Skip to content

Enforce global security ID uniqueness#270

Closed
HardlyDifficult wants to merge 17 commits into
codex/ocf-vesting-graph-integrityfrom
codex/ocf-security-id-uniqueness
Closed

Enforce global security ID uniqueness#270
HardlyDifficult wants to merge 17 commits into
codex/ocf-vesting-graph-integrityfrom
codex/ocf-security-id-uniqueness

Conversation

@HardlyDifficult

@HardlyDifficult HardlyDifficult commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Enforce global security_id uniqueness across stock, equity compensation, warrant, and convertible issuances.
  • Validate complete final issuance maps so duplicates already present in upgraded cap tables cannot survive an unrelated update.
  • Enforce lifecycle output identity: a successor cannot reuse its source ID, a balance ID cannot also be a resulting ID, and one successor ID cannot be produced by multiple transactions or transaction types.
  • Cover create, edit, same-batch, legacy final-state, source-alias, balance/result-alias, and cross-type successor collisions with DAML scenarios.

OCF requirement

OCF defines security_id as the identifier by which an issued security is referenced by every future transaction:
https://github.com/Open-Cap-Table-Coalition/Open-Cap-Format-OCF/blob/dd84bdb6bafb63681c77166f315cea5a2078a4c8/schema/primitives/objects/transactions/SecurityTransaction.schema.json#L8-L13

OCF separately defines transfer results as identifiers for new securities and the optional balance ID as the security holding the remainder. Those distinct roles require unique identities within the cap-table lifecycle:
https://github.com/Open-Cap-Table-Coalition/Open-Cap-Format-OCF/blob/dd84bdb6bafb63681c77166f315cea5a2078a4c8/schema/primitives/objects/transactions/transfer/Transfer.schema.json#L12-L24

The same new-security semantics are explicit for reissuances:
https://github.com/Open-Cap-Table-Coalition/Open-Cap-Format-OCF/blob/dd84bdb6bafb63681c77166f315cea5a2078a4c8/schema/primitives/objects/transactions/reissuance/Reissuance.schema.json#L8-L14

Stack

Stacked on #254 / codex/ocf-vesting-graph-integrity.

Validation

  • npm run build
  • dpm test --files daml/OpenCapTable/TestSecurityIdValidation.daml --color
  • npm test
  • npm run lint
  • npm run lint:daml
  • npm run format
  • npm run check:schema-gaps -- --ocf-schema-dir /tmp/open-cap-format-ocf-schema-check/schema
  • npm run verify-dars
  • npm run check-upgrade-compat (0.0.13 -> 0.0.14)

This PR remains draft until current-head CI is green.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 734c7c05-a1fb-40a6-9f6f-d9bd11b8946f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Note

Reviews paused

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/ocf-security-id-uniqueness

Comment @coderabbitai help to get the list of available commands.

@HardlyDifficult HardlyDifficult marked this pull request as ready for review July 9, 2026 16:09
@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

@copilot please review

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@copilot please review

Please point me to the specific file or concern you want reviewed. I checked the current PR branch workflows and they’re passing, so I don’t yet see an actionable issue to change.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

@copilot please review the global security_id uniqueness enforcement, especially scripts/codegen/templates/CapTable.daml.template, scripts/codegen/templates/loops/create-case.daml, scripts/codegen/templates/loops/edit-case.daml, and Test/daml/OpenCapTable/TestSecurityIdValidation.daml. The concern is whether the contract now prevents the same OCF security identifier from being reused across stock, equity compensation, warrant, and convertible issuances on creates and edits.

@HardlyDifficult HardlyDifficult marked this pull request as ready for review July 9, 2026 18:58
@HardlyDifficult HardlyDifficult requested a review from Copilot July 9, 2026 18:59

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enforces global security_id uniqueness across security issuance types (stock, warrant, convertible, equity compensation) by centralizing the uniqueness check into a shared CapTable helper and wiring it into the codegen create/edit loops. This aligns the ledger mutation rules with OCF’s definition of security_id as a cross-transaction identifier and adds DAML script tests to cover cross-type and same-batch collisions.

Changes:

  • Add securityIdExists / assertSecurityIdAvailable helpers to the CapTable codegen template and use them from generated create/edit branches.
  • Update DAML script tests to cover cross-type duplicates, same-batch duplicates, and edits attempting to reuse another type’s security_id.
  • Bump OpenCapTable-v34 package version and update DAR / lock metadata to match.

