test: add comprehensive unit tests for new features

- Add rate limiting tests (7 tests: per-IP calculations, edge cases, Redis key generation)
- Add batch optimizer utility tests (24 tests: BigInt formatting, gas calculations, optimization strategies)
- Add wallet nonce atomic operation tests (10 tests: nonce calculation, race condition prevention)
- Add implementation guide for addressing remaining weaknesses

Total: 41 unit tests, all passing

Addresses CodeRabbit feedback about test coverage and validates:
- Per-IP rate limit enforcement with minimum of 1 request
- BigInt precision in Wei/ETH formatting without Number conversion
- Gas savings calculations for different optimization strategies
- Atomic nonce operations preventing race conditions

Author: anuragchvn-blip

ADDRESSING_WEAKNESSES.md

@@ -0,0 +1,325 @@
+# Addressing PR #925 Weaknesses - Action Plan
+
+## Overview
+This document outlines how to address the three identified weaknesses in PR #925:
+1. Batch optimizer incompleteness
+2. Missing unit tests
+3. GPG signature configuration
+
+---
+
+## ✅ COMPLETED: Unit Tests
+
+### What We Did
+Created comprehensive unit test suites covering all new features:
+
+**Files Created:**
+- `tests/unit/rate-limit.test.ts` - Rate limiting logic tests
+- `tests/unit/batch-optimizer.test.ts` - Batch optimizer utility tests
+- `tests/unit/wallet-nonce-atomic.test.ts` - Atomic nonce operation tests
+
+**Test Coverage:**
+- ✅ Per-IP rate limit calculation with edge cases
+- ✅ BigInt formatting helpers (formatWei, formatPercent)
+- ✅ Gas estimation savings calculations
+- ✅ Batch ID generation
+- ✅ Atomic nonce update logic
+- ✅ Race condition prevention validation
+
+**To Run Tests:**
+```bash
+npm run test:unit
+# or for specific tests:
+npm run test:unit -- tests/unit/rate-limit.test.ts
+```
+
+---
+
+## 🔧 TODO: GPG Signature Configuration
+
+### Option 1: Enable GPG Signing (Recommended for Production)
+
+#### Step 1: Generate GPG Key (if you don't have one)
+```bash
+# Generate a new GPG key
+gpg --full-generate-key
+# Choose: RSA and RSA, 4096 bits, no expiration
+
+# List your keys to get the key ID
+gpg --list-secret-keys --keyid-format=long
+# Output will show: sec rsa4096/<KEY_ID> ...
+```
+
+#### Step 2: Configure Git to Use GPG
+```bash
+# Set your GPG key for signing
+git config --global user.signingkey <KEY_ID>
+
+# Enable GPG signing for all commits
+git config --global commit.gpgsign true
+
+# Set GPG program (if needed on Windows)
+git config --global gpg.program "C:/Program Files (x86)/GnuPG/bin/gpg.exe"
+```
+
+#### Step 3: Add GPG Key to GitHub
+```bash
+# Export your public key
+gpg --armor --export <KEY_ID>
+
+# Copy the output and add to GitHub:
+# Settings → SSH and GPG keys → New GPG key
+```
+
+#### Step 4: Re-sign Existing Commits
+```bash
+# Re-sign the last N commits
+git rebase --exec 'git commit --amend --no-edit -n -S' -i HEAD~11
+
+# Force push to update remote
+git push --force-with-lease origin feat/critical-fixes-and-batch-optimizer
+```
+
+### Option 2: Keep Unsigned (Acceptable for Open Source)
+
+Many open source projects don't require GPG signatures. If thirdweb-dev/engine doesn't enforce it, this is fine.
+
+**To Check Repository Policy:**
+```bash
+# Check if branch protection requires signed commits
+# Go to: https://github.com/thirdweb-dev/engine/settings/branches
+```
+
+---
+
+## 🚀 TODO: Complete Batch Optimizer Implementation
+
+### Current State: Preview/Demonstration
+- ✅ Gas price analysis - WORKING
+- ✅ Cost estimation - WORKING
+- ✅ Batch metadata caching - WORKING
+- ⚠️ Gas estimation - Uses averages (71k/tx)
+- ⚠️ Execute endpoint - Doesn't queue transactions
+- ⚠️ Status tracking - Returns placeholders
+
+### Option A: Keep as Preview (Current Approach)
+**Pros:**
+- Provides valuable cost estimation
+- Demonstrates API design
+- Transparent about limitations
+- Can merge PR now
+
+**Cons:**
+- Not production-ready for execution
+- Requires future PR to complete
+
+**Action:** Already documented in commit dc5714f ✅
+
+---
+
+### Option B: Complete Full Implementation
+
+If you want to make batch optimizer fully functional, here's the implementation plan:
+
+#### Phase 1: Real Gas Estimation
+**File:** `src/server/routes/transaction/batch-optimizer.ts`
+
+Replace lines 153-161 with:
+```typescript
+const estimateGasForBatch = async (
+  chainId: number,
+  fromAddress: string,
+  transactions: any[],
+): Promise<bigint> => {
+  const chain = await getChain(chainId);
+  const rpcRequest = getRpcClient({ client: thirdwebClient, chain });
+  
+  let totalGas = 0n;
+  for (const tx of transactions) {
+    const gasEstimate = await estimateGas({
+      transaction: prepareContractCall({
+        client: thirdwebClient,
+        chain,
+        to: tx.to as Address,
+        data: tx.data,
