Sulkta-OSS/aldabra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
aldabra/ROADMAP.md
Kayos 489b58cc1e phase 1 scaffold: cargo workspace + 3 crates + roadmap + architecture 
Repo skeleton for sulkta-wallet, the rust-native cardano lite wallet
with MCP server interface. Builds end-to-end, types in place,
real cardano primitives land next pass.

Crates:
  wallet-core   — pure crypto + types. mnemonic, key derivation,
                  signing. No I/O. Security boundary.
  wallet-chain  — pluggable backends. ChainBackend trait, Koios
                  client (stub for now). Ogmios + submit in phase 2.
  wallet-mcp    — the binary. stdio MCP transport via rmcp.

Phase plan in ROADMAP.md, threat model in docs/architecture.md.

This is also Cobb's first Rust project + a real-world workout for
crafting-table's rust toolchain.
2026-05-04 10:02:32 -07:00

4.1 KiB
Raw Blame History

sulkta-wallet roadmap

Phased buildout. Each phase ships a usable increment + leaves the codebase in a state where Phase N+1 picks up cleanly.

Phase 1 — MVP read path (current scaffold)

Goal: address + balance + UTXOs from a real mnemonic, working end-to-end through the MCP transport.

  • Cargo workspace
  • Crate skeletons: wallet-core, wallet-chain, wallet-mcp
  • Type stubs + ZeroizeOnDrop scaffolding for keys
  • wallet-core::Mnemonic::into_root_key — real CIP-3 derivation via pallas-crypto
  • wallet-core::derive_base_address — real CIP-1852 + bech32
  • wallet-chain::KoiosClient::get_utxos — real reqwest to /address_utxos
  • wallet-chain::KoiosClient::get_balance
  • Interactive mnemonic bootstrap CLI: paste once, age-encrypt to disk
  • On-startup decryption — single passphrase prompt, derived key in RAM only
  • Wire MCP server (rmcp) — register wallet.address, wallet.balance, wallet.utxos tools
  • Smoke test against testnet (preprod)

Done = claude can invoke wallet.address and get the right preprod address back; wallet.balance returns matching numbers from a Koios query.

Phase 2 — write path (send)

Goal: the wallet can spend.

  • wallet-chain::ChainBackend::submit_tx — POST CBOR to Koios /submittx
  • wallet-chain::tx_status — poll /tx_info
  • Build + sign ADA-only payment via pallas-txbuilder
  • MCP tool wallet.send with to_address, lovelace args
  • MCP tool wallet.tx_status with tx_hash arg
  • Add native-asset send (multi-asset value bundle)
  • Add wallet.send.sign_only for offline / multisig flows
  • Hard guard: reject outbound TXs over $X equivalent unless flag set (preventable LLM mistake)

Done = the wallet successfully sends 1 tADA on preprod, then 1 ADA on mainnet to a known test address, both initiated via an MCP tool call from Claude Code.

Phase 3 — minting

Goal: wallet can mint Sulkta native assets.

  • Policy script construction — pure-timelock + multisig variants
  • CIP-25 metadata serialization (legacy 721 metadatum)
  • CIP-68 ref-NFT pattern (300/100/333 standards)
  • MCP tool wallet.policy.create — returns policy_id + serialized script
  • MCP tool wallet.mint — args: policy, assets, metadata
  • Integration with the MAP treasury minting pattern (2-of-2 multisig)

Done = the wallet can mint a test asset on preprod with both CIP-25 and CIP-68 metadata, queryable via Koios /asset_info.

Phase 4 — Plutus interaction

Goal: consume Plutus-locked UTXOs, attach reference scripts, delegate stake.

  • Inline datum support
  • Reference input attachment
  • wallet.script.spend — args: utxo_ref, redeemer_cbor, script_cbor or reference, additional_signers
  • Script execution unit estimation (call out to a local cardano-cli or a reasonable approximation)
  • Stake key derivation (chain index 2)
  • wallet.stake.delegate — args: pool_id, optional drep_id (Voltaire era)
  • Drep voting tools if Cobb cares (separate ask)

Done = the wallet successfully spends a UTXO locked by a trivial Plutus validator (e.g. "always succeeds") on preprod.

Out-of-scope (deliberately)

  • Hot-key signing for high-value mainnet — for any tx over a per-config threshold, the wallet should write the unsigned TX to a file and require a separate cold-signing flow (mirrors the ADAMaps treasury pattern at memory/MEMORY.md ADAMaps section).
  • Smart contract deployment / Plutus compilation — that's an Aiken / plutus-tx job. This wallet only consumes pre-compiled scripts.
  • Browser / Web UI — pure MCP-as-the-interface. Humans interact via the LLM client.
  • Multiple wallets in one daemon — instance-per-wallet by design. Run multiple binaries if needed.

Performance / size targets (informal)

  • Cold-start time: < 200 ms (mnemonic decrypt + key derive)
  • Per-tool latency: dominated by chain backend (Koios round-trip ~50-200 ms); the wallet itself should add < 10 ms
  • Binary size: < 30 MB stripped release
  • Memory: < 50 MB RSS steady-state