Pull-mirror of github.com/Sulkta-Coop/aldabra. Canonical lives on GitHub; this is a LAN-fast read-only cache.

Find a file

Kayos 1ee124b545 AUDIT4-3 fix: optional inline datum on wallet_send wallet_send + wallet_send_unsigned now accept an optional datum_inline_cbor_hex field. When set, the recipient output carries the bytes as an inline datum — the right shape for locking funds at a script address with a datum the validator can read. Without this, sends to script addresses created un-spendable utxos (Babbage/Conway rejects spending script utxos that don't carry a datum). Surfaced 2026-05-04 audit-4 phase F2 when the always-succeeds Aiken validator's locked utxo couldn't be spent back due to NotAllowedSupplementalDatums + PPViewHashesDontMatch chain errors. Plumbed through: build_signed_payment_with_assets (added arg) build_unsigned_payment_with_assets (added arg) prepare_payment (added arg) build_staging_with_fee (added arg) output_with_assets (added arg) SendArgs / UnsignedSendArgs (new optional MCP field) Change outputs never get a datum — they go back to the wallet which has no validator to satisfy, so the field is wired only to the recipient output. Test lock_with_inline_datum_attaches_datum_to_output decodes the resulting tx CBOR and confirms the recipient output's datum_option is populated. Unblocks mainnet Plutus testing — the spend round trip can now build a lock that the spend side can satisfy.		2026-05-05 06:58:15 -07:00
crates	AUDIT4-3 fix: optional inline datum on wallet_send	2026-05-05 06:58:15 -07:00
docs	rename: sulkta-wallet → aldabra (per Cobb 2026-05-04)	2026-05-04 10:11:23 -07:00
.dockerignore	phase 1: full read path — bip39 + cip-3 + cip-1852 + koios + age-mnemonic + rmcp	2026-05-04 11:09:00 -07:00
.gitignore	phase 1 scaffold: cargo workspace + 3 crates + roadmap + architecture	2026-05-04 10:02:32 -07:00
Cargo.lock	audit fixes: all 9 findings resolved + wallet generation tooling	2026-05-04 14:52:08 -07:00
Cargo.toml	audit fixes: all 9 findings resolved + wallet generation tooling	2026-05-04 14:52:08 -07:00
Dockerfile	phase 1: full read path — bip39 + cip-3 + cip-1852 + koios + age-mnemonic + rmcp	2026-05-04 11:09:00 -07:00
LICENSE	phase 1 scaffold: cargo workspace + 3 crates + roadmap + architecture	2026-05-04 10:02:32 -07:00
README.md	rename: sulkta-wallet → aldabra (per Cobb 2026-05-04)	2026-05-04 10:11:23 -07:00
ROADMAP.md	rename: sulkta-wallet → aldabra (per Cobb 2026-05-04)	2026-05-04 10:11:23 -07:00

README.md

aldabra

Rust-native Cardano lite wallet with an MCP-server interface — built for LLM-first usage (send, receive, mint, Plutus interaction).

Status: Phase 1 scaffold (2026-05-04). Compiles, structure in place, real wallet primitives still landing. See ROADMAP.md.

Why

The existing Cardano MCP servers are either read-only doc gateways (Jimmyh-world/Cardano_MCP) or built on Blockfrost (web3-mcp) which is a centralized API we deliberately don't depend on. Sulkta runs its own Koios + Ogmios endpoints on Rackham; we want a wallet that talks directly to those.

Also: it's the first Sulkta Rust project — useful as a workout for crafting-table's Rust toolchain (per Sulkta-Coop/lucy-infra spec-crafting-table.md).

Architecture

Three crates in a Cargo workspace:

Crate	Responsibility
`aldabra-core`	Pure crypto + types. Mnemonic → root key (CIP-3), root → payment + stake key (CIP-1852), address construction, signing. No I/O, no network. This is the security boundary.
`aldabra-chain`	Pluggable backends for chain queries. `ChainBackend` trait, with Koios as the phase-1 implementation. Ogmios + submission paths in phase 2.
`aldabra-mcp`	Binary. MCP server speaking stdio. Glues core + chain together, exposes tools to the LLM client.

            ┌─────────────────────────────┐
LLM client  │       aldabra-mcp (bin)      │  stdio
─────────►  │   tool handlers, lifecycle  │  ────►
            └──────────┬──────────────────┘
                       │
              ┌────────┴────────┐
              ▼                 ▼
       ┌──────────────┐  ┌──────────────┐
       │ aldabra-core  │  │ aldabra-chain │
       │ keys, sign   │  │ Koios/Ogmios │
       └──────────────┘  └──────────────┘

MCP tools (target)

Phase 1:

wallet.address — derived base address at account 0, index 0
wallet.balance — ADA + native asset balance at the wallet's address
wallet.utxos — list UTXOs

Phase 2:

wallet.send — build, sign, submit a payment (ADA or native)
wallet.tx_status — poll a submitted tx hash

Phase 3:

wallet.mint — mint a CIP-25 / CIP-68 native asset
wallet.policy.create — generate a policy script (timelock, multisig)

Phase 4:

wallet.script.attach — attach an inline datum + reference script
wallet.script.spend — spend a Plutus-locked UTXO with redeemer
wallet.stake.delegate — delegate to a pool

Build

# Local (requires rustc 1.75+)
cargo build --release

# Through crafting-table (preferred — validates the toolchain there)
crafting-table build aldabra

Run

# Direct invocation (smoke test only — does nothing useful in phase 1)
./target/release/aldabra

# As an MCP server registered with Claude Code:
# add to ~/.claude.json:
#   "aldabra": {
#     "command": "/path/to/aldabra",
#     "env": {
#       "ALDABRA_DATA": "/mnt/cache/appdata/aldabra"
#     }
#   }

Security model

Mnemonic source: interactive bootstrap on first run, paste once, encrypted at rest with age. Never written to disk in plaintext.
Derived keys: in-memory only, ZeroizeOnDrop on every container.
Network exposure: stdio MCP transport — never opens a TCP socket. Only the spawning client process can reach it.
Multi-network: mainnet by default, but --network preview / --network preprod for testing without real ADA.