@ottochain/sdk 2.3.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/apps/contracts/index.js +15 -8
- package/dist/cjs/apps/contracts/state-machines/contract-agreement.js +35 -40
- package/dist/cjs/apps/contracts/state-machines/contract-escrow.js +80 -37
- package/dist/cjs/apps/contracts/state-machines/contract-universal.js +4 -4
- package/dist/cjs/apps/corporate/index.js +2 -2
- package/dist/cjs/apps/corporate/state-machines/corp-board.js +169 -59
- package/dist/cjs/apps/corporate/state-machines/corp-entity.js +245 -47
- package/dist/cjs/apps/corporate/state-machines/corp-securities.js +407 -99
- package/dist/cjs/apps/corporate/state-machines/corp-shareholders.js +151 -37
- package/dist/cjs/apps/governance/index.js +14 -14
- package/dist/cjs/apps/governance/state-machines/dao-multisig.js +58 -40
- package/dist/cjs/apps/governance/state-machines/dao-reputation.js +46 -40
- package/dist/cjs/apps/governance/state-machines/dao-single.js +28 -11
- package/dist/cjs/apps/governance/state-machines/dao-token.js +67 -41
- package/dist/cjs/apps/governance/state-machines/governance-simple.js +93 -61
- package/dist/cjs/apps/governance/state-machines/governance-universal.js +2 -2
- package/dist/cjs/apps/identity/constants.js +55 -14
- package/dist/cjs/apps/identity/index.js +27 -11
- package/dist/cjs/apps/identity/state-machines/identity-agent.js +3 -3
- package/dist/cjs/apps/identity/state-machines/identity-oracle.js +25 -22
- package/dist/cjs/apps/identity/state-machines/identity-registry.js +288 -0
- package/dist/cjs/apps/identity/state-machines/identity-universal.js +3 -3
- package/dist/cjs/apps/identity/state-machines/index.js +3 -1
- package/dist/cjs/apps/index.js +19 -8
- package/dist/cjs/apps/lending/assets.js +223 -0
- package/dist/cjs/apps/lending/credit-scoring.js +87 -0
- package/dist/cjs/apps/lending/eligibility.js +121 -0
- package/dist/cjs/apps/lending/index.js +91 -0
- package/dist/cjs/apps/lending/state-machines/index.js +9 -0
- package/dist/cjs/apps/lending/state-machines/lending-zk-loan.js +412 -0
- package/dist/cjs/apps/markets/index.js +21 -11
- package/dist/cjs/apps/markets/state-machines/market-auction.js +14 -13
- package/dist/cjs/apps/markets/state-machines/market-crowdfund.js +29 -24
- package/dist/cjs/apps/markets/state-machines/market-group-buy.js +24 -26
- package/dist/cjs/apps/markets/state-machines/market-prediction.js +80 -53
- package/dist/cjs/apps/markets/state-machines/market-universal.js +5 -5
- package/dist/cjs/apps/oracles/index.js +2 -2
- package/dist/cjs/errors.js +3 -3
- package/dist/cjs/generated/google/protobuf/struct.js +4 -4
- package/dist/cjs/generated/index.js +11 -7
- package/dist/cjs/generated/openapi.js +6 -0
- package/dist/cjs/generated/ottochain/apps/contracts/v1/contract.js +50 -50
- package/dist/cjs/generated/ottochain/apps/corporate/v1/corporate.js +19 -20
- package/dist/cjs/generated/ottochain/apps/governance/v1/governance.js +13 -13
- package/dist/cjs/generated/ottochain/apps/identity/v1/attestation.js +4 -4
- package/dist/cjs/generated/ottochain/apps/identity/v1/identity.js +124 -130
- package/dist/cjs/generated/ottochain/apps/markets/v1/market.js +107 -107
- package/dist/cjs/generated/ottochain/v1/common.js +4 -4
- package/dist/cjs/generated/ottochain/v1/fiber.js +4 -4
- package/dist/cjs/index.js +41 -7
- package/dist/cjs/openapi.js +2 -0
- package/dist/cjs/ottochain/drop-nulls.js +1 -2
- package/dist/cjs/ottochain/genesis-manifest.js +11 -11
- package/dist/cjs/ottochain/index.js +23 -13
- package/dist/cjs/ottochain/metagraph-client.js +65 -8
- package/dist/cjs/ottochain/snapshot.js +11 -12
- package/dist/cjs/ottochain/transaction.js +57 -14
- package/dist/cjs/ottochain/types.js +16 -2
- package/dist/cjs/privacy/index.js +14 -0
- package/dist/cjs/privacy/sealed-bid.js +210 -0
- package/dist/cjs/privacy/shield-app.js +131 -0
- package/dist/cjs/schema/effects.js +40 -0
- package/dist/cjs/schema/fiber-app.js +19 -13
- package/dist/cjs/schema/guard-lint.js +352 -0
- package/dist/cjs/schema/guards.js +246 -0
- package/dist/cjs/signing.js +80 -0
- package/dist/cjs/types.js +2 -3
- package/dist/cjs/validation.js +8 -8
- package/dist/cjs/verify.js +9 -4
- package/dist/cjs/zk/commit.js +53 -0
- package/dist/cjs/zk/guard.js +107 -0
- package/dist/cjs/zk/index.js +48 -0
- package/dist/cjs/zk/preimage.js +37 -0
- package/dist/cjs/zk/prover.js +87 -0
- package/dist/cjs/zk/registry.js +62 -0
- package/dist/cjs/zk/types.js +28 -0
- package/dist/cjs/zk/witness.js +19 -0
- package/dist/esm/apps/contracts/index.js +7 -3
- package/dist/esm/apps/contracts/state-machines/contract-agreement.js +35 -40
- package/dist/esm/apps/contracts/state-machines/contract-escrow.js +80 -37
- package/dist/esm/apps/contracts/state-machines/contract-universal.js +4 -4
- package/dist/esm/apps/corporate/state-machines/corp-board.js +169 -59
- package/dist/esm/apps/corporate/state-machines/corp-entity.js +245 -47
- package/dist/esm/apps/corporate/state-machines/corp-securities.js +407 -99
- package/dist/esm/apps/corporate/state-machines/corp-shareholders.js +151 -37
- package/dist/esm/apps/governance/state-machines/dao-multisig.js +58 -40
- package/dist/esm/apps/governance/state-machines/dao-reputation.js +46 -40
- package/dist/esm/apps/governance/state-machines/dao-single.js +28 -11
- package/dist/esm/apps/governance/state-machines/dao-token.js +67 -41
- package/dist/esm/apps/governance/state-machines/governance-simple.js +93 -61
- package/dist/esm/apps/governance/state-machines/governance-universal.js +2 -2
- package/dist/esm/apps/identity/constants.js +51 -12
- package/dist/esm/apps/identity/index.js +12 -7
- package/dist/esm/apps/identity/state-machines/identity-agent.js +3 -3
- package/dist/esm/apps/identity/state-machines/identity-oracle.js +25 -22
- package/dist/esm/apps/identity/state-machines/identity-registry.js +285 -0
- package/dist/esm/apps/identity/state-machines/identity-universal.js +3 -3
- package/dist/esm/apps/identity/state-machines/index.js +1 -0
- package/dist/esm/apps/index.js +1 -0
- package/dist/esm/apps/lending/assets.js +207 -0
- package/dist/esm/apps/lending/credit-scoring.js +81 -0
- package/dist/esm/apps/lending/eligibility.js +115 -0
- package/dist/esm/apps/lending/index.js +69 -0
- package/dist/esm/apps/lending/state-machines/index.js +5 -0
- package/dist/esm/apps/lending/state-machines/lending-zk-loan.js +409 -0
- package/dist/esm/apps/markets/index.js +8 -4
- package/dist/esm/apps/markets/state-machines/market-auction.js +14 -13
- package/dist/esm/apps/markets/state-machines/market-crowdfund.js +29 -24
- package/dist/esm/apps/markets/state-machines/market-group-buy.js +24 -26
- package/dist/esm/apps/markets/state-machines/market-prediction.js +80 -53
- package/dist/esm/apps/markets/state-machines/market-universal.js +5 -5
- package/dist/esm/generated/index.js +9 -5
- package/dist/esm/generated/openapi.js +5 -0
- package/dist/esm/generated/ottochain/apps/contracts/v1/contract.js +46 -46
- package/dist/esm/generated/ottochain/apps/identity/v1/identity.js +114 -120
- package/dist/esm/generated/ottochain/apps/markets/v1/market.js +100 -100
- package/dist/esm/index.js +21 -2
- package/dist/esm/openapi.js +1 -0
- package/dist/esm/ottochain/genesis-manifest.js +9 -9
- package/dist/esm/ottochain/index.js +2 -3
- package/dist/esm/ottochain/metagraph-client.js +65 -8
- package/dist/esm/ottochain/snapshot.js +4 -4
- package/dist/esm/ottochain/transaction.js +43 -3
- package/dist/esm/ottochain/types.js +15 -1
- package/dist/esm/privacy/index.js +6 -0
- package/dist/esm/privacy/sealed-bid.js +206 -0
- package/dist/esm/privacy/shield-app.js +127 -0
- package/dist/esm/schema/effects.js +35 -0
- package/dist/esm/schema/fiber-app.js +13 -6
- package/dist/esm/schema/guard-lint.js +346 -0
- package/dist/esm/schema/guards.js +229 -0
- package/dist/esm/signing.js +74 -0
- package/dist/esm/verify.js +8 -2
- package/dist/esm/zk/commit.js +44 -0
- package/dist/esm/zk/guard.js +99 -0
- package/dist/esm/zk/index.js +19 -0
- package/dist/esm/zk/preimage.js +30 -0
- package/dist/esm/zk/prover.js +82 -0
- package/dist/esm/zk/registry.js +55 -0
- package/dist/esm/zk/types.js +25 -0
- package/dist/esm/zk/witness.js +15 -0
- package/dist/types/apps/contracts/index.d.ts +69 -209
- package/dist/types/apps/contracts/state-machines/contract-agreement.d.ts +20 -95
- package/dist/types/apps/contracts/state-machines/contract-escrow.d.ts +46 -112
- package/dist/types/apps/corporate/index.d.ts +1040 -304
- package/dist/types/apps/corporate/state-machines/corp-board.d.ts +188 -52
- package/dist/types/apps/corporate/state-machines/corp-entity.d.ts +267 -62
- package/dist/types/apps/corporate/state-machines/corp-securities.d.ts +355 -131
- package/dist/types/apps/corporate/state-machines/corp-shareholders.d.ts +225 -53
- package/dist/types/apps/governance/index.d.ts +296 -398
- package/dist/types/apps/governance/state-machines/dao-multisig.d.ts +77 -92
- package/dist/types/apps/governance/state-machines/dao-reputation.d.ts +42 -66
- package/dist/types/apps/governance/state-machines/dao-single.d.ts +25 -47
- package/dist/types/apps/governance/state-machines/dao-token.d.ts +60 -49
- package/dist/types/apps/governance/state-machines/governance-simple.d.ts +87 -117
- package/dist/types/apps/governance/state-machines/governance-universal.d.ts +2 -2
- package/dist/types/apps/identity/constants.d.ts +32 -4
- package/dist/types/apps/identity/index.d.ts +378 -94
- package/dist/types/apps/identity/state-machines/identity-oracle.d.ts +16 -87
- package/dist/types/apps/identity/state-machines/identity-registry.d.ts +379 -0
- package/dist/types/apps/identity/state-machines/index.d.ts +1 -0
- package/dist/types/apps/index.d.ts +1 -0
- package/dist/types/apps/lending/assets.d.ts +258 -0
- package/dist/types/apps/lending/credit-scoring.d.ts +80 -0
- package/dist/types/apps/lending/eligibility.d.ts +83 -0
- package/dist/types/apps/lending/index.d.ts +548 -0
- package/dist/types/apps/lending/state-machines/index.d.ts +5 -0
- package/dist/types/apps/lending/state-machines/lending-zk-loan.d.ts +528 -0
- package/dist/types/apps/markets/index.d.ts +108 -203
- package/dist/types/apps/markets/state-machines/market-auction.d.ts +13 -37
- package/dist/types/apps/markets/state-machines/market-crowdfund.d.ts +16 -34
- package/dist/types/apps/markets/state-machines/market-group-buy.d.ts +17 -43
- package/dist/types/apps/markets/state-machines/market-prediction.d.ts +51 -72
- package/dist/types/apps/markets/state-machines/market-universal.d.ts +5 -5
- package/dist/types/generated/index.d.ts +5 -5
- package/dist/types/generated/openapi.d.ts +1257 -0
- package/dist/types/generated/ottochain/apps/contracts/v1/contract.d.ts +5 -5
- package/dist/types/generated/ottochain/apps/identity/v1/identity.d.ts +12 -12
- package/dist/types/generated/ottochain/apps/markets/v1/market.d.ts +11 -11
- package/dist/types/index.d.ts +6 -2
- package/dist/types/openapi.d.ts +22 -0
- package/dist/types/ottochain/genesis-manifest.d.ts +5 -5
- package/dist/types/ottochain/index.d.ts +5 -6
- package/dist/types/ottochain/metagraph-client.d.ts +49 -7
- package/dist/types/ottochain/snapshot.d.ts +6 -6
- package/dist/types/ottochain/transaction.d.ts +33 -1
- package/dist/types/ottochain/types.d.ts +335 -30
- package/dist/types/privacy/index.d.ts +6 -0
- package/dist/types/privacy/sealed-bid.d.ts +348 -0
- package/dist/types/privacy/shield-app.d.ts +48 -0
- package/dist/types/schema/effects.d.ts +34 -0
- package/dist/types/schema/fiber-app.d.ts +1 -2
- package/dist/types/schema/guard-lint.d.ts +111 -0
- package/dist/types/schema/guards.d.ts +134 -0
- package/dist/types/signing.d.ts +45 -0
- package/dist/types/validation.d.ts +22 -217
- package/dist/types/verify.d.ts +4 -0
- package/dist/types/zk/commit.d.ts +28 -0
- package/dist/types/zk/guard.d.ts +46 -0
- package/dist/types/zk/index.d.ts +19 -0
- package/dist/types/zk/preimage.d.ts +10 -0
- package/dist/types/zk/prover.d.ts +34 -0
- package/dist/types/zk/registry.d.ts +34 -0
- package/dist/types/zk/types.d.ts +33 -0
- package/dist/types/zk/witness.d.ts +40 -0
- package/package.json +27 -13
- package/dist/cjs/ottochain/normalize.js +0 -186
- package/dist/esm/ottochain/normalize.js +0 -179
- package/dist/types/ottochain/normalize.d.ts +0 -79
|
@@ -0,0 +1,348 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sealed-bid (Vickrey) auction — the worked example for the privacy stack.
|
|
3
|
+
*
|
|
4
|
+
* Two pieces (RFC §4):
|
|
5
|
+
* 1. `sealedBidAccountDef` — the PRIVATE per-bidder bid. `shieldApp` turns it into a shielded
|
|
6
|
+
* pool (`shieldedSealedBidDef`): a bidder commits a bid note and proves it well-formed with a
|
|
7
|
+
* zk-jlvm-shielded Groth16 proof, so the amount stays sealed *until the deadline*. This is the
|
|
8
|
+
* mechanical per-instance / single-owner case.
|
|
9
|
+
* 2. `vickreyAuctionDef` — the PUBLIC settlement (reveal-then-tally). After the deadline bidders
|
|
10
|
+
* open their notes; the combine computes winner = argmax and clearingPrice = second-highest
|
|
11
|
+
* (the Vickrey price). This is the one shared-state step, kept simple for v1; a zk settlement
|
|
12
|
+
* proof that seals losers' amounts forever is the deferred upgrade (RFC §10).