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
Test/daml/OpenCapTable/TestSecurityIdValidation.daml Adds test coverage for global security_id uniqueness across issuance types, including same-batch collisions and edit-time reuse attempts.
Test/daml.yaml Points the Test package data-dependency at the bumped OpenCapTable-v34 0.0.14 DAR.
scripts/codegen/templates/loops/edit-case.daml Replaces per-type security_id uniqueness checks with the shared global helper during edits (when security_id changes).
scripts/codegen/templates/loops/create-case.daml Replaces per-type security_id uniqueness checks with the shared global helper during creates.
scripts/codegen/templates/CapTable.daml.template Introduces securityIdExists and assertSecurityIdAvailable used by create/edit paths to enforce global uniqueness.
OpenCapTable-v34/daml.yaml Bumps OpenCapTable-v34 version from 0.0.13 to 0.0.14.
dars/OpenCapTable-v34/0.0.14/OpenCapTable-v34.dar Adds the new packaged DAR artifact (LFS pointer).
dars/dars.lock Registers the new 0.0.14 DAR (sha/size/sdk/uploadedAt metadata).

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dfa0f14194

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/codegen/templates/CapTable.daml.template
@HardlyDifficult HardlyDifficult marked this pull request as draft July 9, 2026 19:16
@HardlyDifficult HardlyDifficult marked this pull request as ready for review July 9, 2026 20:10

Copy link
Copy Markdown
Collaborator Author

@copilot review

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

@copilot please review the global security_id uniqueness enforcement, especially scripts/codegen/templates/CapTable.daml.template, scripts/codegen/templates/loops/create-case.daml, `scripts/code...

Reviewed those files in this branch:

  • scripts/codegen/templates/CapTable.daml.template: securityIdExists checks all four *_issuances_by_security_id maps, assertSecurityIdAvailable enforces global uniqueness, and validateFinalSecurityIdUniqueness re-checks uniqueness from final issuance contracts.
  • scripts/codegen/templates/loops/create-case.daml: issuance creates call assertSecurityIdAvailable d.security_id maps before insert.
  • scripts/codegen/templates/loops/edit-case.daml: issuance edits enforce uniqueness when security_id changes, then atomically remove old and insert new security_id mapping.
  • Test/daml/OpenCapTable/TestSecurityIdValidation.daml: covers cross-type duplicate create, same-batch duplicate create, and edit reusing another type’s security_id (plus final-state stale-index duplicate detection).

Given current codegen/update ordering (deletes → edits → creates), this does prevent reuse of the same OCF security_id across stock/equity-comp/warrant/convertible on both creates and edits.

@copilot review

Completed review of the global security_id uniqueness enforcement on this PR. I verified the create/edit templates, shared CapTable helper logic, generated cap table flow, and security-id validation tests; the current implementation enforces cross-type uniqueness for creates and edits, including same-batch collisions.

Copy link
Copy Markdown
Collaborator Author

@codex review
@coderabbitai review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Keep it up!

Reviewed commit: 133300b07c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@HardlyDifficult HardlyDifficult marked this pull request as draft July 10, 2026 11:47
@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

@coderabbitai pause

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
✅ Action performed

Reviews paused.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

Restacked onto #254 at a5fbd9d and incorporated the identity-specific improvements recovered from the broader lifecycle work. Successor IDs are now globally single-produced, distinct from their own source, and unable to serve simultaneously as both balance and resulting IDs. Quantity/date/class continuity remains scoped to #276.

Local validation on bae63d4 is green: build, focused security-ID tests, full DAML suite, ESLint, DAML lint, Prettier, current OCF schema-gap check, 14-DAR integrity, and 0.0.13 -> 0.0.14 upgrade compatibility. Keeping the PR in draft pending current-head CI.

@HardlyDifficult

Copy link
Copy Markdown
Collaborator Author

This enforcement is now folded into #238 as part of the authorized/reserved share-ceiling category.

Commit 4a37f43 carries the grouped security-identity regressions, including duplicate issuance IDs and lifecycle successor identity coverage. #238 is now green, mergeable, fully reviewed on its exact head, and ready for final human review. Closing this standalone PR to keep the category grouping canonical.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants