aldabra

Sulkta-OSS/aldabra

Fork 0

Commit graph

Author	SHA1	Message	Date
Kayos	93f11ecef0	docs: rewrite for users — drop internal infra context README + supporting docs were written for ourselves (deployment paths, internal product comparisons, internal task lists, build pipeline artifacts) instead of for users of the software. This pass refocuses them on what the software is, how to install, configure, and use it. - README.md: full rewrite. New shape — What it does / Architecture / Build / Run / Configuration / MCP tools / Security model / Status / License / Dependencies. Drops the internal "why we built it" narrative, drops phase-status claims that drifted stale, drops internal deployment paths. - ROADMAP.md: deleted. Was an internal task-list with [x]/[ ] items showing incremental private development. The README's Status section now communicates what's actually shipped. - docs/architecture.md: scrub cross-project comparisons referencing unrelated internal Sulkta codebases. - aiken-escrow/README.md: drop reference to a non-existent spec file; rewrite the Status checklist to reflect what's actually done rather than what was open at the time of writing. - audits/2026-05-09-escrow-e2e.md: scrub internal image names + container paths; the audit findings (chain hashes, validator hash, what each tx proved) are the public-useful part and stay. - audits/2026-05-09-escrow-internal-audit.md: drop references to feature-flag-gated branches that no longer exist. - Dockerfile: drop the dead `escrow_wip surface` phrase from comments. - Cargo.toml: drop the cross-project comparison comment that named an unrelated internal service. - crates/aldabra-{core,dao}: scrub internal preprod-test naming from source comments — same technical content, generic phrasing.	2026-05-10 20:56:25 -07:00
Kayos	78ed92304e	feat(escrow_wip): aiken validator + plutus.json blueprint ⚠ WIP — UNAUDITED. Plutus V3, Aiken v1.1.21. Preprod-only. Five-redeemer two-party agreement-with-veto escrow validator. Mirrors the off-chain codecs at crates/aldabra-dao/src/agora/escrow.rs. Validator script hash: 223aa7ace4a98ff5b8f8988c1c07b846c046de1a2bc9e8dc77411486 Compiled UPLC size: 7902 bytes. Datum: ProductIsData (Constr 0 [a, b, recipient, deadline, lock, state, deposits]). Redeemer: Constr 0..4 (Deposit \| Agree \| Veto \| Settle \| Refund). DepositEntry.value uses concrete Pairs<ByteArray, Pairs<ByteArray, Int>> since cardano/assets.Value is opaque (datums require concrete types). Pairs encode as Plutus Map at the dataType layer — matches the off-chain EscrowValue codec's PlutusData::Map(KeyValuePairs) emission. Build: cd aiken-escrow && aiken build (produces plutus.json blueprint). Threat-model gaps explicitly documented in aiken-escrow/README.md: - CBOR canonicality of Pairs serialisation (validator equality check) - Stake-credential null'd on refund outputs (intentional — protects pool delegation privacy at cost of stake reward routing) - No min-utxo enforcement on refund legs (off-chain builder's job) - No multi-script-input cross-UTxO consistency External audit gates mainnet deployment.	2026-05-09 11:38:45 -07:00

Author

SHA1

Message

Date

Kayos

93f11ecef0

docs: rewrite for users — drop internal infra context

README + supporting docs were written for ourselves (deployment paths,
internal product comparisons, internal task lists, build pipeline
artifacts) instead of for users of the software. This pass refocuses
them on what the software is, how to install, configure, and use it.

- README.md: full rewrite. New shape — What it does / Architecture /
  Build / Run / Configuration / MCP tools / Security model / Status /
  License / Dependencies. Drops the internal "why we built it"
  narrative, drops phase-status claims that drifted stale, drops
  internal deployment paths.
- ROADMAP.md: deleted. Was an internal task-list with [x]/[ ] items
  showing incremental private development. The README's Status
  section now communicates what's actually shipped.
- docs/architecture.md: scrub cross-project comparisons referencing
  unrelated internal Sulkta codebases.
- aiken-escrow/README.md: drop reference to a non-existent spec file;
  rewrite the Status checklist to reflect what's actually done
  rather than what was open at the time of writing.
- audits/2026-05-09-escrow-e2e.md: scrub internal image names +
  container paths; the audit findings (chain hashes, validator hash,
  what each tx proved) are the public-useful part and stay.
- audits/2026-05-09-escrow-internal-audit.md: drop references to
  feature-flag-gated branches that no longer exist.
- Dockerfile: drop the dead `escrow_wip surface` phrase from comments.
- Cargo.toml: drop the cross-project comparison comment that named
  an unrelated internal service.
- crates/aldabra-{core,dao}: scrub internal preprod-test naming from
  source comments — same technical content, generic phrasing.

2026-05-10 20:56:25 -07:00

Kayos

78ed92304e

feat(escrow_wip): aiken validator + plutus.json blueprint

⚠ WIP — UNAUDITED. Plutus V3, Aiken v1.1.21. Preprod-only.

Five-redeemer two-party agreement-with-veto escrow validator. Mirrors the
off-chain codecs at crates/aldabra-dao/src/agora/escrow.rs.

Validator script hash: 223aa7ace4a98ff5b8f8988c1c07b846c046de1a2bc9e8dc77411486
Compiled UPLC size: 7902 bytes.

Datum: ProductIsData (Constr 0 [a, b, recipient, deadline, lock, state, deposits]).
Redeemer: Constr 0..4 (Deposit | Agree | Veto | Settle | Refund).
DepositEntry.value uses concrete Pairs<ByteArray, Pairs<ByteArray, Int>>
since cardano/assets.Value is opaque (datums require concrete types).
Pairs encode as Plutus Map at the dataType layer — matches the off-chain
EscrowValue codec's PlutusData::Map(KeyValuePairs) emission.

Build: cd aiken-escrow && aiken build (produces plutus.json blueprint).

Threat-model gaps explicitly documented in aiken-escrow/README.md:
- CBOR canonicality of Pairs serialisation (validator equality check)
- Stake-credential null'd on refund outputs (intentional — protects pool
  delegation privacy at cost of stake reward routing)
- No min-utxo enforcement on refund legs (off-chain builder's job)
- No multi-script-input cross-UTxO consistency

External audit gates mainnet deployment.

2026-05-09 11:38:45 -07:00

2 commits