|
|
13
|
+
*/
|
|
14
|
+
import { type FiberAppDefinition } from "../schema/fiber-app.js";
|
|
15
|
+
import { type ShieldOptions } from "./shield-app.js";
|
|
16
|
+
/** The per-bidder PRIVATE state: a bid note `{ amount, bidder, nonce }`. */
|
|
17
|
+
export declare const sealedBidAccountDef: {
|
|
18
|
+
readonly metadata: {
|
|
19
|
+
readonly name: "SealedBidAccount";
|
|
20
|
+
readonly app: "markets";
|
|
21
|
+
readonly type: "sealed-bid-account";
|
|
22
|
+
readonly version: "1.0.0";
|
|
23
|
+
readonly description: "A single bidder's sealed bid (private amount). Shielded via shieldApp.";
|
|
24
|
+
};
|
|
25
|
+
readonly stateSchema: {
|
|
26
|
+
readonly properties: {
|
|
27
|
+
readonly amount: {
|
|
28
|
+
readonly type: "number";
|
|
29
|
+
readonly description: "the (private) bid amount";
|
|
30
|
+
};
|
|
31
|
+
readonly bidder: {
|
|
32
|
+
readonly type: "address";
|
|
33
|
+
};
|
|
34
|
+
readonly nonce: {
|
|
35
|
+
readonly type: "number";
|
|
36
|
+
readonly description: "per-note randomness; keeps the commitment hiding";
|
|
37
|
+
};
|
|
38
|
+
};
|
|
39
|
+
};
|
|
40
|
+
readonly eventSchemas: {
|
|
41
|
+
readonly place_bid: {
|
|
42
|
+
readonly description: "Set the sealed bid amount";
|
|
43
|
+
readonly required: readonly ["amount"];
|
|
44
|
+
readonly properties: {
|
|
45
|
+
readonly amount: {
|
|
46
|
+
readonly type: "number";
|
|
47
|
+
readonly minimum: 1;
|
|
48
|
+
};
|
|
49
|
+
};
|
|
50
|
+
};
|
|
51
|
+
};
|
|
52
|
+
readonly states: {
|
|
53
|
+
readonly OPEN: {
|
|
54
|
+
readonly id: "OPEN";
|
|
55
|
+
readonly isFinal: false;
|
|
56
|
+
readonly metadata: {
|
|
57
|
+
readonly label: "Open";
|
|
58
|
+
readonly description: "No bid yet";
|
|
59
|
+
readonly category: "initial";
|
|
60
|
+
};
|
|
61
|
+
};
|
|
62
|
+
readonly BID: {
|
|
63
|
+
readonly id: "BID";
|
|
64
|
+
readonly isFinal: false;
|
|
65
|
+
readonly metadata: {
|
|
66
|
+
readonly label: "Bid";
|
|
67
|
+
readonly description: "Bid committed";
|
|
68
|
+
readonly category: "active";
|
|
69
|
+
};
|
|
70
|
+
};
|
|
71
|
+
};
|
|
72
|
+
readonly initialState: "OPEN";
|
|
73
|
+
readonly transitions: readonly [{
|
|
74
|
+
readonly from: "OPEN";
|
|
75
|
+
readonly to: "BID";
|
|
76
|
+
readonly eventName: "place_bid";
|
|
77
|
+
readonly guard: {
|
|
78
|
+
readonly ">": readonly [{
|
|
79
|
+
readonly var: "event.amount";
|
|
80
|
+
}, 0];
|
|
81
|
+
};
|
|
82
|
+
readonly effect: {
|
|
83
|
+
readonly merge: readonly [{
|
|
84
|
+
readonly var: "state";
|
|
85
|
+
}, {
|
|
86
|
+
readonly amount: {
|
|
87
|
+
readonly var: "event.amount";
|
|
88
|
+
};
|
|
89
|
+
}];
|
|
90
|
+
};
|
|
91
|
+
readonly dependencies: readonly [];
|
|
92
|
+
}];
|
|
93
|
+
};
|
|
94
|
+
/**
|
|
95
|
+
* The shielded sealed-bid pool. `vkey`/`exprHash` come from the built zk-jlvm-shielded circuit
|
|
96
|
+
* (these are placeholders until the circuit's program vkey + the keccak of the `place_bid` effect
|
|
97
|
+
* are wired in by the genesis/build step).
|
|
98
|
+
*/
|
|
99
|
+
export declare function shieldedSealedBidDef(opts: ShieldOptions): FiberAppDefinition;
|
|
100
|
+
/**
|
|
101
|
+
* Public reveal-then-tally settlement. `reveal` appends an opened bid (in a full build the opening
|
|
102
|
+
* is checked against the recorded commitment in the shielded pool); `settle` computes the winner
|
|
103
|
+
* and the Vickrey (second-price) clearing price over the revealed bids in one reduce.
|
|
104
|
+
*/
|
|
105
|
+
export declare const vickreyAuctionDef: {
|
|
106
|
+
readonly metadata: {
|
|
107
|
+
readonly name: "VickreyAuction";
|
|
108
|
+
readonly app: "markets";
|
|
109
|
+
readonly type: "vickrey-auction";
|
|
110
|
+
readonly version: "1.0.0";
|
|
111
|
+
readonly description: "Sealed-bid second-price auction: public reveal-then-tally over shielded bids.";
|
|
112
|
+
readonly crossReferences: {
|
|
113
|
+
readonly bidPool: "the ShieldedSealedBidAccount pool holding the sealed bids";
|
|
114
|
+
};
|
|
115
|
+
};
|
|
116
|
+
readonly createSchema: {
|
|
117
|
+
readonly required: readonly ["seller", "deadline"];
|
|
118
|
+
readonly properties: {
|
|
119
|
+
readonly seller: {
|
|
120
|
+
readonly type: "address";
|
|
121
|
+
readonly immutable: true;
|
|
122
|
+
};
|
|
123
|
+
readonly deadline: {
|
|
124
|
+
readonly type: "timestamp";
|
|
125
|
+
readonly immutable: true;
|
|
126
|
+
};
|
|
127
|
+
};
|
|
128
|
+
};
|
|
129
|
+
readonly stateSchema: {
|
|
130
|
+
readonly properties: {
|
|
131
|
+
readonly seller: {
|
|
132
|
+
readonly type: "address";
|
|
133
|
+
readonly immutable: true;
