new aldabra-core::mint module:
- PolicySpec enum: SingleSig, SingleSigTimelock, NofK
- SingleSig{pkh}: ScriptPubkey native script
- SingleSigTimelock{pkh, slot}: ScriptAll[ScriptPubkey, InvalidHereafter(slot)]
- NofK{n, [pkhs]}: ScriptNOfK
- PolicySpec::single_sig(payment) + single_sig_timelock(payment, slot)
convenience constructors that derive the pkh from a PaymentKey.
- policy_id() = pallas_traverse::ComputeHash<28>::compute_hash, which
is blake2b-224 of (0x00 || cbor) — the canonical native-script hash.
- to_cbor() for callers that want the script bytes raw.
build_signed_mint / build_unsigned_mint:
- two-pass fee like the send path, plus a few extras specific to mint:
staging.mint_asset(policy, name, qty), .script(Native, cbor),
.disclosed_signer(payment_pkh) — the disclosed_signer surfaces the
required signature in the tx body so the chain knows which witness
to verify against the script.
- positive qty mints (asset goes into dest output), negative qty burns
(asset comes out of input holdings, change preserves leftover).
- token-bearing change must hold ≥ min_utxo lovelace — same guard as
the send path.
mcp tools:
- wallet.policy.create — args: invalid_after_slot? — returns
{policy_id_hex, script_cbor_hex, type}.
- wallet.mint — args: dest_address, dest_lovelace (≥ 1 ADA),
asset_name_hex, quantity (i64), invalid_after_slot? — auto-generates
a single-sig policy bound to the wallet's payment key, builds, signs,
submits.
8 → 10 mcp tools. 48 → 56 unit tests.
3.2 (CIP-25 metadata) is BLOCKED on pallas-txbuilder 0.32/0.35 — both
hardcode `auxiliary_data: None` in the conway builder. options for next
session: (a) post-build CBOR injection, (b) assemble tx via
pallas-primitives directly, (c) wait for upstream. flagged in the
spec doc.
3.3 (CIP-68) depends on 3.2. 3.6 (MAP 2-of-2) needs the multi-key
signing flow on the build side; PolicySpec::NofK variant is ready but
build_signed_mint only sign with one key today.
40 lines
1.3 KiB
TOML
40 lines
1.3 KiB
TOML
# aldabra-core — pure crypto + types. No I/O, no network. Deterministic
|
|
# given the same mnemonic + derivation path.
|
|
#
|
|
# This crate is intentionally narrow:
|
|
# - Mnemonic → root key
|
|
# - Root key → payment / stake key (CIP-1852 derivation)
|
|
# - Address construction (mainnet, testnet)
|
|
# - Transaction signing (given an unsigned TX builder output from
|
|
# aldabra-chain or pallas-txbuilder)
|
|
#
|
|
# It deliberately does NOT:
|
|
# - Do any chain queries (that's aldabra-chain's job)
|
|
# - Talk to MCP (that's aldabra-mcp's job)
|
|
# - Touch files (the daemon owns disk I/O; we get keys handed in)
|
|
#
|
|
# Rationale: this is the most security-sensitive crate. Keeping it
|
|
# narrow + I/O-free makes it auditable.
|
|
|
|
[package]
|
|
name = "aldabra-core"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license-file.workspace = true
|
|
repository.workspace = true
|
|
authors.workspace = true
|
|
|
|
[dependencies]
|
|
pallas-primitives = { workspace = true }
|
|
pallas-codec = { workspace = true }
|
|
pallas-crypto = { workspace = true }
|
|
pallas-addresses = { workspace = true }
|
|
pallas-txbuilder = { workspace = true }
|
|
pallas-wallet = { workspace = true }
|
|
pallas-traverse = { workspace = true }
|
|
bip39 = { workspace = true }
|
|
ed25519-bip32 = { workspace = true }
|
|
cryptoxide = { workspace = true }
|
|
zeroize = { workspace = true }
|
|
thiserror = { workspace = true }
|
|
serde = { workspace = true }
|