@ottochain/sdk 2.3.0 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/apps/compute/index.js +33 -0
- package/dist/cjs/apps/compute/state-machines/compute-rule110.js +164 -0
- package/dist/cjs/apps/compute/state-machines/index.js +9 -0
- package/dist/cjs/apps/contracts/index.js +16 -9
- package/dist/cjs/apps/contracts/state-machines/contract-agreement.js +134 -161
- package/dist/cjs/apps/contracts/state-machines/contract-escrow.js +192 -170
- package/dist/cjs/apps/contracts/state-machines/contract-universal.js +46 -58
- package/dist/cjs/apps/corporate/index.js +2 -2
- package/dist/cjs/apps/corporate/state-machines/corp-board.js +500 -456
- package/dist/cjs/apps/corporate/state-machines/corp-entity.js +487 -361
- package/dist/cjs/apps/corporate/state-machines/corp-securities.js +769 -576
- package/dist/cjs/apps/corporate/state-machines/corp-shareholders.js +567 -557
- package/dist/cjs/apps/governance/index.js +21 -21
- package/dist/cjs/apps/governance/state-machines/dao-multisig.js +188 -209
- package/dist/cjs/apps/governance/state-machines/dao-reputation.js +181 -228
- package/dist/cjs/apps/governance/state-machines/dao-single.js +105 -88
- package/dist/cjs/apps/governance/state-machines/dao-token.js +199 -227
- package/dist/cjs/apps/governance/state-machines/governance-simple.js +231 -231
- package/dist/cjs/apps/governance/state-machines/governance-universal.js +64 -64
- package/dist/cjs/apps/identity/constants.js +55 -22
- package/dist/cjs/apps/identity/index.js +28 -12
- package/dist/cjs/apps/identity/state-machines/identity-agent.js +124 -158
- package/dist/cjs/apps/identity/state-machines/identity-oracle.js +158 -173
- package/dist/cjs/apps/identity/state-machines/identity-registry.js +262 -0
- package/dist/cjs/apps/identity/state-machines/identity-universal.js +51 -57
- package/dist/cjs/apps/identity/state-machines/index.js +3 -1
- package/dist/cjs/apps/index.js +22 -8
- package/dist/cjs/apps/lending/assets.js +247 -0
- package/dist/cjs/apps/lending/credit-scoring.js +87 -0
- package/dist/cjs/apps/lending/eligibility.js +105 -0
- package/dist/cjs/apps/lending/index.js +91 -0
- package/dist/cjs/apps/lending/state-machines/index.js +9 -0
- package/dist/cjs/apps/lending/state-machines/lending-zk-loan.js +433 -0
- package/dist/cjs/apps/markets/index.js +22 -12
- package/dist/cjs/apps/markets/state-machines/market-auction.js +116 -134
- package/dist/cjs/apps/markets/state-machines/market-crowdfund.js +131 -141
- package/dist/cjs/apps/markets/state-machines/market-group-buy.js +163 -184
- package/dist/cjs/apps/markets/state-machines/market-prediction.js +226 -233
- package/dist/cjs/apps/markets/state-machines/market-universal.js +65 -80
- package/dist/cjs/apps/oracles/index.js +3 -3
- package/dist/cjs/apps/privacy/index.js +67 -0
- package/dist/cjs/apps/privacy/state-machines/index.js +17 -0
- package/dist/cjs/apps/privacy/state-machines/mixer-ddhRing.js +286 -0
- package/dist/cjs/apps/privacy/state-machines/note-pool.js +476 -0
- package/dist/cjs/apps/staked-pool/assets.js +103 -0
- package/dist/cjs/apps/staked-pool/base.js +498 -0
- package/dist/cjs/apps/staked-pool/consumer.js +55 -0
- package/dist/cjs/apps/staked-pool/index.js +83 -0
- package/dist/cjs/apps/staked-pool/state-machines/index.js +12 -0
- package/dist/cjs/apps/staked-pool/state-machines/staked-pool-base.js +49 -0
- package/dist/cjs/apps/staked-pool/state-machines/staked-pool-oracle.js +131 -0
- package/dist/cjs/errors.js +3 -3
- package/dist/cjs/generated/google/protobuf/struct.js +5 -5
- package/dist/cjs/generated/google/protobuf/timestamp.js +1 -1
- package/dist/cjs/generated/index.js +11 -7
- package/dist/cjs/generated/openapi.js +6 -0
- package/dist/cjs/generated/ottochain/apps/contracts/v1/contract.js +51 -51
- package/dist/cjs/generated/ottochain/apps/corporate/v1/corporate.js +20 -21
- package/dist/cjs/generated/ottochain/apps/governance/v1/governance.js +14 -14
- package/dist/cjs/generated/ottochain/apps/identity/v1/attestation.js +5 -5
- package/dist/cjs/generated/ottochain/apps/identity/v1/identity.js +125 -131
- package/dist/cjs/generated/ottochain/apps/markets/v1/market.js +108 -108
- package/dist/cjs/generated/ottochain/v1/common.js +5 -5
- package/dist/cjs/generated/ottochain/v1/fiber.js +44 -6
- package/dist/cjs/generated/ottochain/v1/messages.js +1 -1
- package/dist/cjs/generated/ottochain/v1/records.js +1 -1
- package/dist/cjs/index.js +58 -7
- package/dist/cjs/openapi.js +2 -0
- package/dist/cjs/ottochain/drop-nulls.js +1 -2
- package/dist/cjs/ottochain/genesis-manifest.js +17 -11
- package/dist/cjs/ottochain/index.js +23 -13
- package/dist/cjs/ottochain/metagraph-client.js +81 -16
- package/dist/cjs/ottochain/snapshot.js +13 -16
- package/dist/cjs/ottochain/transaction.js +67 -14
- package/dist/cjs/ottochain/types.js +16 -2
- package/dist/cjs/privacy/index.js +14 -0
- package/dist/cjs/privacy/sealed-bid.js +213 -0
- package/dist/cjs/privacy/shield-app.js +131 -0
- package/dist/cjs/schema/effects.js +156 -0
- package/dist/cjs/schema/fiber-app.js +150 -15
- package/dist/cjs/schema/guard-lint.js +343 -0
- package/dist/cjs/schema/guards.js +246 -0
- package/dist/cjs/signing.js +80 -0
- package/dist/cjs/templates/asset-policy.js +190 -0
- package/dist/cjs/templates/index.js +86 -0
- package/dist/cjs/templates/machine.js +130 -0
- package/dist/cjs/templates/migration.js +39 -0
- package/dist/cjs/templates/state-shape.js +38 -0
- package/dist/cjs/types.js +2 -3
- package/dist/cjs/validation.js +9 -11
- package/dist/cjs/verify.js +9 -4
- package/dist/cjs/zk/commit.js +53 -0
- package/dist/cjs/zk/guard.js +107 -0
- package/dist/cjs/zk/index.js +48 -0
- package/dist/cjs/zk/preimage.js +37 -0
- package/dist/cjs/zk/prover.js +87 -0
- package/dist/cjs/zk/registry.js +62 -0
- package/dist/cjs/zk/types.js +28 -0
- package/dist/cjs/zk/witness.js +19 -0
- package/dist/esm/apps/compute/index.js +29 -0
- package/dist/esm/apps/compute/state-machines/compute-rule110.js +161 -0
- package/dist/esm/apps/compute/state-machines/index.js +5 -0
- package/dist/esm/apps/contracts/index.js +9 -5
- package/dist/esm/apps/contracts/state-machines/contract-agreement.js +135 -162
- package/dist/esm/apps/contracts/state-machines/contract-escrow.js +193 -171
- package/dist/esm/apps/contracts/state-machines/contract-universal.js +47 -59
- package/dist/esm/apps/corporate/index.js +2 -2
- package/dist/esm/apps/corporate/state-machines/corp-board.js +501 -457
- package/dist/esm/apps/corporate/state-machines/corp-entity.js +488 -362
- package/dist/esm/apps/corporate/state-machines/corp-securities.js +770 -577
- package/dist/esm/apps/corporate/state-machines/corp-shareholders.js +568 -558
- package/dist/esm/apps/governance/index.js +10 -10