+        value: tx.value ? BigInt(tx.value) : 0n,
+      }),
+      from: fromAddress as Address,
+    });
+    totalGas += gasEstimate;
+  }
+  return totalGas;
+};
+```
+
+#### Phase 2: Queue Integration
+**File:** `src/server/routes/transaction/batch-optimizer.ts`
+
+Replace lines 377-399 with:
+```typescript
+// Import at top
+import { queueTx } from "../../../shared/db/transactions/queue-tx";
+
+// In executeBatchTransactions handler:
+const queueIds: string[] = [];
+
+for (let i = 0; i < transactions.length; i++) {
+  const tx = transactions[i];
+  
+  const queueId = await queueTx({
+    queueId: `${batchId}_tx_${i}`,
+    tx: {
+      to: tx.to as Address,
+      from: fromAddress as Address,
+      data: tx.data,
+      value: tx.value ? BigInt(tx.value) : 0n,
+    },
+    chainId: chainId.toString(),
+    extension: "none",
+    functionName: "batchTransaction",
+  });
+  
+  queueIds.push(queueId);
+}
+
+// Update batch status
+await cacheBatchData(batchId, {
+  ...batchData,
+  status: "queued",
+  queueIds,
+  queuedAt: Date.now(),
+});
+
+reply.status(StatusCodes.OK).send({
+  batchId,
+  status: "queued",
+  message: `Batch of ${transactions.length} transactions queued for execution with ${optimization} optimization`,
+  queueIds,
+});
+```
+
+#### Phase 3: Status Tracking
+**File:** `src/server/routes/transaction/batch-optimizer.ts`
+
+Replace lines 433-450 with:
+```typescript
+const txStatuses = await Promise.all(
+  queueIds.map(async (queueId: string) => {
+    const tx = await prisma.transactions.findUnique({
+      where: { queueId },
+      select: {
+        status: true,
+        transactionHash: true,
+        minedAt: true,
+        errorMessage: true,
+      },
+    });
+    
+    if (!tx) {
+      return { queueId, status: "pending", transactionHash: undefined };
+    }
+    
+    return {
+      queueId,
+      status: tx.minedAt ? "mined" : 
+              tx.errorMessage ? "failed" : 
+              "processing",
+      transactionHash: tx.transactionHash || undefined,
+    };
+  })
+);
+
+const completedCount = txStatuses.filter(t => t.status === "mined").length;
+const failedCount = txStatuses.filter(t => t.status === "failed").length;
+
+const response = {
+  batchId,
+  status: failedCount > 0 ? "failed" :
+          completedCount === transactions.length ? "completed" :
+          "processing",
+  transactionCount: transactions.length,
+  completedCount,
+  failedCount,
+  transactions: txStatuses,
+} satisfies Static<typeof batchStatusSchema>;
+```
+
+#### Phase 4: Testing
+Create integration tests:
+```bash
+# Create test file
+touch tests/e2e/batch-optimizer.e2e.test.ts
+```
+
+#### Phase 5: Update Documentation
+Update `docs/BATCH_OPTIMIZER.md`:
+- Remove "⚠️ Preview Status" section
+- Update status from "Preview" to "Production Ready"
+- Add production deployment notes
+
+---
+
+## 📋 Recommended Next Steps
+
+### For This PR (Immediate):
+1. ✅ **Unit tests** - DONE (files created above)
+2. ⏭️ **GPG signing** - Decide if required (check with team)
+3. ⏭️ **Batch optimizer** - Keep as preview with documentation
+
+### For Follow-up PR (Future):
+1. Complete batch optimizer implementation (Phases 1-5 above)
+2. Add integration tests
+3. Performance benchmarking
+4. Load testing for batch operations
+
+---
+
+## 🎯 Decision Matrix
+
+| Weakness | Current PR | Follow-up PR | Skip |
+|----------|-----------|--------------|------|
+| **Unit Tests** | ✅ DONE | | |
+| **GPG Signatures** | | ✅ If required | ✅ If not enforced |
+| **Batch Optimizer** | ✅ Keep preview | ✅ Complete impl | |
+
+---
+
+## 💡 Recommendation
+
+**For PR #925:**
+- ✅ Merge with unit tests added
+- ✅ Keep batch optimizer as documented preview
+- ⏭️ Address GPG only if repository policy requires it
+
+**Rationale:**
+- Fixes 5 critical production bugs (high priority)
+- Adds valuable monitoring capabilities
+- Batch optimizer provides real value in preview mode
+- Clean separation of concerns (bug fixes now, full features later)
+
+**Next PR Focus:**
+- Complete batch optimizer implementation
+- Add integration tests
+- Performance optimization
+
+---
+
+## 📝 Checklist Before Merge
+
+- [x] All unit tests created and passing
+- [x] Critical bugs fixed and tested
+- [x] Batch optimizer limitations documented
+- [x] API documentation complete
+- [ ] GPG signatures (if required by repo policy)
+- [x] Git history clean and professional
+- [x] No breaking changes
+- [x] Backward compatible
+
+---
+
+## 🔗 Related Files
+
+- **Unit Tests:** `tests/unit/rate-limit.test.ts`, `tests/unit/batch-optimizer.test.ts`, `tests/unit/wallet-nonce-atomic.test.ts`
+- **Documentation:** `docs/BATCH_OPTIMIZER.md`
+- **Implementation:** `src/server/routes/transaction/batch-optimizer.ts`
+- **This Plan:** `ADDRESSING_WEAKNESSES.md`