|
|
134
|
+
};
|
|
135
|
+
readonly deadline: {
|
|
136
|
+
readonly type: "timestamp";
|
|
137
|
+
readonly immutable: true;
|
|
138
|
+
};
|
|
139
|
+
readonly status: {
|
|
140
|
+
readonly type: "string";
|
|
141
|
+
readonly computed: true;
|
|
142
|
+
};
|
|
143
|
+
readonly revealed: {
|
|
144
|
+
readonly type: "array";
|
|
145
|
+
readonly computed: true;
|
|
146
|
+
readonly description: "opened bids [{bidder, amount}]";
|
|
147
|
+
};
|
|
148
|
+
readonly winner: {
|
|
149
|
+
readonly type: "address";
|
|
150
|
+
readonly computed: true;
|
|
151
|
+
};
|
|
152
|
+
readonly clearingPrice: {
|
|
153
|
+
readonly type: "number";
|
|
154
|
+
readonly computed: true;
|
|
155
|
+
readonly description: "second-highest bid (Vickrey)";
|
|
156
|
+
};
|
|
157
|
+
};
|
|
158
|
+
};
|
|
159
|
+
readonly eventSchemas: {
|
|
160
|
+
readonly reveal: {
|
|
161
|
+
readonly description: "Open a sealed bid after the deadline";
|
|
162
|
+
readonly required: readonly ["bidder", "amount"];
|
|
163
|
+
readonly properties: {
|
|
164
|
+
readonly bidder: {
|
|
165
|
+
readonly type: "address";
|
|
166
|
+
};
|
|
167
|
+
readonly amount: {
|
|
168
|
+
readonly type: "number";
|
|
169
|
+
readonly minimum: 1;
|
|
170
|
+
};
|
|
171
|
+
};
|
|
172
|
+
};
|
|
173
|
+
readonly settle: {
|
|
174
|
+
readonly description: "Tally the revealed bids (winner + second price)";
|
|
175
|
+
};
|
|
176
|
+
};
|
|
177
|
+
readonly states: {
|
|
178
|
+
readonly OPEN: {
|
|
179
|
+
readonly id: "OPEN";
|
|
180
|
+
readonly isFinal: false;
|
|
181
|
+
readonly metadata: {
|
|
182
|
+
readonly label: "Open";
|
|
183
|
+
readonly description: "Bidding (sealed)";
|
|
184
|
+
readonly category: "initial";
|
|
185
|
+
};
|
|
186
|
+
};
|
|
187
|
+
readonly REVEAL: {
|
|
188
|
+
readonly id: "REVEAL";
|
|
189
|
+
readonly isFinal: false;
|
|
190
|
+
readonly metadata: {
|
|
191
|
+
readonly label: "Reveal";
|
|
192
|
+
readonly description: "Opening bids";
|
|
193
|
+
readonly category: "active";
|
|
194
|
+
};
|
|
195
|
+
};
|
|
196
|
+
readonly SETTLED: {
|
|
197
|
+
readonly id: "SETTLED";
|
|
198
|
+
readonly isFinal: true;
|
|
199
|
+
readonly metadata: {
|
|
200
|
+
readonly label: "Settled";
|
|
201
|
+
readonly description: "Winner + price set";
|
|
202
|
+
readonly category: "terminal";
|
|
203
|
+
};
|
|
204
|
+
};
|
|
205
|
+
};
|
|
206
|
+
readonly initialState: "OPEN";
|
|
207
|
+
readonly transitions: readonly [{
|
|
208
|
+
readonly from: "OPEN";
|
|
209
|
+
readonly to: "REVEAL";
|
|
210
|
+
readonly eventName: "reveal";
|
|
211
|
+
readonly guard: {
|
|
212
|
+
readonly ">=": readonly [{
|
|
213
|
+
readonly var: "$timestamp";
|
|
214
|
+
}, {
|
|
215
|
+
readonly var: "state.deadline";
|
|
216
|
+
}];
|
|
217
|
+
};
|
|
218
|
+
readonly effect: {
|
|
219
|
+
readonly merge: readonly [{
|
|
220
|
+
readonly var: "state";
|
|
221
|
+
}, {
|
|
222
|
+
readonly status: "REVEAL";
|
|
223
|
+
readonly revealed: {
|
|
224
|
+
readonly cat: readonly [{
|
|
225
|
+
readonly var: "state.revealed";
|
|
226
|
+
}, readonly [{
|
|
227
|
+
readonly bidder: {
|
|
228
|
+
readonly var: "event.bidder";
|
|
229
|
+
};
|
|
230
|
+
readonly amount: {
|
|
231
|
+
readonly var: "event.amount";
|
|
232
|
+
};
|
|
233
|
+
}]];
|
|
234
|
+
};
|
|
235
|
+
}];
|
|
236
|
+
};
|
|
237
|
+
readonly dependencies: readonly [];
|
|
238
|
+
}, {
|
|
239
|
+
readonly from: "REVEAL";
|
|
240
|
+
readonly to: "REVEAL";
|
|
241
|
+
readonly eventName: "reveal";
|
|
242
|
+
readonly guard: {
|
|
243
|
+
readonly ">=": readonly [{
|
|
244
|
+
readonly var: "$timestamp";
|
|
245
|
+
}, {
|
|
246
|
+
readonly var: "state.deadline";
|
|
247
|
+
}];
|
|
248
|
+
};
|
|
249
|
+
readonly effect: {
|
|
250
|
+
readonly merge: readonly [{
|
|
251
|
+
readonly var: "state";
|
|
252
|
+
}, {
|
|
253
|
+
readonly revealed: {
|
|
254
|
+
readonly cat: readonly [{
|
|
255
|
+
readonly var: "state.revealed";
|
|
256
|
+
}, readonly [{
|
|
257
|
+
readonly bidder: {
|
|
258
|
+
readonly var: "event.bidder";
|
|
259
|
+
};
|
|
260
|
+
readonly amount: {
|
|
261
|
+
readonly var: "event.amount";
|
|
262
|
+
};
|
|
263
|
+
}]];
|
|
264
|
+
};
|
|
265
|
+
}];
|
|
266
|
+
};
|
|
267
|
+
readonly dependencies: readonly [];
|
|
268
|
+
}, {
|
|
269
|
+
readonly from: "REVEAL";
|
|
270
|
+
readonly to: "SETTLED";
|
|
271
|
+
readonly eventName: "settle";
|
|
272
|
+
readonly guard: {
|
|
273
|
+
readonly ">": readonly [{
|
|
274
|
+
readonly reduce: readonly [{
|
|
275
|
+
readonly var: "state.revealed";
|
|
276
|
+
}, {
|
|
277
|
+
readonly "+": readonly [{
