Use Company Block Validation Checks

[zupzup]

📝 Description

• Using the new company block validation checks
• Add latest tag to npm release, since otherwise it cries when we do hotfixes
• Add handling for being invited to companies as Anon
• Validate identity and company blocks for bill signing as well

Relates to #749

---

✅ Checklist

Please ensure the following tasks are completed before requesting a review:

• My code adheres to the coding guidelines of this project.
• I have run cargo fmt.
• I have run cargo clippy.
• I have added or updated tests (if applicable).
• All CI/CD steps were successful.
• I have updated the documentation (if applicable).
• I have checked that there are no console errors or warnings.
• I have verified that the application builds without errors.
• I've described the changes made to the API. (modification, addition, deletion).

---

🚀 Changes Made

See above.

---

💡 How to Test

Please provide clear instructions on how reviewers can test your changes:

1. cargo test
2. create companies, bills, invite ppl, kick them etc.

---

🤝 Related Issues

List any related issues, pull requests, or discussions:

• Implement Proper Block Validation for Company Blocks #749

---

📋 Review Guidelines

Please focus on the following while reviewing:

• Does the code follow the repository's contribution guidelines?
• Are there any potential bugs or performance issues?
• Are there any typos or grammatical errors in the code or comments?

[codecov]

Codecov Report

❌ Patch coverage is 84.78261% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.39%. Comparing base (8895b00) to head (c17d2a6).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...bill-core/src/protocol/blockchain/company/block.rs	75.00%	14 Missing ⚠️
...sport/src/handler/company_chain_event_processor.rs	80.76%	5 Missing ⚠️
...s/bcr-ebill-api/src/service/bill_service/blocks.rs	96.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #835      +/-   ##
==========================================
+ Coverage   70.37%   70.39%   +0.02%     
==========================================
  Files         132      132              
  Lines       24737    24836      +99     
==========================================
+ Hits        17408    17484      +76     
- Misses       7329     7352      +23     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This pull request implements comprehensive block validation for company chains, addressing issue #749. The changes introduce a validation-first pattern using CompanyValidateActionData with signature verification via verify_and_get_signer() for all company operations. The PR also adds handling for anonymous users attempting company operations and updates numerous tests to use consistent test keys and proper chain setup.

Changes:

• Implemented verify_and_get_signer() method for company blocks to verify signatures before validation
• Replaced direct authorization checks with CompanyValidateActionData validation pattern across all company operations
• Added anonymous identity checks to prevent anon users from performing company operations
• Updated test infrastructure to use consistent test keys and proper blockchain setup with identity proofs
• Added --tag latest to npm publish workflow for proper release tagging

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
crates/bcr-ebill-transport/src/handler/mod.rs	Added test utilities for additional test node ID and private key
crates/bcr-ebill-transport/src/handler/company_chain_event_processor.rs	Integrated signature verification and validation for incoming company blocks; updated tests to use proper chain setup
crates/bcr-ebill-core/src/protocol/blockchain/company/block.rs	Implemented verify_and_get_signer() for extracting and verifying block signers with identity proof validation
crates/bcr-ebill-api/src/tests/mod.rs	Added additional test helper functions for consistent test key usage
crates/bcr-ebill-api/src/service/company_service.rs	Replaced authorization checks with CompanyValidateActionData validation; added anon identity guards
crates/bcr-ebill-api/src/service/bill_service/test_utils.rs	Updated test utilities to use proper chain methods instead of individual block fetching
crates/bcr-ebill-api/src/service/bill_service/blocks.rs	Added validation helpers for identity and company blocks; integrated validation for bill signing operations
.github/workflows/wasm_release.yml	Added --tag latest to npm publish command for proper package tagging

[codingpeanut157]

I see CompanyValidateActionData is only used as a temporary container of information that are used to .validate() the action, yet all the elements are owned.
Maybe an improvement could be to reference those information

pub struct CompanyValidateActionData<'a> {
pub blockchain: &<'a> CompanyBlockchain,
...
}

[zupzup]

I see CompanyValidateActionData is only used as a temporary container of information that are used to .validate() the action, yet all the elements are owned. Maybe an improvement could be to reference those information

pub struct CompanyValidateActionData<'a> {
pub blockchain: &<'a> CompanyBlockchain,
...
}

Yeah, I tried to do this with the BillValidateActionData back when I implemented that and it unfortunately was quite unwieldy, especially for testing.
However, I noted both down for future performance work, where we could trade off some complexity for fewer allocations. 👍