- package/dist/esm/apps/governance/state-machines/dao-multisig.js +189 -210
- package/dist/esm/apps/governance/state-machines/dao-reputation.js +182 -229
- package/dist/esm/apps/governance/state-machines/dao-single.js +106 -89
- package/dist/esm/apps/governance/state-machines/dao-token.js +200 -228
- package/dist/esm/apps/governance/state-machines/governance-simple.js +232 -232
- package/dist/esm/apps/governance/state-machines/governance-universal.js +65 -65
- package/dist/esm/apps/identity/constants.js +52 -21
- package/dist/esm/apps/identity/index.js +14 -9
- package/dist/esm/apps/identity/state-machines/identity-agent.js +125 -159
- package/dist/esm/apps/identity/state-machines/identity-oracle.js +159 -174
- package/dist/esm/apps/identity/state-machines/identity-registry.js +259 -0
- package/dist/esm/apps/identity/state-machines/identity-universal.js +52 -58
- package/dist/esm/apps/identity/state-machines/index.js +1 -0
- package/dist/esm/apps/index.js +9 -5
- package/dist/esm/apps/lending/assets.js +231 -0
- package/dist/esm/apps/lending/credit-scoring.js +81 -0
- package/dist/esm/apps/lending/eligibility.js +99 -0
- package/dist/esm/apps/lending/index.js +69 -0
- package/dist/esm/apps/lending/state-machines/index.js +5 -0
- package/dist/esm/apps/lending/state-machines/lending-zk-loan.js +430 -0
- package/dist/esm/apps/markets/index.js +11 -7
- package/dist/esm/apps/markets/state-machines/market-auction.js +117 -135
- package/dist/esm/apps/markets/state-machines/market-crowdfund.js +132 -142
- package/dist/esm/apps/markets/state-machines/market-group-buy.js +164 -185
- package/dist/esm/apps/markets/state-machines/market-prediction.js +227 -234
- package/dist/esm/apps/markets/state-machines/market-universal.js +66 -81
- package/dist/esm/apps/oracles/index.js +3 -3
- package/dist/esm/apps/privacy/index.js +56 -0
- package/dist/esm/apps/privacy/state-machines/index.js +6 -0
- package/dist/esm/apps/privacy/state-machines/mixer-ddhRing.js +282 -0
- package/dist/esm/apps/privacy/state-machines/note-pool.js +470 -0
- package/dist/esm/apps/staked-pool/assets.js +91 -0
- package/dist/esm/apps/staked-pool/base.js +493 -0
- package/dist/esm/apps/staked-pool/consumer.js +49 -0
- package/dist/esm/apps/staked-pool/index.js +60 -0
- package/dist/esm/apps/staked-pool/state-machines/index.js +6 -0
- package/dist/esm/apps/staked-pool/state-machines/staked-pool-base.js +46 -0
- package/dist/esm/apps/staked-pool/state-machines/staked-pool-oracle.js +127 -0
- package/dist/esm/generated/google/protobuf/struct.js +1 -1
- package/dist/esm/generated/google/protobuf/timestamp.js +1 -1
- package/dist/esm/generated/index.js +9 -5
- package/dist/esm/generated/openapi.js +5 -0
- package/dist/esm/generated/ottochain/apps/contracts/v1/contract.js +47 -47
- package/dist/esm/generated/ottochain/apps/corporate/v1/corporate.js +1 -1
- package/dist/esm/generated/ottochain/apps/governance/v1/governance.js +1 -1
- package/dist/esm/generated/ottochain/apps/identity/v1/attestation.js +1 -1
- package/dist/esm/generated/ottochain/apps/identity/v1/identity.js +115 -121
- package/dist/esm/generated/ottochain/apps/markets/v1/market.js +101 -101
- package/dist/esm/generated/ottochain/v1/common.js +1 -1
- package/dist/esm/generated/ottochain/v1/fiber.js +40 -2
- package/dist/esm/generated/ottochain/v1/messages.js +1 -1
- package/dist/esm/generated/ottochain/v1/records.js +1 -1
- package/dist/esm/index.js +28 -3
- package/dist/esm/openapi.js +1 -0
- package/dist/esm/ottochain/genesis-manifest.js +15 -9
- package/dist/esm/ottochain/index.js +2 -3
- package/dist/esm/ottochain/metagraph-client.js +81 -16
- package/dist/esm/ottochain/snapshot.js +6 -8
- package/dist/esm/ottochain/transaction.js +51 -3
- package/dist/esm/ottochain/types.js +15 -1
- package/dist/esm/privacy/index.js +6 -0
- package/dist/esm/privacy/sealed-bid.js +209 -0
- package/dist/esm/privacy/shield-app.js +127 -0
- package/dist/esm/schema/effects.js +145 -0
- package/dist/esm/schema/fiber-app.js +139 -8
- package/dist/esm/schema/guard-lint.js +337 -0
- package/dist/esm/schema/guards.js +228 -0
- package/dist/esm/signing.js +74 -0
- package/dist/esm/templates/asset-policy.js +182 -0
- package/dist/esm/templates/index.js +41 -0
- package/dist/esm/templates/machine.js +125 -0
- package/dist/esm/templates/migration.js +34 -0
- package/dist/esm/templates/state-shape.js +34 -0
- package/dist/esm/validation.js +1 -3
- package/dist/esm/verify.js +8 -2
- package/dist/esm/zk/commit.js +44 -0
- package/dist/esm/zk/guard.js +99 -0
- package/dist/esm/zk/index.js +19 -0
- package/dist/esm/zk/preimage.js +30 -0
- package/dist/esm/zk/prover.js +82 -0
- package/dist/esm/zk/registry.js +55 -0
- package/dist/esm/zk/types.js +25 -0
- package/dist/esm/zk/witness.js +15 -0
- package/dist/types/apps/compute/index.d.ts +176 -0
- package/dist/types/apps/compute/state-machines/compute-rule110.d.ts +157 -0
- package/dist/types/apps/compute/state-machines/index.d.ts +5 -0
- package/dist/types/apps/contracts/index.d.ts +81 -221
- package/dist/types/apps/contracts/state-machines/contract-agreement.d.ts +23 -98
- package/dist/types/apps/contracts/state-machines/contract-escrow.d.ts +49 -115
- package/dist/types/apps/contracts/state-machines/contract-universal.d.ts +4 -4
- package/dist/types/apps/corporate/index.d.ts +1176 -440
- package/dist/types/apps/corporate/state-machines/corp-board.d.ts +271 -135
- package/dist/types/apps/corporate/state-machines/corp-entity.d.ts +279 -74
- package/dist/types/apps/corporate/state-machines/corp-securities.d.ts +373 -149
- package/dist/types/apps/corporate/state-machines/corp-shareholders.d.ts +252 -80
- package/dist/types/apps/governance/index.d.ts +368 -470
- package/dist/types/apps/governance/state-machines/dao-multisig.d.ts +92 -107
- package/dist/types/apps/governance/state-machines/dao-reputation.d.ts +61 -85
- package/dist/types/apps/governance/state-machines/dao-single.d.ts +25 -47
- package/dist/types/apps/governance/state-machines/dao-token.d.ts +79 -68
- package/dist/types/apps/governance/state-machines/governance-simple.d.ts +95 -125
- package/dist/types/apps/governance/state-machines/governance-universal.d.ts +6 -6
- package/dist/types/apps/identity/constants.d.ts +33 -5
- package/dist/types/apps/identity/index.d.ts +415 -131
- package/dist/types/apps/identity/state-machines/identity-agent.d.ts +23 -23
- package/dist/types/apps/identity/state-machines/identity-oracle.d.ts +27 -98
- package/dist/types/apps/identity/state-machines/identity-registry.d.ts +379 -0
- package/dist/types/apps/identity/state-machines/identity-universal.d.ts +4 -4
- package/dist/types/apps/identity/state-machines/index.d.ts +1 -0
