Kayos
f89877bf8e
⚠ WIP — UNAUDITED. Feature-gated behind `escrow_wip`; out of default builds.
Mirrors aiken validator at aiken-escrow/escrow/validators/escrow.ak (also
WIP). Spec at audits/2026-05-09-escrow-spec.md.
Five-redeemer two-party agreement-with-veto escrow:
- Open → both sign Agree → Agreed{at} → Settle (after lock_period)
- Agreed → either party Veto → per-contributor refund
- Open → Refund (after open_deadline) → per-contributor refund
Datum: ProductIsData (Constr 0 [a, b, recipient, deadline, lock, state, deposits]).
EscrowState: enum Open | Agreed{at} encoded as Constr 0/1 (with payload).
EscrowDeposit: per-contributor (pkh, Value) entry, Constr 0.
EscrowValue: Plutus Map<PolicyId, Map<AssetName, Int>>; preserves on-chain
ordering for cbor-equality checks the validator does on continuing-output
deposits diff.
Tests: 10 codec roundtrips (Open/Agreed states, ada-only/multi-asset values,
deposit lookup by pkh, value-merge sum). All pass under
`cargo test -p aldabra-dao --features escrow_wip escrow::`.
Builders + MCP tools land in follow-up commits on this branch.
86 lines
3 KiB
TOML
86 lines
3 KiB
TOML
# aldabra-dao — Agora-on-Cardano DAO interaction.
|
|
#
|
|
# This crate is a community-publishable, multi-DAO client for any
|
|
# Agora deployment. Bob's DAO and Alice's DAO are both first-class —
|
|
# nothing is hardcoded to any single DAO.
|
|
#
|
|
# Layout:
|
|
# config — per-DAO config files at $ALDABRA_DATA/daos/<name>.json
|
|
# + .active selector. Loaded fresh on every tool call so
|
|
# add/remove/switch take effect without daemon restart.
|
|
# agora — Plutarch type ports (StakeDatum, ProposalDatum, etc) with
|
|
# PlutusData encode/decode. One module per Agora module.
|
|
# reader — Read-only Koios-backed state queries for governor /
|
|
# stakes / proposals UTxOs. Decodes datums into typed Rust.
|
|
# builder — Plutus tx assembly per operation (stake_create,
|
|
# proposal_vote, etc). Each operation is its own file
|
|
# for readability.
|
|
# error — Crate-internal error type.
|
|
#
|
|
# Boundary rules:
|
|
# - We depend on aldabra-core for crypto / signing / address ops only.
|
|
# - We depend on aldabra-chain for raw Koios queries.
|
|
# - We do NOT touch keys directly; signing is delegated to aldabra-core.
|
|
# - We do NOT do MCP. The dao_* MCP tools live in aldabra-mcp.
|
|
#
|
|
# Why a separate crate (not just a module under aldabra-core):
|
|
# - DAO ops are a separate auditable surface from the core wallet.
|
|
# - Community users can depend on aldabra-dao without pulling in the
|
|
# full MCP binary.
|
|
# - Plutus DAO tx assembly is enough code that mixing it with raw
|
|
# wallet sends would bloat aldabra-core past the auditability threshold.
|
|
|
|
[package]
|
|
name = "aldabra-dao"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license-file.workspace = true
|
|
repository.workspace = true
|
|
authors.workspace = true
|
|
|
|
[dependencies]
|
|
aldabra-core = { path = "../aldabra-core" }
|
|
aldabra-chain = { path = "../aldabra-chain" }
|
|
|
|
# Pallas — PlutusData encode/decode + tx building + addresses.
|
|
pallas-primitives = { workspace = true }
|
|
pallas-codec = { workspace = true }
|
|
pallas-crypto = { workspace = true }
|
|
pallas-addresses = { workspace = true }
|
|
pallas-txbuilder = { workspace = true }
|
|
pallas-traverse = { workspace = true }
|
|
|
|
# Async + I/O for chain reads.
|
|
tokio = { workspace = true }
|
|
async-trait = "0.1"
|
|
reqwest = { workspace = true }
|
|
|
|
# Serde for DaoConfig persistence + Koios JSON.
|
|
serde = { workspace = true }
|
|
serde_json = { workspace = true }
|
|
|
|
# Bech32 for parsing addresses we don't get pre-decoded.
|
|
bech32 = "0.9"
|
|
|
|
# Hex for handling token names + script hashes.
|
|
hex = "0.4"
|
|
|
|
# Errors.
|
|
thiserror = { workspace = true }
|
|
|
|
# Logging.
|
|
tracing = { workspace = true }
|
|
|
|
[features]
|
|
default = []
|
|
# WIP / unaudited two-party escrow validator + builders + types. Compiled
|
|
# out of default builds until external audit lands. Enable with
|
|
# --features escrow_wip from the workspace root.
|
|
escrow_wip = []
|
|
|
|
[dev-dependencies]
|
|
# DaoStore tests use a temp dir as the data root.
|
|
tempfile = "3"
|
|
# `from_slice` for round-trip CBOR tests in agora module.
|
|
pallas-codec = { workspace = true }
|
|
|