|
|
278
|
+
readonly var: "accumulator";
|
|
279
|
+
}, 1];
|
|
280
|
+
}, 0];
|
|
281
|
+
}, 0];
|
|
282
|
+
};
|
|
283
|
+
readonly effect: {
|
|
284
|
+
readonly merge: readonly [{
|
|
285
|
+
readonly var: "state";
|
|
286
|
+
}, {
|
|
287
|
+
readonly status: "SETTLED";
|
|
288
|
+
readonly settledAt: {
|
|
289
|
+
readonly var: "$timestamp";
|
|
290
|
+
};
|
|
291
|
+
readonly winner: {
|
|
292
|
+
readonly var: readonly ["tally.winner", null];
|
|
293
|
+
};
|
|
294
|
+
readonly clearingPrice: {
|
|
295
|
+
readonly var: readonly ["tally.second", 0];
|
|
296
|
+
};
|
|
297
|
+
readonly tally: {
|
|
298
|
+
readonly reduce: readonly [{
|
|
299
|
+
readonly var: "state.revealed";
|
|
300
|
+
}, {
|
|
301
|
+
readonly if: readonly [{
|
|
302
|
+
readonly ">": readonly [{
|
|
303
|
+
readonly var: "current.amount";
|
|
304
|
+
}, {
|
|
305
|
+
readonly var: "accumulator.max";
|
|
306
|
+
}];
|
|
307
|
+
}, {
|
|
308
|
+
readonly max: {
|
|
309
|
+
readonly var: "current.amount";
|
|
310
|
+
};
|
|
311
|
+
readonly second: {
|
|
312
|
+
readonly var: "accumulator.max";
|
|
313
|
+
};
|
|
314
|
+
readonly winner: {
|
|
315
|
+
readonly var: "current.bidder";
|
|
316
|
+
};
|
|
317
|
+
}, {
|
|
318
|
+
readonly if: readonly [{
|
|
319
|
+
readonly ">": readonly [{
|
|
320
|
+
readonly var: "current.amount";
|
|
321
|
+
}, {
|
|
322
|
+
readonly var: "accumulator.second";
|
|
323
|
+
}];
|
|
324
|
+
}, {
|
|
325
|
+
readonly max: {
|
|
326
|
+
readonly var: "accumulator.max";
|
|
327
|
+
};
|
|
328
|
+
readonly second: {
|
|
329
|
+
readonly var: "current.amount";
|
|
330
|
+
};
|
|
331
|
+
readonly winner: {
|
|
332
|
+
readonly var: "accumulator.winner";
|
|
333
|
+
};
|
|
334
|
+
}, {
|
|
335
|
+
readonly var: "accumulator";
|
|
336
|
+
}];
|
|
337
|
+
}];
|
|
338
|
+
}, {
|
|
339
|
+
readonly max: 0;
|
|
340
|
+
readonly second: 0;
|
|
341
|
+
readonly winner: null;
|
|
342
|
+
}];
|
|
343
|
+
};
|
|
344
|
+
}];
|
|
345
|
+
};
|
|
346
|
+
readonly dependencies: readonly [];
|
|
347
|
+
}];
|
|
348
|
+
};
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* shieldApp — turn a fiber app into a PRIVATE-state pool.
|
|
3
|
+
*
|
|
4
|
+
* Given a base {@link FiberAppDefinition} (the app whose state + transition you want to keep
|
|
5
|
+
* private), `shieldApp` returns a new `FiberAppDefinition` for a "shielded pool" Machine fiber.
|
|
6
|
+
* The pool's state is PUBLIC scaffolding only — the spent-nullifier set, the commitment log, and
|
|
7
|
+
* the set of valid anchors — while the app's real state lives off-chain in a note committed to
|
|
8
|
+
* the tree. Each app transition is carried out off-chain and attested by a single
|
|
9
|
+
* `zk-jlvm-shielded` Groth16 proof; the on-chain combine just verifies the proof, rejects an
|
|
10
|
+
* already-spent nullifier, and records the new commitment.
|
|
11
|
+
*
|
|
12
|
+
* Division of labour (see ottochain-sdk RFC docs/design/zk-private-contract-state-rfc.md):
|
|
13
|
+
* - the CIRCUIT proves membership ∧ authorization ∧ `jlvm-core` effect ∧ new commitment;
|
|
14
|
+
* - this GUARD (combine) verifies the proof, pins which app logic ran (`exprHash`), checks the
|
|
15
|
+
* anchor is recent, and checks the nullifier is fresh — all combiner-only (CLAUDE.md);
|
|
16
|
+
* - block-validity stays structural (proof / publicValues present + hex).
|
|
17
|
+
*
|
|
18
|
+
* It uses NO new metakit opcode: `groth16_verify` verifies the proof, and the four-`bytes32`
|
|
19
|
+
* public values (`anchor`, `nullifier`, `newCommitment`, `exprHash`) are extracted from the
|
|
20
|
+
* VERIFIED `publicValues` string with fixed-offset `substr` — slicing the verified bytes IS the
|
|
21
|
+
* binding (§8.1).
|
|
22
|
+
*
|
|
23
|
+
* NOTE on cost: the note model rehashes the whole state each transition, so proving cost is
|
|
24
|
+
* O(state size) (RFC §8). Keep shielded note state small (a few KB); for large keyed state use
|
|
25
|
+
* the auth-DB variant (RFC §3.1.1).
|
|
26
|
+
*/
|
|
27
|
+
import { type FiberAppDefinition, type SchemaField } from "../schema/fiber-app.js";
|
|
28
|
+
export interface ShieldOptions {
|
|
29
|
+
/** SP1 program vkey for the zk-jlvm-shielded circuit (0x-prefixed bytes32 hex). Pinned at creation. */
|
|
30
|
+
vkey: string;
|
|
31
|
+
/**
|
|
32
|
+
* `keccak256(effectExpr)` the circuit commits — pins WHICH app logic the accepted proofs ran.
|
|
33
|
+
* Compute it from the base app's transition effect; one pinned effect per pool (the per-event /
|
|
34
|
+
* multi-effect generalization is RFC §10 open question 1).
