remove caller ctx in docs, add notice to existing methods

[andrew-fleming]

Types of changes

What types of changes does your code introduce to OpenZeppelin Midnight Contracts?
Put an x in the boxes that apply

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation Update (if none of the other choices apply)

ZOwnablePK in the contracts lib still uses the coin public key (+ secret nonce so it's not insecure) so the caller context logic in the simulator should not be removed yet (it'll break the ZOwnablePK tests)

Summary by CodeRabbit

Release Notes

• Documentation
  • Updated simulator documentation with clarified guidance on method usage and security considerations.
  • Revised testing examples and feature descriptions to reflect current simulator capabilities.

[coderabbitai]

Walkthrough

This pull request removes documentation and examples related to caller context management and multi-user testing from the simulator README, while adding consistent JSDoc security warnings across the simulator API classes clarifying that ownPublicKey() is a witness value unsuitable for authentication or access control.

Changes

Witness Value Security Documentation

Layer / File(s)	Summary
README: Remove caller context and multi-user examples packages/simulator/README.md	Features list removes "Caller Context Simulation," Advanced Features section deletes "Caller Context Management" and its examples, primary Vitest test example replaces caller-context pattern with simpler setVal/getPublicState()._val assertion, "Multi-User Interactions" test example and "Multi-User Testing" tip are removed, and table separator formatting is adjusted.
JSDoc: Add ownPublicKey() witness value security warnings packages/simulator/src/core/AbstractSimulator.ts, packages/simulator/src/core/ContractSimulator.ts	AbstractSimulator JSDoc for as(), setPersistentCaller(), and resetCaller() each receive @notice warnings that ownPublicKey() is a witness value and must not be used for authentication or access control. ContractSimulator expands ownPublicKey() JSDoc with detailed security guidance and explanation of intended use as a circuit computation input.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 The witness speaks truth, no secrets to keep,
Caller context dreams fade into sleep,
No auth in this value—a lesson so clear,
Documentation refined, now crystalling near! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: removing caller context documentation from the README and adding notices to existing methods in the simulator code.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/simulator/README.md`:
- Around line 206-218: The test snippet uses a one-arg constructor new
MyContractSimulator(val) but the earlier "Extending the Base Simulator" example
defines a two-argument constructor; update the test to call MyContractSimulator
with the same two-arg signature used earlier (e.g., pass the initial value and
the second required parameter such as the owner/signer or a default/mock) so the
example is consistent and copy/pasteable, and ensure the README text around the
snippet explains the second parameter if it isn't obvious.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cbf6f19b-660b-470b-b856-c184e304eca2

📥 Commits

Reviewing files that changed from the base of the PR and between 38cfbe2 and 7452acb.

📒 Files selected for processing (3)

• packages/simulator/README.md
• packages/simulator/src/core/AbstractSimulator.ts
• packages/simulator/src/core/ContractSimulator.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Keep test snippet constructor usage consistent with earlier class example.

Line 212 currently uses new MyContractSimulator(val), but the earlier “Extending the Base Simulator” example defines a two-arg constructor. This can confuse readers and break copy/paste flows.

Suggested doc fix

-    simulator = new MyContractSimulator(val);
+    simulator = new MyContractSimulator(val, 'example-arg2');

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let simulator: MyContractSimulator;
	let val = 123n;
	let newVal = 456n;
	describe('MyContract', () => {
	beforeEach(() => {
	simulator = new MyContractSimulator(
	zOwner,
	{ privateState: MyPrivateState.generate() }
	);
	simulator = new MyContractSimulator(val);
	});
	it('should transfer ownership', () => {
	let newOwner = '0'.repeat(63) + '2';
	let zNewOwner = { bytes: encodeCoinPublicKey(newOwner) };
	simulator.as(owner).transferOwnership(zNewOwner);
	expect(simulator.getPublicState()._owner).toEqual(zNewOwner);
	it('should set new value', () => {
	simulator.setVal(newVal);
	expect(simulator.getPublicState()._val).toEqual(newVal);
	});
	let simulator: MyContractSimulator;
	let val = 123n;
	let newVal = 456n;
	describe('MyContract', () => {
	beforeEach(() => {
	simulator = new MyContractSimulator(val, 'example-arg2');
	});
	it('should set new value', () => {
	simulator.setVal(newVal);
	expect(simulator.getPublicState()._val).toEqual(newVal);
	});

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/simulator/README.md` around lines 206 - 218, The test snippet uses a
one-arg constructor new MyContractSimulator(val) but the earlier "Extending the
Base Simulator" example defines a two-argument constructor; update the test to
call MyContractSimulator with the same two-arg signature used earlier (e.g.,
pass the initial value and the second required parameter such as the
owner/signer or a default/mock) so the example is consistent and copy/pasteable,
and ensure the README text around the snippet explains the second parameter if
it isn't obvious.

[0xisk]

LGTM! Thank you @andrew-fleming!