Sulkta-Coop/aldabra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
aldabra/Cargo.toml
Kayos a3a842138c build: strip Gitea token from pallas patch URLs + add cargo config 
Hard rule from Cobb 2026-05-06: zero secrets hardcoded in committed
source. The [patch.crates-io] block had the kayos Gitea PAT embedded
in the URL, which cargo then duplicated into Cargo.lock's source URLs.

Fix:
- Cargo.toml [patch.crates-io] URLs are now tokenless
  (http://192.168.0.5:3001/...)
- Cargo.lock source URLs scrubbed to match
- .cargo/config.toml adds [net] git-fetch-with-cli = true so cargo
  defers to system git for fetches; system git authenticates via
  the user's git credential helper (~/.git-credentials chmod 600).

Operators (devs + crafting-table runner) need a working git credential
helper for the LAN Gitea, configured out-of-band (NOT in this repo).
Pattern: `git config --global credential.helper store` +
`echo http://USER:TOKEN@192.168.0.5:3001 > ~/.git-credentials &&
chmod 600 ~/.git-credentials`. After Cobb rotates the kayos PAT,
update that file on every host that builds aldabra.
2026-05-06 07:45:37 -07:00

110 lines
4.6 KiB
TOML
Raw Blame History

# Cargo workspace root for aldabra.
#
# Four crates:
# aldabra-core — key derivation, signing, types, mnemonic handling
# aldabra-chain — pluggable chain backends (Koios, Ogmios). Trait-first.
# aldabra-dao — Agora-on-Cardano DAO interaction; multi-DAO from day 1.
# aldabra-mcp — binary; the MCP server, glues core+chain+dao together.
#
# Named for the Aldabra giant tortoise (Aldabrachelys gigantea) — endemic
# to the Aldabra atoll in the Seychelles, up to 250 kg, 150-year lifespan.
# Long-lived, defended, slow but unstoppable. Fitting metaphor for a
# wallet that holds your money.
#
# Workspace deps are pinned here so all crates use the same versions.
# Add a dep here, then reference it in each crate's Cargo.toml as
# foo = { workspace = true }
[workspace]
resolver = "2"
members = [
"crates/aldabra-core",
"crates/aldabra-chain",
"crates/aldabra-dao",
"crates/aldabra-mcp",
]
[workspace.package]
version = "0.0.1"
edition = "2021"
license-file = "LICENSE"
repository = "http://192.168.0.5:3001/Sulkta-Coop/aldabra"
authors = ["Cobb <cobb@sulkta.com>", "Kayos <kayos@sulkta.com>"]
[workspace.dependencies]
# Async runtime — almost everything we do is I/O bound (chain queries, MCP stdio)
tokio = { version = "1", features = ["full"] }
# Cardano stack — pallas is the rust-native primitives library by txpipe.
# We pull individual crates rather than the meta-crate so we control feature flags.
pallas-primitives = "0.32"
pallas-codec = "0.32"
pallas-crypto = "0.32"
pallas-addresses = "0.32"
pallas-txbuilder = "0.32"
pallas-wallet = "0.32"
pallas-traverse = "0.32"
pallas-network = "0.32"
# Mnemonic + key derivation.
# bip39 — 24-word wordlist parsing + BIP-39 entropy extraction.
# ed25519-bip32 — Cardano's variant of BIP-32-Ed25519 HD derivation
# (XPrv + DerivationScheme::V2 hard/soft children).
# pallas-crypto only ships raw ed25519, not HD derivation.
# cryptoxide — PBKDF2-HMAC-SHA512 for Icarus master-key generation
# (CIP-3). Already pulled in transitively by
# ed25519-bip32; declared here so we can use pbkdf2 + Sha512
# directly in aldabra-core.
# `rand` feature pulls in OsRng-backed Mnemonic::generate_in for new-wallet flows.
bip39 = { version = "2", features = ["rand"] }
ed25519-bip32 = "0.4"
cryptoxide = "0.4"
# At-rest encryption for the mnemonic + derived keys on disk. age is
# what the cauldron Fernet pattern would have been if we'd had it back
# then — modern, audited, FOSS, and the secret never has to round-trip
# through a daemon password prompt.
age = "0.10"
# Memory hygiene — wipe key material from RAM when keys go out of scope.
zeroize = { version = "1", features = ["derive"] }
# Errors — anyhow at the boundaries (binary), thiserror for crate-internal types
anyhow = "1"
thiserror = "1"
# Serde for everything JSON
serde = { version = "1", features = ["derive"] }
serde_json = "1"
# HTTP client for Koios + future Ogmios HTTP endpoints
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
# MCP SDK for Rust. Note: the official Rust SDK has been moving fast
# (modelcontextprotocol/rust-sdk on github). Pin a version once we
# verify the API shape we actually use.
rmcp = { version = "0.1", features = ["server", "transport-io"] }
# Logging
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
# Config file parsing — TOML at $ALDABRA_DATA/config.toml.
toml = "0.9"
# Hidden-input passphrase prompts for the mnemonic bootstrap CLI.
# rpassword is the standard "tty echo off" prompt crate.
rpassword = "7"
# Vendored fork of txpipe/pallas with auxiliary_data support added to
# pallas-txbuilder (upstream had TODO markers we filled in). Patches
# all pallas-* crates so the version graph resolves consistently
# against the same commit. PR upstream pending; switch back to
# crates.io once merged.
[patch.crates-io]
pallas-codec = { git = "http://192.168.0.5:3001/Sulkta-Coop/pallas.git", branch = "feat-aux-data" }
pallas-crypto = { git = "http://192.168.0.5:3001/Sulkta-Coop/pallas.git", branch = "feat-aux-data" }
pallas-primitives = { git = "http://192.168.0.5:3001/Sulkta-Coop/pallas.git", branch = "feat-aux-data" }
pallas-traverse = { git = "http://192.168.0.5:3001/Sulkta-Coop/pallas.git", branch = "feat-aux-data" }
pallas-addresses = { git = "http://192.168.0.5:3001/Sulkta-Coop/pallas.git", branch = "feat-aux-data" }
pallas-wallet = { git = "http://192.168.0.5:3001/Sulkta-Coop/pallas.git", branch = "feat-aux-data" }
pallas-txbuilder = { git = "http://192.168.0.5:3001/Sulkta-Coop/pallas.git", branch = "feat-aux-data" }
Reference in a new issue View git blame Copy permalink