|
|
35
|
+
*/
|
|
36
|
+
exprHash: string;
|
|
37
|
+
/** How many recent anchors stay spendable (rolling window). Default 64. */
|
|
38
|
+
rootWindow?: number;
|
|
39
|
+
}
|
|
40
|
+
/** Standard public state every shielded pool carries (the rest of the app state is private/off-chain). */
|
|
41
|
+
export declare const SHIELDED_POOL_STATE: Record<string, SchemaField>;
|
|
42
|
+
/**
|
|
43
|
+
* Build the shielded-pool variant of `base`.
|
|
44
|
+
*
|
|
45
|
+
* @param base the app being shielded (used for naming + to document the pinned logic).
|
|
46
|
+
* @param opts the circuit vkey + the pinned `exprHash` + the anchor window.
|
|
47
|
+
*/
|
|
48
|
+
export declare function shieldApp(base: FiberAppDefinition, opts: ShieldOptions): FiberAppDefinition;
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Builders for the fiber-engine reserved EFFECT directives — the `_`-prefixed keys the chain extracts
|
|
3
|
+
* from an evaluated effect result and applies as side effects (then strips from the merged state).
|
|
4
|
+
*
|
|
5
|
+
* Place the returned fragment INSIDE the state-update map of a `merge` effect, so the directive rides in
|
|
6
|
+
* the evaluated result map (EffectExtractor reads it; StateMerger drops `_`-prefixed keys from state):
|
|
7
|
+
*
|
|
8
|
+
* ```ts
|
|
9
|
+
* effect: {
|
|
10
|
+
* merge: [
|
|
11
|
+
* { var: "state" },
|
|
12
|
+
* { boundAt: { var: "$ordinal" }, ...addDependency({ var: "event.registryId" }) },
|
|
13
|
+
* ],
|
|
14
|
+
* }
|
|
15
|
+
* ```
|
|
16
|
+
*/
|
|
17
|
+
/** A JSON-Logic value: a literal (string/number/bool) or a `{var}`/operator expression. */
|
|
18
|
+
type JsonLogicValue = unknown;
|
|
19
|
+
/**
|
|
20
|
+
* `_addDependency` (#24): add — or re-activate — a runtime DYNAMIC dependency on `fiberId`, so that
|
|
21
|
+
* fiber's state appears in `machines.<fiberId>` for SUBSEQUENT transitions of this fiber. `fiberId` may
|
|
22
|
+
* be a literal UUID string or an expression (e.g. `{ var: "event.registryId" }`, `{ var: "state.registryId" }`).
|
|
23
|
+
* The ledger is append-only, idempotent (one entry per fiber), and engine-bounded (active + ledger caps).
|
|
24
|
+
* Because the `machines` context is built BEFORE the effect runs, the bound dependency is readable only
|
|
25
|
+
* from the NEXT transition onward (two-phase: bind, then read).
|
|
26
|
+
*/
|
|
27
|
+
export declare const addDependency: (fiberId: JsonLogicValue) => Record<string, unknown>;
|
|
28
|
+
/**
|
|
29
|
+
* `_setDependencyActive` (#24): toggle a dynamic dependency's `active` flag. The entry is NEVER removed —
|
|
30
|
+
* deactivation simply drops it from the `machines` context (and it can be cheaply re-activated). `fiberId`
|
|
31
|
+
* may be a literal or an expression.
|
|
32
|
+
*/
|
|
33
|
+
export declare const setDependencyActive: (fiberId: JsonLogicValue, active: boolean) => Record<string, unknown>;
|
|
34
|
+
export {};
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Regression-prevention lint for OttoChain std-app fiber definitions.
|
|
3
|
+
*
|
|
4
|
+
* Purpose
|
|
5
|
+
* -------
|
|
6
|
+
* Catch — at *authoring* time — the classes of SDK↔chain drift that the chain
|
|
7
|
+
* accepts structurally but then silently mis-parses, drops, or evaluates to a
|
|
8
|
+
* dead (always-true / always-false / always-throw) guard. Without this lint
|
|
9
|
+
* those mistakes ship as live, exploitable holes or as silent data corruption
|
|
10
|
+
* because nothing in `defineFiberApp` / `toProtoDefinition` rejects them.
|
|
11
|
+
*
|
|
12
|
+
* The drift classes (cross-referenced to docs/reviews/fiber-app-alignment-audit-2026-06.md):
|
|
13
|
+
*
|
|
14
|
+
* A1 — `$timestamp` (and any non-injected `$`-key). `ReservedKeys` injects ONLY
|
|
15
|
+
* `$ordinal`, `$lastSnapshotHash`, `$epochProgress`. `{"var":"$timestamp"}`
|
|
16
|
+
* resolves to null → `0` in numeric contexts → deadline guards die silently.
|
|
17
|
+
*
|
|
18
|
+
* A2 — Nonexistent JLVM opcodes used as operator tags: `size`, `getKey`,
|
|
19
|
+
* `setKey`, `deleteKey`. metakit decodes an unknown single-key object as a
|
|
20
|
+
* LITERAL Map, not an operator, so the guard is always-true/false and the
|
|
21
|
+
* effect writes a junk key. (Canonical good set: `KNOWN_OPERATORS`.)
|
|
22
|
+
*
|
|
23
|
+
* A3 — SDK directives the chain's `toProtoDefinition` silently drops:
|
|
24
|
+
* transition-level `emits` / `spawns`, and object-form `dependencies`
|
|
25
|
+
* entries `{machine,instanceRef,requiredState}` (chain parses `Set[UUID]`).
|
|
26
|
+
* Authors believe these gate/emit; on-chain they evaporate.
|
|
27
|
+
*
|
|
28
|
+
* per-context — `{"var":"witness.*"}` in a fiber TRANSITION. `witness` is only
|
|
29
|
+
* injected in ASSET-guard contexts; a transition gets `event` (the proof
|
|
30
|
+
* rides under `event.witness.*`). Reading `witness.*` resolves to null →
|
|
31
|
+
* fail-closed (zk gate un-passable) or silently bypassed.