- package/dist/types/apps/index.d.ts +9 -5
- package/dist/types/apps/lending/assets.d.ts +258 -0
- package/dist/types/apps/lending/credit-scoring.d.ts +80 -0
- package/dist/types/apps/lending/eligibility.d.ts +83 -0
- package/dist/types/apps/lending/index.d.ts +556 -0
- package/dist/types/apps/lending/state-machines/index.d.ts +5 -0
- package/dist/types/apps/lending/state-machines/lending-zk-loan.d.ts +536 -0
- package/dist/types/apps/markets/index.d.ts +181 -276
- package/dist/types/apps/markets/state-machines/market-auction.d.ts +25 -49
- package/dist/types/apps/markets/state-machines/market-crowdfund.d.ts +35 -53
- package/dist/types/apps/markets/state-machines/market-group-buy.d.ts +35 -61
- package/dist/types/apps/markets/state-machines/market-prediction.d.ts +65 -86
- package/dist/types/apps/markets/state-machines/market-universal.d.ts +12 -12
- package/dist/types/apps/oracles/index.d.ts +1 -1
- package/dist/types/apps/privacy/index.d.ts +328 -0
- package/dist/types/apps/privacy/state-machines/index.d.ts +6 -0
- package/dist/types/apps/privacy/state-machines/mixer-ddhRing.d.ts +337 -0
- package/dist/types/apps/privacy/state-machines/note-pool.d.ts +196 -0
- package/dist/types/apps/staked-pool/assets.d.ts +53 -0
- package/dist/types/apps/staked-pool/base.d.ts +80 -0
- package/dist/types/apps/staked-pool/consumer.d.ts +29 -0
- package/dist/types/apps/staked-pool/index.d.ts +51 -0
- package/dist/types/apps/staked-pool/state-machines/index.d.ts +6 -0
- package/dist/types/apps/staked-pool/state-machines/staked-pool-base.d.ts +8 -0
- package/dist/types/apps/staked-pool/state-machines/staked-pool-oracle.d.ts +34 -0
- package/dist/types/generated/index.d.ts +5 -5
- package/dist/types/generated/openapi.d.ts +1270 -0
- package/dist/types/generated/ottochain/apps/contracts/v1/contract.d.ts +5 -5
- package/dist/types/generated/ottochain/apps/identity/v1/identity.d.ts +12 -12
- package/dist/types/generated/ottochain/apps/markets/v1/market.d.ts +11 -11
- package/dist/types/generated/ottochain/v1/fiber.d.ts +7 -0
- package/dist/types/index.d.ts +7 -3
- package/dist/types/openapi.d.ts +24 -0
- package/dist/types/ottochain/genesis-manifest.d.ts +11 -5
- package/dist/types/ottochain/index.d.ts +5 -6
- package/dist/types/ottochain/metagraph-client.d.ts +49 -7
- package/dist/types/ottochain/snapshot.d.ts +6 -6
- package/dist/types/ottochain/transaction.d.ts +41 -1
- package/dist/types/ottochain/types.d.ts +336 -31
- package/dist/types/privacy/index.d.ts +6 -0
- package/dist/types/privacy/sealed-bid.d.ts +348 -0
- package/dist/types/privacy/shield-app.d.ts +48 -0
- package/dist/types/schema/effects.d.ts +141 -0
- package/dist/types/schema/fiber-app.d.ts +282 -2
- package/dist/types/schema/guard-lint.d.ts +111 -0
- package/dist/types/schema/guards.d.ts +146 -0
- package/dist/types/signing.d.ts +45 -0
- package/dist/types/templates/asset-policy.d.ts +119 -0
- package/dist/types/templates/index.d.ts +26 -0
- package/dist/types/templates/machine.d.ts +139 -0
- package/dist/types/templates/migration.d.ts +34 -0
- package/dist/types/templates/state-shape.d.ts +30 -0
- package/dist/types/validation.d.ts +22 -217
- package/dist/types/verify.d.ts +4 -0
- package/dist/types/zk/commit.d.ts +28 -0
- package/dist/types/zk/guard.d.ts +46 -0
- package/dist/types/zk/index.d.ts +19 -0
- package/dist/types/zk/preimage.d.ts +10 -0
- package/dist/types/zk/prover.d.ts +34 -0
- package/dist/types/zk/registry.d.ts +34 -0
- package/dist/types/zk/types.d.ts +33 -0
- package/dist/types/zk/witness.d.ts +40 -0
- package/package.json +47 -15
- package/dist/cjs/ottochain/normalize.js +0 -186
- package/dist/esm/ottochain/normalize.js +0 -179
- package/dist/types/ottochain/normalize.d.ts +0 -79
|
@@ -0,0 +1,337 @@
|
|
|
1
|
+
import type { JsonLogicRule } from '../../../schema/fiber-app.js';
|
|
2
|
+
/**
|
|
3
|
+
* sigma-mixer — a CDS OR-of-`dhtuple` Σ-protocol ring mixer.
|
|
4
|
+
*
|
|
5
|
+
* Anonymity comes from a Cramer–Damgård–Schoenmakers OR-proof over the deposited
|
|
6
|
+
* ring, verified by the `sigma_verify` JLVM opcode; double-spend safety comes
|
|
7
|
+
* from a WITNESS-BOUND nullifier carried as the shared DDH point of an
|
|
8
|
+
* OR-of-`dhtuple` proposition.
|
|
9
|
+
*
|
|
10
|
+
* Each ring branch is a DDH tuple `dhtuple(G, H, P_i, Nf)`. A satisfied dhtuple
|
|
11
|
+
* proves knowledge of one `x` with `P_i = x·G` AND `Nf = x·H` (the verifier uses
|
|
12
|
+
* a SINGLE shared response `z` for both coordinate reconstructions
|
|
13
|
+
* `a1 = z·G − e·P_i`, `a2 = z·H − e·Nf`). The OR uses the SAME
|
|
14
|
+
* `v = event.nullifier` in every branch, so it hides which branch while forcing
|
|
15
|
+
* `event.nullifier = x_j·H` for the one real branch `j`. With `H` a NUMS base of
|
|
16
|
+
* unknown dlog w.r.t. `G`, the map `x ↦ x·H` is injective, so the nullifier is
|
|
17
|
+
* cryptographically bound to the proven secret — closing the
|
|
18
|
+
* witness-unbound-nullifier double-spend hole an OR-of-`dlog` ring leaves open.
|
|
19
|
+
*
|
|
20
|
+
* Verified against `@constellation-network/metagraph-sdk-jlvm@1.8.0-rc.5`: the
|
|
21
|
+
* `sigma_verify` dhtuple operands are exactly `["type","g","h","u","v"]` (each a
|
|
22
|
+
* 64-byte G1 hex), the OR child challenges XOR to the node challenge, and the
|
|
23
|
+
* strong-FS root challenge folds the bound message. Array append uses `merge`
|
|
24
|
+
* (`merge([arr,[item]])` flattens one level == append). All operators used
|
|
25
|
+
* (`sigma_verify`, `has`, `set`, `none`, `cat`, `substr`, `merge`) are in
|
|
26
|
+
* KNOWN_OPERATORS.
|
|
27
|
+
*
|
|
28
|
+
* SCOPE: this base definition is CRYPTO + LIFECYCLE. Production custody
|
|
29
|
+
* (`_transferAsset` in on deposit / out on withdraw), a signer-bound deposit-auth
|
|
30
|
+
* clause, and a `mixerId`-prefixed bound message are layered on by a downstream
|
|
31
|
+
* specialization (see the §8 production-hardening note in the design doc).
|
|
32
|
+
*/
|
|
33
|
+
/**
|
|
34
|
+
* Emit the `or`-of-`dhtuple` proposition for an `n`-member ring, unrolling
|
|
35
|
+
* `{"var":"<pointsVar>.k"}` for `k in 0..n-1` as the `u` (commitment) of each
|
|
36
|
+
* branch, with `g = gHex`, `h = hHex` (literal 64-byte G1 hex) and a shared
|
|
37
|
+
* `v = {"var":"<nullifierVar>"}` across ALL branches.
|
|
38
|
+
*
|
|
39
|
+
* `n` is FIXED at definition time (the proposition shape is closed). `u` and `v`
|
|
40
|
+
* are `{"var":...}` map-node values that the evaluator resolves element-wise.
|
|
41
|
+
*
|
|
42
|
+
* @param pointsVar state var holding the ordered ring points, e.g. `"state.points"`.
|
|
43
|
+
* @param nullifierVar event var holding the revealed nullifier, e.g. `"event.nullifier"`.
