytes), None);
     }
@@ -1079,7 +1081,11 @@ mod tests {
         assert_eq!(
             AccountId::for_private_account(
                 &npk,
-                &PrivateAccountKind::Pda { program_id, seed, identifier }
+                &PrivateAccountKind::Pda {
+                    program_id,
+                    seed,
+                    identifier
+                }
             ),
             AccountId::for_private_pda(&program_id, &seed, &npk, identifier),
         );

nssa/src/privacy_preserving_transaction/circuit.rs

@@ -182,21 +182,6 @@ mod tests {
         program::{PdaSeed, PrivateAccountKind},
     };
 
-    fn decrypt_kind(
-        output: &PrivacyPreservingCircuitOutput,
-        ssk: &SharedSecretKey,
-        idx: usize,
-    ) -> PrivateAccountKind {
-        let (kind, _) = EncryptionScheme::decrypt(
-            &output.ciphertexts[idx],
-            ssk,
-            &output.new_commitments[idx],
-            idx as u32,
-        )
-        .unwrap();
-        kind
-    }
-
     use super::*;
     use crate::{
         error::NssaError,
@@ -208,6 +193,21 @@ mod tests {
         },
     };
 
+    fn decrypt_kind(
+        output: &PrivacyPreservingCircuitOutput,
+        ssk: &SharedSecretKey,
+        idx: usize,
+    ) -> PrivateAccountKind {
+        let (kind, _) = EncryptionScheme::decrypt(
+            &output.ciphertexts[idx],
+            ssk,
+            &output.new_commitments[idx],
+            u32::try_from(idx).expect("idx fits in u32"),
+        )
+        .unwrap();
+        kind
+    }
+
     #[test]
     fn prove_privacy_preserving_execution_circuit_public_and_private_pre_accounts() {
         let recipient_keys = test_private_account_keys_1();
@@ -453,7 +453,7 @@ mod tests {
             Program::serialize_instruction(seed).unwrap(),
             vec![InputAccountIdentity::PrivatePdaInit {
                 npk,
-                ssk: shared_secret.clone(),
+                ssk: shared_secret,
                 identifier,
             }],
             &program.clone().into(),
@@ -589,7 +589,7 @@ mod tests {
             vec![pre],
             Program::serialize_instruction(0_u128).unwrap(),
             vec![InputAccountIdentity::PrivateAuthorizedInit {
-                ssk: ssk.clone(),
+                ssk,
                 nsk: keys.nsk,
                 identifier,
             }],
@@ -631,7 +631,7 @@ mod tests {
                 InputAccountIdentity::Public,
                 InputAccountIdentity::PrivateUnauthorized {
                     npk: keys.npk(),
-                    ssk: ssk.clone(),
+                    ssk,
                     identifier,
                 },
             ],
@@ -671,7 +671,7 @@ mod tests {
             Program::serialize_instruction(1_u128).unwrap(),
             vec![
                 InputAccountIdentity::PrivateAuthorizedUpdate {
-                    ssk: ssk.clone(),
+                    ssk,
                     nsk: keys.nsk,
                     membership_proof: commitment_set.get_proof_for(&commitment).unwrap(),
                     identifier,
@@ -725,7 +725,7 @@ mod tests {
             Program::serialize_instruction((seed, 1_u128, auth_transfer_id, false)).unwrap(),
             vec![
                 InputAccountIdentity::PrivatePdaUpdate {
-                    ssk: ssk.clone(),
+                    ssk,
                     nsk: keys.nsk,
                     membership_proof: commitment_set.get_proof_for(&pda_commitment).unwrap(),
                     identifier,
@@ -795,10 +795,8 @@ mod tests {
         let recipient_pre =
             AccountWithMetadata::new(Account::default(), true, AccountId::new([0; 32]));
 
-        let program_with_deps = ProgramWithDependencies::new(
-            program,
-            [(auth_transfer_id, auth_transfer)].into(),
-        );
+        let program_with_deps =
+            ProgramWithDependencies::new(program, [(auth_transfer_id, auth_transfer)].into());
 
         let result = execute_and_prove(
             vec![pda_pre, recipient_pre],

nssa/src/state.rs

@@ -4355,7 +4355,7 @@ pub mod tests {
                     InputAccountIdentity::Public,
                     InputAccountIdentity::PrivatePdaInit {
                         npk: alice_npk,
-                        ssk: alice_shared_0.clone(),
+                        ssk: alice_shared_0,
                         identifier: 0,
                     },
                 ],
@@ -4397,7 +4397,7 @@ pub mod tests {
                     InputAccountIdentity::Public,
                     InputAccountIdentity::PrivatePdaInit {
                         npk: alice_npk,
-                        ssk: alice_shared_1.clone(),
+                        ssk: alice_shared_1,
                         identifier: 1,
                     },
                 ],

test_program_methods/guest/src/bin/auth_transfer_proxy.rs

@@ -7,15 +7,15 @@ use nssa_core::{
 };
 use risc0_zkvm::serde::to_vec;
 
-/// Proxy for interacting with private PDAs via auth_transfer.
+/// Proxy for interacting with private PDAs via `auth_transfer`.
 ///
 /// The `is_fund` flag selects the operating mode:
 ///
-/// - `false` (Spend): pre_states = [pda (authorized), recipient]. Debits the PDA. The PDA-to-npk
-///   binding is established via `pda_seeds` in the chained call to auth_transfer.
+/// - `false` (Spend): `pre_states = [pda (authorized), recipient]`. Debits the PDA. The PDA-to-npk
+///   binding is established via `pda_seeds` in the chained call to `auth_transfer`.
 ///
-/// - `true` (Fund): pre_states = [sender (authorized), pda (foreign/uninitialized)]. Credits the
-///   PDA. A direct call to auth_transfer cannot bind the PDA because auth_transfer uses
+/// - `true` (Fund): `pre_states = [sender (authorized), pda (foreign/uninitialized)]`. Credits the
+///   PDA. A direct call to `auth_transfer` cannot bind the PDA because `auth_transfer` uses
 ///   `Claim::Authorized`, not `Claim::Pda`. Routing through this proxy establishes the binding via
 ///   `pda_seeds` in the chained call.
 type Instruction = (PdaSeed, u128, ProgramId, bool);

wallet/src/privacy_preserving_tx.rs

@@ -19,7 +19,7 @@ pub enum PrivacyPreservingAccount {
         vpk: ViewingPublicKey,
         identifier: Identifier,
     },
-    /// An owned private PDA: wallet holds the nsk/npk; account_id was derived via
+    /// An owned private PDA: wallet holds the nsk/npk; `account_id` was derived via
     /// `AccountId::for_private_pda`. Produces visibility mask 3.
     PrivatePdaOwned(AccountId),
     /// A foreign private PDA: wallet knows the recipient's npk/vpk but not their nsk.