|
|
32
|
+
*
|
|
33
|
+
* leading-dot — `{"var":".foo"}` resolves to null on chain.
|
|
34
|
+
*
|
|
35
|
+
* This is a STANDALONE validator. It is deliberately NOT wired into
|
|
36
|
+
* `defineFiberApp` / `toProtoDefinition`: doing so would break the build until
|
|
37
|
+
* every app is remediated. Run it via `scripts/lint-apps.mjs`.
|
|
38
|
+
*/
|
|
39
|
+
import type { FiberAppDefinition } from './fiber-app.js';
|
|
40
|
+
export type LintSeverity = 'error' | 'warn';
|
|
41
|
+
export interface LintViolation {
|
|
42
|
+
/** App identifier (`metadata.app/metadata.type` or `metadata.name`), when known. */
|
|
43
|
+
app?: string;
|
|
44
|
+
/** `eventName` (or `from→to`) of the offending transition, when applicable. */
|
|
45
|
+
transition?: string;
|
|
46
|
+
severity: LintSeverity;
|
|
47
|
+
/** Stable machine-readable rule code (see {@link LINT_CODES}). */
|
|
48
|
+
code: string;
|
|
49
|
+
/** Human-readable explanation including the correct alternative. */
|
|
50
|
+
message: string;
|
|
51
|
+
/** JSON-ish path to the offending node, e.g. `transitions[3].guard.or[0].var`. */
|
|
52
|
+
path: string;
|
|
53
|
+
}
|
|
54
|
+
/** Stable rule codes — referenced by tests and by report tooling. */
|
|
55
|
+
export declare const LINT_CODES: {
|
|
56
|
+
readonly UNKNOWN_RESERVED_VAR: "unknown-reserved-var";
|
|
57
|
+
readonly UNKNOWN_OPERATOR: "unknown-operator";
|
|
58
|
+
readonly WITNESS_IN_TRANSITION: "witness-in-transition";
|
|
59
|
+
readonly DROPPED_DIRECTIVE: "dropped-directive";
|
|
60
|
+
readonly LEADING_DOT_VAR: "leading-dot-var";
|
|
61
|
+
};
|
|
62
|
+
/**
|
|
63
|
+
* The ONLY `$`-prefixed keys the engine injects (`ReservedKeys`). Anything else
|
|
64
|
+
* (`$timestamp`, `$now`, ...) resolves to null on chain.
|
|
65
|
+
*/
|
|
66
|
+
export declare const INJECTED_RESERVED_VARS: ReadonlySet<string>;
|
|
67
|
+
/**
|
|
68
|
+
* Tags that LOOK like opcodes and appear in real definitions but are NOT valid
|
|
69
|
+
* JLVM operators — metakit mis-decodes each as a literal Map. These are always
|
|
70
|
+
* flagged as errors regardless of position (they are not plausible data fields).
|
|
71
|
+
* Mapped to the correct replacement opcode for the message.
|
|
72
|
+
*/
|
|
73
|
+
export declare const KNOWN_BAD_OPERATORS: ReadonlyMap<string, string>;
|
|
74
|
+
interface WalkContext {
|
|
75
|
+
app?: string;
|
|
76
|
+
transition?: string;
|
|
77
|
+
/**
|
|
78
|
+
* When true, this transition expression runs in a context where `witness` is
|
|
79
|
+
* NOT injected (a fiber transition guard/effect). Reading `witness.*` here is
|
|
80
|
+
* a bug (rule 3). Asset-guard contexts would set this false (not walked here).
|
|
81
|
+
*/
|
|
82
|
+
flagWitness: boolean;
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Recursively lint a single JSON-Logic expression (a guard or an effect, or any
|
|
86
|
+
* sub-node). Walks every nested operand. Pushes a {@link LintViolation} for each
|
|
87
|
+
* rule-1 / rule-2 / rule-3 / rule-5 hit found at or below `node`.
|
|
88
|
+
*
|
|
89
|
+
* `inDataLiteral` tracks whether `node` sits in a position the evaluator treats
|
|
90
|
+
* as DATA rather than as an expression to evaluate (e.g. the 2nd operand of
|
|
91
|
+
* `merge`/`cat`, or a value nested inside such an operand). In a data-literal
|
|
92
|
+
* position an unknown single-key object is a legitimate field map, so the
|
|
93
|
+
* *generic* unknown-operator warning is suppressed there — but `$`-var keys,
|
|
94
|
+
* leading-dot vars, witness reads, and the known-BAD opcode tags are still
|
|
95
|
+
* flagged (those are bugs wherever they appear).
|
|
96
|
+
*/
|
|
97
|
+
export declare function lintGuardExpression(node: unknown, ctx: WalkContext, path: string, inDataLiteral?: boolean): LintViolation[];
|
|
98
|
+
/**
|
|
99
|
+
* Lint a complete fiber app definition. Walks every transition guard + effect
|
|
100
|
+
* (rules 1/2/3/5) and every transition's structural directives (rule 4), plus a
|
|
101
|
+
* light pass over `states` to catch stray reserved-key / operator drift embedded
|
|
102
|
+
* in state metadata. Returns ALL violations (errors and warnings); callers
|
|
103
|
+
* decide the exit policy (e.g. fail on any `error`).
|
|
104
|
+
*/
|
|
105
|
+
export declare function lintFiberApp(def: FiberAppDefinition): LintViolation[];
|
|
106
|
+
/**
|
|
107
|
+
* Convenience: lint many apps at once, returning a flat list. Each app's
|
|
108
|
+
* violations already carry its `app` label.
|
|
109
|
+
*/
|
|
110
|
+
export declare function lintFiberApps(defs: readonly FiberAppDefinition[]): LintViolation[];
|
|
111
|
+
export {};
|