|
|
44
|
+
* @param gHex the verifier generator `G=(1,2)` as 64-byte `0x` hex.
|
|
45
|
+
* @param hHex the NUMS second base `H` as 64-byte `0x` hex (unknown dlog wrt G).
|
|
46
|
+
* @param n ring size (number of unrolled branches).
|
|
47
|
+
*/
|
|
48
|
+
export declare function sigmaDdhRingOf(pointsVar: string, nullifierVar: string, gHex: string, hHex: string, n: number): JsonLogicRule;
|
|
49
|
+
/**
|
|
50
|
+
* sigma-mixer fiber definition (pinned-ring v1, n=4).
|
|
51
|
+
*
|
|
52
|
+
* Trust model: PUBLIC. Anyone may deposit a ring point or submit a withdrawal.
|
|
53
|
+
* Privacy = a CDS OR-proof hides which of the n branches is being spent;
|
|
54
|
+
* anonymity set = exactly n (the ring size is public). Double-spend safety =
|
|
55
|
+
* the witness-bound nullifier + spent-set. Replay/front-run safety = the
|
|
56
|
+
* message-bound recipient.
|
|
57
|
+
*/
|
|
58
|
+
export declare const mixerDdhRingDef: {
|
|
59
|
+
metadata: {
|
|
60
|
+
name: string;
|
|
61
|
+
app: string;
|
|
62
|
+
type: string;
|
|
63
|
+
version: string;
|
|
64
|
+
description: string;
|
|
65
|
+
};
|
|
66
|
+
createSchema: {
|
|
67
|
+
required: readonly ["mixerId", "denomination", "anonymityTarget"];
|
|
68
|
+
properties: {
|
|
69
|
+
mixerId: {
|
|
70
|
+
type: "string";
|
|
71
|
+
immutable: true;
|
|
72
|
+
description: string;
|
|
73
|
+
};
|
|
74
|
+
denomination: {
|
|
75
|
+
type: "integer";
|
|
76
|
+
immutable: true;
|
|
77
|
+
description: string;
|
|
78
|
+
};
|
|
79
|
+
nullifierBaseH: {
|
|
80
|
+
type: "string";
|
|
81
|
+
immutable: true;
|
|
82
|
+
description: string;
|
|
83
|
+
};
|
|
84
|
+
anonymityTarget: {
|
|
85
|
+
type: "integer";
|
|
86
|
+
immutable: true;
|
|
87
|
+
description: string;
|
|
88
|
+
};
|
|
89
|
+
points: {
|
|
90
|
+
type: "array";
|
|
91
|
+
items: {
|
|
92
|
+
type: "string";
|
|
93
|
+
};
|
|
94
|
+
default: never[];
|
|
95
|
+
description: string;
|
|
96
|
+
};
|
|
97
|
+
spentNullifiers: {
|
|
98
|
+
type: "object";
|
|
99
|
+
default: {};
|
|
100
|
+
description: string;
|
|
101
|
+
};
|
|
102
|
+
depositCount: {
|
|
103
|
+
type: "integer";
|
|
104
|
+
default: number;
|
|
105
|
+
};
|
|
106
|
+
withdrawCount: {
|
|
107
|
+
type: "integer";
|
|
108
|
+
default: number;
|
|
109
|
+
};
|
|
110
|
+
status: {
|
|
111
|
+
type: "string";
|
|
112
|
+
default: string;
|
|
113
|
+
description: string;
|
|
114
|
+
};
|
|
115
|
+
};
|
|
116
|
+
};
|
|
117
|
+
stateSchema: {
|
|
118
|
+
properties: {
|
|
119
|
+
mixerId: {
|
|
120
|
+
type: "string";
|
|
121
|
+
immutable: true;
|
|
122
|
+
};
|
|
123
|
+
denomination: {
|
|
124
|
+
type: "integer";
|
|
125
|
+
immutable: true;
|
|
126
|
+
};
|
|
127
|
+
nullifierBaseH: {
|
|
128
|
+
type: "string";
|
|
129
|
+
immutable: true;
|
|
130
|
+
};
|
|
131
|
+
anonymityTarget: {
|
|
132
|
+
type: "integer";
|
|
133
|
+
immutable: true;
|
|
134
|
+
};
|
|
135
|
+
points: {
|
|
136
|
+
type: "array";
|
|
137
|
+
items: {
|
|
138
|
+
type: "string";
|
|
139
|
+
};
|
|
140
|
+
computed: true;
|
|
141
|
+
};
|
|
142
|
+
spentNullifiers: {
|
|
143
|
+
type: "object";
|
|
144
|
+
computed: true;
|
|
145
|
+
};
|
|
146
|
+
depositCount: {
|
|
147
|
+
type: "integer";
|
|
148
|
+
computed: true;
|
|
149
|
+
};
|
|
150
|
+
withdrawCount: {
|
|
151
|
+
type: "integer";
|
|
152
|
+
computed: true;
|
|
153
|
+
};
|
|
154
|
+
status: {
|
|
155
|
+
type: "string";
|
|
156
|
+
computed: true;
|
|
157
|
+
};
|
|
158
|
+
};
|
|
159
|
+
};
|
|
160
|
+
eventSchemas: {
|
|
161
|
+
deposit: {
|
|
162
|
+
description: string;
|
|
163
|
+
};
|
|
164
|
+
withdraw: {
|
|
165
|
+
description: string;
|
|
166
|
+
};
|
|
167
|
+
};
|
|
168
|
+
states: {
|
|
169
|
+
filling: {
|
|
170
|
+
id: string;
|
|
171
|
+
isFinal: false;
|
|
172
|
+
metadata: {
|
|
173
|
+
label: string;
|
|
174
|
+
description: string;
|
|
175
|
+
category: "active";
|
|
176
|
+
};
|
|
177
|
+
};
|
|
178
|
+
open: {
|
|
179
|
+
id: string;
|
|
180
|
+
isFinal: false;
|
|
181
|
+
metadata: {
|
|
182
|
+
label: string;
|
|
183
|
+
description: string;
|
|
184
|
+
category: "active";
|
|
185
|
+
};
|
|
186
|
+
};
|
|
187
|
+
drained: {
|
|
188
|
+
id: string;
|
|
189
|
+
isFinal: true;
|
|
190
|
+
metadata: {
|
|
191
|
+
label: string;
|
|
192
|
+
description: string;
|
|
193
|
+
category: "terminal";
|
|
194
|
+
};
|
|
195
|
+
};
|
|
196
|
+
};
|
|
197
|
+
initialState: "filling";
|
|
198
|
+
transitions: ({
|
|
199
|
+
from: "filling";
|
|
200
|
+
to: "open";
|
|
201
|
+
eventName: "deposit";
|
|
202
|
+
guard: {
|
|
203
|
+
and: ({
|
|
204
|
+
'===': ({
|
|
205
|
+
'+': (number | {
|
|
206
|
+
var: string;
|
|
207
|
+
})[];
|
|
208
|
+
var?: undefined;
|
|
209
|
+
} | {
|
|
210
|
+
var: string;
|
|
211
|
+
'+'?: undefined;
|
|
212
|
+
})[];
|
|
213
|
+
'!!'?: undefined;
|
|
214
|
+
none?: undefined;
|
|
215
|
+
} | {
|
|
216
|
+
'!!': {
|
|
217
|
+
var: string;
|
|
218
|
+
}[];
|
|
219
|
+
'==='?: undefined;
|
|
220
|
+
none?: undefined;
|
|
221
|
+
} | {
|
|
222
|
+
none: ({
|
|
223
|
+
var: string;
|
|
224
|
+
'==='?: undefined;
|
|
225
|
+
} | {
|
|
226
|
+
'===': {
|
|
227
|
+
var: string;
|
|
228
|
+
}[];
|
|
229
|
+
var?: undefined;
|
|
230
|
+
})[];
|
|
231
|
+
'==='?: undefined;
|
|
232
|
+
'!!'?: undefined;
|
|
233
|
+
})[];
|
|
234
|
+
};
|
|
235
|
+
effect: {
|
|
236
|
+
merge: ({
|
|
237
|
+
var: string;
|
|
238
|
+
points?: undefined;
|
|
239
|
+
depositCount?: undefined;
|
|
240
|
+
status?: undefined;
|
|
241
|
+
} | {
|
|
242
|
+
points: {
|
|
243
|
+
merge: ({
|
|
244
|
+
var: string;
|
|
245
|
+
} | {
|
|
246
|
+
var: string;
|
|
247
|
+
}[])[];
|
|
248
|
+
};
|
|
249
|
+
depositCount: {
|
|
250
|
+
'+': (number | {
|
|
251
|
+
var: string;
|
|
252
|
+
})[];
|
|
253
|
+
};
|
|
254
|
+
status: string;
|
|
255
|
+
var?: undefined;
|
|
256
|
+
})[];
|
|
257
|
+
};
|
|
258
|
+
dependencies: never[];
|
|
259
|
+
} | {
|
|
260
|
+
from: "filling";
|
|
261
|
+
to: "filling";
|
|
262
|
+
eventName: "deposit";
|
|
263
|
+
guard: {
|
|
264
|
+
and: ({
|
|
265
|
+
'<': ({
|
|
266
|
+
'+': (number | {
|
|
267
|
+
var: string;
|
|
268
|
+
})[];
|
|
269
|
+
var?: undefined;
|
|
270
|
+
} | {
|
|
271
|
+
var: string;
|
|
272
|
+
'+'?: undefined;
|
|
273
|
+
})[];
|
|
274
|
+
'!!'?: undefined;
|
|
275
|
+
none?: undefined;
|
|
276
|
+
} | {
|
|
277
|
+
'!!': {
|
|
278
|
+
var: string;
|
|
279
|
+
}[];
|
|
280
|
+
'<'?: undefined;
|
|
281
|
+
none?: undefined;
|
|
282
|
+
} | {
|
|
283
|
+
none: ({
|
|
284
|
+
var: string;
|
|
285
|
+
'==='?: undefined;
|
|
286
|
+
} | {
|
|
287
|
+
'===': {
|
|
288
|
+
var: string;
|
|
289
|
+
}[];
|
|
290
|
+
var?: undefined;
|
|
291
|
+
})[];
|
|
292
|
+
'<'?: undefined;
|
|
293
|
+
'!!'?: undefined;
|
|
294
|
+
})[];
|
|
295
|
+
};
|
|
296
|
+
effect: {
|
|
297
|
+
merge: ({
|
|
298
|
+
var: string;
|
|
299
|
+
points?: undefined;
|
|
300
|
+
depositCount?: undefined;
|
|
301
|
+
} | {
|
|
302
|
+
points: {
|
|
303
|
+
merge: ({
|
|
304
|
+
var: string;
|
|
305
|
+
} | {
|
|
306
|
+
var: string;
|
|
307
|
+
}[])[];
|
|
308
|
+
};
|
|
309
|
+
depositCount: {
|
|
310
|
+
'+': (number | {
|
|
311
|
+
var: string;
|
|
312
|
+
})[];
|
|
313
|
+
};
|
|
314
|
+
var?: undefined;
|
|
315
|
+
})[];
|
|
316
|
+
};
|
|
317
|
+
dependencies: never[];
|
|
318
|
+
} | {
|
|
319
|
+
from: "open";
|
|
320
|
+
to: "drained";
|
|
321
|
+
eventName: "withdraw";
|
|
322
|
+
guard: {
|
|
323
|
+
and: JsonLogicRule[];
|
|
324
|
+
};
|
|
325
|
+
effect: JsonLogicRule;
|
|
326
|
+
dependencies: never[];
|
|
327
|
+
} | {
|
|
328
|
+
from: "open";
|
|
329
|
+
to: "open";
|
|
330
|
+
eventName: "withdraw";
|
|
331
|
+
guard: {
|
|
332
|
+
and: JsonLogicRule[];
|
|
333
|
+
};
|
|
334
|
+
effect: JsonLogicRule;
|
|
335
|
+
dependencies: never[];
|
|
336
|
+
})[];
|
|
337
|
+
};
|
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* shielded-note-pool — a Tornado-style fixed-denomination UTXO-private asset pool.
|
|
3
|
+
*
|
|
4
|
+
* One fiber instance is one shielded pool. The pool's PUBLIC state is the privacy
|
|
5
|
+
* scaffolding only — a Poseidon-Merkle commitment ROOT window, a spent-NULLIFIER set,
|
|
6
|
+
* an append-only output-COMMITMENT log, and the asset-record UUIDs the pool custodies.
|
|
7
|
+
* The real value model is a UTXO note layer that lives OFF-chain in notes committed to
|
|
8
|
+
* the tree; each spend is attested by a single Groth16 proof of the `zk-shielded` circuit.
|
|
9
|
+
*
|
|
10
|
+
* Division of labour (the Kachina/Midnight split — a general verifier in the VM, the
|
|
11
|
+
* shielded pool as ordinary state + transitions on top of it; see
|
|
12
|
+
* docs/design/ergo-patterns-as-fiber-primitives.md §"shielded-note-pool" and
|
|
13
|
+
* docs/design/shielded-transfer-app-sketch.md):
|
|
14
|
+
* - the CIRCUIT proves membership (Poseidon-Merkle inclusion) ∧ authorization
|
|
15
|
+
* (`owner == Poseidon([nsk])`) ∧ nullifier derivation (`nf == Poseidon([rho, nsk])`)
|
|
16
|
+
* ∧ intra-transfer nullifier uniqueness ∧ per-asset conservation ∧ u64 range;
|
|
17
|
+
* - this GUARD (combine) verifies the proof against the pinned `vkey`, binds the
|
|
18
|
+
* public inputs by slicing them from the VERIFIED `publicValues` bytes, rejects an
|
|
19
|
+
* already-spent nullifier (`none`), checks the spend's anchor is still honored
|
|
20
|
+
* (`in [anchor, knownRoots]`), and pins the fee word to a configured value;
|
|
21
|
+
* - the EFFECT (combine) spends the nullifier, logs the output commitment, advances
|
|
22
|
+
* the rolling anchor window, and (on `unshield`) releases exactly one whole
|
|
23
|
+
* `denom`-valued asset record to a clear recipient.
|
|
24
|
+
*
|
|
25
|
+
* It uses NO new metakit opcode. `groth16_verify` verifies the proof; the public-input
|
|
26
|
+
* words are extracted from the verified `publicValues` string with fixed-offset `substr`
|
|
27
|
+
* and re-prefixed `0x` (`{cat:['0x', {substr:[pv,off,64]}]}`) — slicing the verified
|
|
28
|
+
* bytes IS the binding, so no field can be mauled independently of the proof.
|
|
29
|
+
*
|
|
30
|
+
* ──────────────────────────────────────────────────────────────────────────────────────
|
|
31
|
+
* ⚠ UNAUDITED — TEST ASSETS ONLY. The `zk-shielded` circuit and its Groth16 verifier are
|
|
32
|
+
* UNAUDITED; BN254 is ~100-bit security. This MVP is test-assets-only and pins
|
|
33
|
+
* N=1 input / M=1 output / zero fee, with a SINGLE TRUSTED RELAYER for root advancement.
|
|
34
|
+
* Do NOT deploy with value-bearing assets until the circuit + verifier are audited and the
|
|
35
|
+
* in-circuit `newRoot` (which removes the trusted relayer) has landed. See §"Scope" / the
|
|
36
|
+
* Risks list in the design doc.
|
|
37
|
+
* ──────────────────────────────────────────────────────────────────────────────────────
|
|
38
|
+
*
|
|
39
|
+
* MVP constraints (CONFIRMED DEFAULTS):
|
|
40
|
+
* - test assets only;
|
|
41
|
+
* - single trusted relayer gates root advancement (`event.newRoot` is NOT in the proven
|
|
42
|
+
* public values, so a non-relayer could otherwise flood `knownRoots` and evict honest
|
|
43
|
+
* in-flight anchors — a real DoS). LATER: prove `newRoot` in-circuit and drop the relayer.
|
|
44
|
+
* - fixed denomination; the deposit mint is transparent (Tornado-style), the amount is
|
|
45
|
+
* hidden among same-`denom` notes (anonymity set = all live `denom` notes).
|
|
46
|
+
*
|
|
47
|
+
* On-chain primitive facts this builder relies on (re-verified against
|
|
48
|
+
* `@constellation-network/metagraph-sdk-jlvm@1.8.0-rc.5`, see tests/note-pool.test.ts):
|
|
49
|
+
* - array APPEND is `merge([arr,[item]])` (flatten one level); `cat` on arrays ERRORS
|
|
50
|
+
* ("Unexpected input for `cat`") — never use `cat` for array append on-chain;
|
|
51
|
+
* - every crypto/compare value is `0x`-prefixed; an extracted word MUST be re-prefixed
|
|
52
|
+
* `{cat:['0x', {substr:[pv,off,64]}]}` before comparing with a stored `0x` hash;
|
|
53
|
+
* - `none [arr, {===:[{var:""}, x]}]` fires correctly (fresh→true, spent→false);
|
|
54
|
+
* - `groth16_verify` on a garbage bundle returns `false` (graceful deny, never throws);
|
|
55
|
+
* - `pmt_verify([root, leaf, index, [siblings]])` is Poseidon-Merkle inclusion with
|
|
56
|
+
* ROOT-FIRST siblings and a leaf-position `index` (depth range-checked) — exported as
|
|
57
|
+
* {@link pmtMembership} for off-chain witness building / a membership-gated variant.
|
|
58
|
+
*/
|
|
59
|
+
import { type FiberAppDefinition, type JsonLogicRule, type SchemaField } from '../../../schema/fiber-app.js';
|
|
60
|
+
/**
|
|
61
|
+
* The EXACT `publicValues` layout the guard slices, for the N=1 input / M=1 output MVP.
|
|
62
|
+
*
|
|
63
|
+
* `publicValues` is the abi-encoded `ShieldedTransferPublicValues` carried as a single
|
|
64
|
+
* `0x`-prefixed lowercase-hex string. Each 32-byte ABI word is 64 hex chars; word `w`
|
|
65
|
+
* begins at hex offset `2 + 64*w` (the leading `2` skips `0x`).
|
|
66
|
+
*
|
|
67
|
+
* `ShieldedTransferPublicValues { bytes32 anchor; bytes32[] nullifiers; bytes32[] outputCms;
|
|
68
|
+
* uint64 fee; bytes32 feeAsset; }`. The circuit commits this via `alloy_sol_types::abi_encode`,
|
|
69
|
+
* which — the struct being a DYNAMIC tuple (it holds the two dynamic arrays) — emits a single leading
|
|
70
|
+
* `0x20` tuple-offset HEAD WORD before the struct body, then the body's own head of array offsets +
|
|
71
|
+
* a tail of (len, elems). For FIXED N=1/M=1 the tail is static and `substr`-addressable.
|
|
72
|
+
*
|
|
73
|
+
* ┌── field ─────────────┬── hex offset ─┬── width ─┬── notes ─────────────────────────────────┐
|
|
74
|
+
* │ tuple head (0x20) │ 2 │ 64 │ abi_encode dynamic-tuple offset; NOT a field│
|
|
75
|
+
* │ anchor │ 66 │ 64 │ Poseidon-Merkle root the inputs prove under │
|
|
76
|
+
* │ nullifiers off (0xa0)│ 130 │ 64 │ body-relative offset of the nullifiers array│
|
|
77
|
+
* │ outputCms off (0xe0)│ 194 │ 64 │ body-relative offset of the outputCms array │
|
|
78
|
+
* │ fee (uint64 word) │ 258 │ 64 │ transparent fee, right-aligned in the word │
|
|
79
|
+
* │ feeAsset │ 322 │ 64 │ asset-as-Fr the fee is denominated in │
|
|
80
|
+
* │ nullifiers.len │ 386 │ 64 │ == 1 for the N=1 MVP │
|
|
81
|
+
* │ nullifiers[0] │ 450 │ 64 │ the revealed input nullifier │
|
|
82
|
+
* │ outputCms.len │ 514 │ 64 │ == 1 for the M=1 MVP │
|
|
83
|
+
* │ outputCms[0] │ 578 │ 64 │ the revealed output commitment │
|
|
84
|
+
* └──────────────────────┴───────────────┴──────────┴─────────────────────────────────────────────┘
|
|
85
|
+
*
|
|
86
|
+
* The word ORDER and ENCODING a matching SP1 fixture MUST produce (so the placeholder can be
|
|
87
|
+
* swapped for a real proof): the `0x`-string is
|
|
88
|
+
* 0x ‖ 0x20 ‖ anchor ‖ nullifiers.off ‖ outputCms.off ‖ fee ‖ feeAsset ‖
|
|
89
|
+
* nullifiers.len ‖ nullifiers[0] ‖ outputCms.len ‖ outputCms[0]
|
|
90
|
+
* laid out by the circuit's `commit_slice(abi_encode(ShieldedTransferPublicValues{..}))`, such that
|
|
91
|
+
* the five field offsets below land on the words above. Every word is a lowercase 32-byte hex with
|
|
92
|
+
* NO `0x` per-word prefix (the single `0x` is on the whole string).
|
|
93
|
+
*
|
|
94
|
+
* RECONCILED 2026-06 against the REAL `zk-shielded` circuit (~/repos/metakit-sdk/rust/zk-shielded):
|
|
95
|
+
* an earlier version of this layout omitted the leading `0x20` dynamic-tuple head word, so every
|
|
96
|
+
* offset was one 32-byte word (64 hex) too low and the guard sliced the WRONG words. The circuit is
|
|
97
|
+
* the source of truth; the offsets above were corrected (+64 each) to match a real SP1 Groth16 proof
|
|
98
|
+
* whose `publicValues` is `0x ‖ 0x20 ‖ anchor ‖ 0xa0 ‖ 0xe0 ‖ fee ‖ feeAsset ‖ 1 ‖ nf ‖ 1 ‖ cm`.
|
|
99
|
+
*
|
|
100
|
+
* cm / nf preimages (the circuit's, fixed and byte-for-byte across Scala/Rust/TS):
|
|
101
|
+
* - `cm = Poseidon([value_as_fr, owner, asset, rho])` (4-input, MAX poseidon arity);
|
|
102
|
+
* - `owner = Poseidon([nsk])`;
|
|
103
|
+
* - `nf = Poseidon([rho, nsk])` (FIELD ORDER rho, nsk).
|
|
104
|
+
*/
|
|
105
|
+
export declare const PV_LAYOUT: {
|
|
106
|
+
/** anchor — word 1 (word 0 is the dynamic-tuple `0x20` head word; see the table). */
|
|
107
|
+
readonly anchor: 66;
|
|
108
|
+
/** fee — word 4 (uint64 right-aligned). MVP pins this whole word to {@link NotePoolOptions.feeWord}. */
|
|
109
|
+
readonly fee: 258;
|
|
110
|
+
/** feeAsset — word 5. */
|
|
111
|
+
readonly feeAsset: 322;
|
|
112
|
+
/** nullifiers[0] — after the nullifiers length word @386. */
|
|
113
|
+
readonly nullifier: 450;
|
|
114
|
+
/** outputCms[0] — after the outputCms length word @514. */
|
|
115
|
+
readonly outputCm: 578;
|
|
116
|
+
};
|
|
117
|
+
/**
|
|
118
|
+
* Lift `publicValues` word at hex `offset` back to a `0x`-hex value comparable with a stored
|
|
119
|
+
* `bytes32`/`hash`. `cat` of two STRINGS is valid on-chain; `cat` of arrays ERRORS — this is
|
|
120
|
+
* strings only. The slice is taken from the SAME bytes `groth16_verify` consumed, so a changed
|
|
121
|
+
* field invalidates the proof: re-prefixing the verified slice IS the public-input binding.
|
|
122
|
+
*/
|
|
123
|
+
export declare const pvField: (offset: number) => JsonLogicRule;
|
|
124
|
+
/**
|
|
125
|
+
* `pmt_verify([root, leaf, index, [siblings]])` Poseidon-Merkle inclusion (root-first siblings,
|
|
126
|
+
* leaf-position `index`, depth = `siblings.length`, range-checked). Exported for off-chain witness
|
|
127
|
+
* building and for a membership-gated pool variant. NOTE: the MVP `transfer`/`unshield` guards do
|
|
128
|
+
* NOT call `pmt_verify` — membership is proven INSIDE the circuit (`verify_inclusion`) and bound to
|
|
129
|
+
* the verified `anchor`; the chain only checks `anchor ∈ knownRoots`. This helper exists so a
|
|
130
|
+
* downstream pool that wants an additional ON-CHAIN inclusion check (e.g. for a transparent leaf)
|
|
131
|
+
* can express it with the verified operand format.
|
|
132
|
+
*/
|
|
133
|
+
export declare const pmtMembership: (rootVar: JsonLogicRule, leafVar: JsonLogicRule, indexVar: JsonLogicRule, siblingsVar: JsonLogicRule) => JsonLogicRule;
|
|
134
|
+
export interface NotePoolOptions {
|
|
135
|
+
/** zk-shielded program vkey (32B, `0x`-hex). Pinned ONCE at creation; the guard reads it from state. */
|
|
136
|
+
vkey: string;
|
|
137
|
+
/** Merkle depth of the commitment tree, pinned at creation. */
|
|
138
|
+
depth: number;
|
|
139
|
+
/** Fixed note denomination (asset units). Each live note ⇔ one `denom`-valued asset record. */
|
|
140
|
+
denom: number;
|
|
141
|
+
/** Asset policy ref the pool mints/burns note-records under (the deposit authorization surface). */
|
|
142
|
+
poolPolicyRef: string;
|
|
143
|
+
/** `0x` Fr label fees are charged in (== asset-as-Fr). Must equal the proof's `feeAsset` word. */
|
|
144
|
+
feeAsset: string;
|
|
145
|
+
/**
|
|
146
|
+
* The EXACT `0x` 32-byte word `fee` must equal. MVP: the all-zero word (forces fee=0, rejects any
|
|
147
|
+
* value-siphoning fee). LATER, to allow a fixed nonzero fee, compare only the right 16 hex.
|
|
148
|
+
*/
|
|
149
|
+
feeWord?: string;
|
|
150
|
+
/** DAG address authorized to advance the root (MVP single trusted relayer; anti-grief). */
|
|
151
|
+
relayer: string;
|
|
152
|
+
/** How many recent anchors stay spendable (rolling window). Default 64. */
|
|
153
|
+
rootWindow?: number;
|
|
154
|
+
}
|
|
155
|
+
/** The all-zero 32-byte word — the MVP `feeWord` (pins fee=0). */
|
|
156
|
+
export declare const ZERO_WORD: string;
|
|
157
|
+
/** Public state every shielded note-pool carries (the note value model itself is private/off-chain). */
|
|
158
|
+
export declare const NOTE_POOL_STATE: Record<string, SchemaField>;
|
|
159
|
+
/** `transfer` / `unshield` carry a Groth16 bundle; `unshield` also carries the record to release. */
|
|
160
|
+
export interface ShieldedSpendPayload {
|
|
161
|
+
/** Groth16 proof bytes (0x hex). */
|
|
162
|
+
proof: string;
|
|
163
|
+
/** abi-encoded `ShieldedTransferPublicValues` (0x hex); see {@link PV_LAYOUT}. */
|
|
164
|
+
publicValues: string;
|
|
165
|
+
}
|
|
166
|
+
/** `transfer` advances the tree; `newRoot` is wallet/relayer-computed (NOT in the proven PV). */
|
|
167
|
+
export interface TransferPayload extends ShieldedSpendPayload {
|
|
168
|
+
/** wallet/relayer-computed root after appending `outputCms[0]`. Authorized by the relayer signer gate. */
|
|
169
|
+
newRoot: string;
|
|
170
|
+
}
|
|
171
|
+
/** `unshield` releases one whole `denom`-valued record the pool holds to a clear recipient. */
|
|
172
|
+
export interface UnshieldPayload extends ShieldedSpendPayload {
|
|
173
|
+
/** assetId UUID of the note-record to release; MUST be `in state.noteRecords`. */
|
|
174
|
+
recordId: string;
|
|
175
|
+
/** clear DAG address (→ `AssetHolder.Wallet`) that receives the released note-record. */
|
|
176
|
+
recipient: string;
|
|
177
|
+
}
|
|
178
|
+
/** `noteMinted` records a deposit's commitment + the freshly-minted record's UUID. */
|
|
179
|
+
export interface NoteMintedPayload {
|
|
180
|
+
/** client-computed `cm = Poseidon([denom, owner, feeAsset, rho])` (0x). */
|
|
181
|
+
commitment: string;
|
|
182
|
+
/** assetId UUID of the `denom`-valued record the deposit minted into `Fiber(poolId)`. */
|
|
183
|
+
recordId: string;
|
|
184
|
+
}
|
|
185
|
+
/**
|
|
186
|
+
* Build the shielded-note-pool fiber app.
|
|
187
|
+
*
|
|
188
|
+
* Single state `ACTIVE → ACTIVE` with three transitions:
|
|
189
|
+
* - `transfer` — note-to-note spend (no public asset move); advances the tree. Relayer-gated.
|
|
190
|
+
* - `noteMinted`— witness transition recording a deposit's commitment + record UUID (the deposit
|
|
191
|
+
* itself is an asset-model `MintAsset` into `Fiber(poolId)`, gated by the
|
|
192
|
+
* `poolPolicyRef` mintPolicy — NOT a fiber transition).
|
|
193
|
+
* - `unshield` — burn a note (nullify), release one whole `denom` note-record to a clear recipient.
|
|
194
|
+
* Self-sufficient because it is CASCADE-REACHABLE (asset transfers fire from cascades).
|
|
195
|
+
*/
|
|
196
|
+
export declare function notePoolDef(opts: NotePoolOptions): FiberAppDefinition;
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Asset-subsystem integration for the staked-pool family.
|
|
3
|
+
*
|
|
4
|
+
* Two asset roles:
|
|
5
|
+
* - STAKE token: a governed fungible. Joining is a custody `Transfer` of the whole stake instance into
|
|
6
|
+
* `AssetHolder.Fiber(poolId)` (the loan family's "lock = Transfer into Fiber holder" pattern); the
|
|
7
|
+
* pool's `stake_and_join` guard verifies the custody via `heldAssets` (H5). Withdraw/slash move it back
|
|
8
|
+
* out via the fiber's `_transferAsset` directive.
|
|
9
|
+
* - REWARD token: a shared fungible the pool pre-holds. `claim_reward` moves ONE whole reward instance to
|
|
10
|
+
* a verified in-consensus claimant (per-claim model — the whole-asset transfer has no amount field).
|
|
11
|
+
*
|
|
12
|
+
* Reuses the lending family's asset payload builders (`createAssetPolicyPayload`, `createMintAssetPayload`,
|
|
13
|
+
* `createApplyMorphismPayload`, `fiberHolder`, `walletHolder`) — re-exported here so a staked-pool caller
|
|
14
|
+
* has a single import surface.
|
|
15
|
+
*/
|
|
16
|
+
import { createAssetPolicyPayload, createMintAssetPayload, createApplyMorphismPayload, fiberHolder, walletHolder, TokenBehaviors, type CreateAssetPolicyParams, type MintAssetMessage, type ApplyMorphismMessage, type PolicyRef, type JsonLogicRule } from '../lending/assets.js';
|
|
17
|
+
export { createAssetPolicyPayload, createMintAssetPayload, createApplyMorphismPayload, fiberHolder, walletHolder, TokenBehaviors, };
|
|
18
|
+
export type { CreateAssetPolicyParams, MintAssetMessage, ApplyMorphismMessage, PolicyRef, JsonLogicRule };
|
|
19
|
+
/**
|
|
20
|
+
* Stake-token policy: a governed fungible. `Transfer` is the custody move into/out of the pool fiber.
|
|
21
|
+
* Transferable so withdraw/slash can return it (a soulbound stake would fail the R1 transferable check
|
|
22
|
+
* on withdraw — see design §11; not the default here).
|
|
23
|
+
*/
|
|
24
|
+
export declare function stakePolicy(name?: string, version?: string): CreateAssetPolicyParams;
|
|
25
|
+
/**
|
|
26
|
+
* Reward-pot policy: a shared fungible the pool pre-holds and pays out one whole instance per claim.
|
|
27
|
+
* `mintGuard` (optional) gates who may mint reward instances into the pool (e.g. the pool authority);
|
|
28
|
+
* omit for an open mint pinned operationally.
|
|
29
|
+
*/
|
|
30
|
+
export declare function rewardPotPolicy(mintGuard?: JsonLogicRule | null, name?: string, version?: string): CreateAssetPolicyParams;
|
|
31
|
+
/**
|
|
32
|
+
* stake_and_join driver: the participant Transfers their whole stake instance into the pool fiber BEFORE
|
|
33
|
+
* the `stake_and_join` event (custody = Transfer to `AssetHolder.Fiber`). Mirrors `lockCollateralOp`.
|
|
34
|
+
*/
|
|
35
|
+
export declare function stakeJoinOp(args: {
|
|
36
|
+
stakeAssetId: string;
|
|
37
|
+
poolFiberId: string;
|
|
38
|
+
targetSequenceNumber: number;
|
|
39
|
+
}): ApplyMorphismMessage;
|
|
40
|
+
/**
|
|
41
|
+
* Pre-mint reward instances into the pool fiber (sized to expected claimants for the epoch). Mirrors
|
|
42
|
+
* `mintPrincipalOp` but mints to `Fiber(poolId)` so `claim_reward` can later transfer one whole instance.
|
|
43
|
+
*/
|
|
44
|
+
export declare function mintRewardInstancesOp(args: {
|
|
45
|
+
rewardAssetId: string;
|
|
46
|
+
rewardPolicyRef: PolicyRef;
|
|
47
|
+
poolFiberId: string;
|
|
48
|
+
amount: number | string;
|
|
49
|
+
witness?: {
|
|
50
|
+
publicValues: string;
|
|
51
|
+
proof: string;
|
|
52
|
+
};
|
|
53
|
+
}): MintAssetMessage;
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Staked-pool BASE factory — a reusable staked-epoch-pool lifecycle skeleton.
|
|
3
|
+
*
|
|
4
|
+
* Lifecycle: FORMING → COLLECTING → SETTLED → COLLECTING (reset) … → CLOSED.
|
|
5
|
+
* FORMING (initial) — accepting stake/join; registry bound; not yet running epochs.
|
|
6
|
+
* COLLECTING — epoch open; participants submit datapoints/votes.
|
|
7
|
+
* SETTLED — result published; entitlement ledger credited; result readable cross-fiber.
|
|
8
|
+
* CLOSED (final) — wound down; stakes + unclaimed rewards still withdrawable/claimable.
|
|
9
|
+
*
|
|
10
|
+
* The base composes EXISTING SDK primitives only:
|
|
11
|
+
* - `signerIsParty` (authority gate), `actorIsSigner`/`actorHasEntry` (effect-key↔signer coupling),
|
|
12
|
+
* `signerHasReputationVia` (the #24 dynamic-dep reputation-gated join), `actorNotInArray` (array dedup),
|
|
13
|
+
* `depInState` (cross-fiber consumer read — used by the consumer, not the pool itself) — `src/schema/guards.ts`.
|
|
14
|
+
* - `addDependency` (#24 bind), `transferAsset` (whole-instance custody move) — `src/schema/effects.ts`.
|
|
15
|
+
*
|
|
16
|
+
* Value model (design §2.1, §4 — resolved):
|
|
17
|
+
* - Submissions are an APPEND-ONLY ARRAY of `{ addr, value }` records (no map-keyed-by-address, because
|
|
18
|
+
* there is no `(array,int)` element-index op). Append is `merge[state.submissions, [record]]` — verified.
|
|
19
|
+
* - finalize emits ZERO asset transfers: it publishes `result` and records the in-consensus address set
|
|
20
|
+
* into `inConsensus` (the entitlement ledger). No reward map-fold (a map-valued `reduce` accumulator is
|
|
21
|
+
* rejected by the VM — `isPrimitive` guard in `opReduce`); entitlement is membership in `inConsensus`.
|
|
22
|
+
* - reward = PER-CLAIM on a shared fungible: `claim_reward` moves ONE whole reward instance the pool holds
|
|
23
|
+
* to a verified, in-consensus, not-yet-claimed signer, and marks `claimed[addr] = true`. ≤1 transfer.
|
|
24
|
+
* - withdraw_stake / hard-slash each emit exactly ONE whole `_transferAsset` ⇒ never the 32-cap.
|
|
25
|
+
*
|
|
26
|
+
* Multi-`from` arms are SPLIT into one transition per source state (chain `from` is a single string):
|
|
27
|
+
* stake_and_join ×2, claim_reward ×2, withdraw_stake ×2, close ×3.
|
|
28
|
+
*/
|
|
29
|
+
import type { FiberAppDefinition, Transition } from '../../schema/fiber-app.js';
|
|
30
|
+
/**
|
|
31
|
+
* submit COLLECTING→COLLECTING — append one `{addr,value}` datapoint. OVERRIDABLE per specialization.
|
|
32
|
+
* Guard = joined participant (signer-pinned) AND within window AND not-yet-submitted-this-epoch (array dedup).
|
|
33
|
+
*/
|
|
34
|
+
export declare function defaultSubmitArm(): Transition;
|
|
35
|
+
/**
|
|
36
|
+
* Genesis state — EVERY map init'd to `{}` and EVERY array to `[]` so reads stay total (M1: `has`/`get`
|
|
37
|
+
* on null hard-error). `epoch`/`epochStartedAt` are 0 until `open_first_epoch`.
|
|
38
|
+
*/
|
|
39
|
+
export declare const baseInitialStateData: {
|
|
40
|
+
readonly status: "FORMING";
|
|
41
|
+
readonly epoch: 0;
|
|
42
|
+
readonly epochStartedAt: 0;
|
|
43
|
+
readonly participants: {};
|
|
44
|
+
readonly stakes: {};
|
|
45
|
+
readonly stakeAssetIds: {};
|
|
46
|
+
readonly submissions: readonly [];
|
|
47
|
+
readonly inConsensus: readonly [];
|
|
48
|
+
readonly claimed: {};
|
|
49
|
+
readonly result: null;
|
|
50
|
+
};
|
|
51
|
+
export interface StakedPoolOverrides {
|
|
52
|
+
/** Metadata identity for the specialization. */
|
|
53
|
+
metadata: {
|
|
54
|
+
name: string;
|
|
55
|
+
type: string;
|
|
56
|
+
description: string;
|
|
57
|
+
version?: string;
|
|
58
|
+
};
|
|
59
|
+
/** Override the COLLECTING→COLLECTING `submit` arm (e.g. oracle datapoint append). Defaults to {@link defaultSubmitArm}. */
|
|
60
|
+
submit?: Transition;
|
|
61
|
+
/** The finalize arm (COLLECTING→SETTLED) — REQUIRED; supplied by the specialization (e.g. trimmed-mean). */
|
|
62
|
+
finalize: Transition;
|
|
63
|
+
/** Extra arms (e.g. governance propose/vote/resolve/challenge/slash) appended after the base arms. */
|
|
64
|
+
extraTransitions?: readonly Transition[];
|
|
65
|
+
/** Extra states (e.g. governance VOTING). */
|
|
66
|
+
extraStates?: Record<string, {
|
|
67
|
+
id: string;
|
|
68
|
+
isFinal: boolean;
|
|
69
|
+
metadata?: unknown;
|
|
70
|
+
}>;
|
|
71
|
+
/** Extra create-schema properties merged onto the base. */
|
|
72
|
+
extraCreateProperties?: Record<string, unknown>;
|
|
73
|
+
/** Extra state-schema properties merged onto the base. */
|
|
74
|
+
extraStateProperties?: Record<string, unknown>;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Build a staked-pool definition from the shared base + a specialization's `submit`/`finalize` (+ extras).
|
|
78
|
+
* Emits all SPLIT multi-`from` arms; no two emitted entries share both `from` and `eventName`.
|
|
79
|
+
*/
|
|
80
|
+
export declare function makeStakedPoolDef(overrides: StakedPoolOverrides): FiberAppDefinition;
|