refactor(examples): rewrite fixed/variable supply scripts to use verified spel flow

- replace unverified 'lgs wallet -- token' subcommands with the same spel
  invocations as demo-full-flow.sh (correct flags, base58->hex authority)
- use the new --authority-account signer model
- remove misleading || true error-swallowing and false 'verified' claims;
  point to the unit/integration tests that actually prove the guarantees
This commit is contained in:
bristinWild 2026-06-03 01:51:57 +05:30
parent ce372c7d12
commit 0cb99fe031
2 changed files with 144 additions and 111 deletions

View File

@ -1,62 +1,77 @@
#!/usr/bin/env bash
# LP-0013 Example 1: Fixed Supply Token
# Creates a token, mints initial supply, then permanently revokes mint authority.
# After revocation, any further minting is rejected.
# LP-0013 Example: Fixed Supply Token
#
# Demonstrates, against a real LEZ sequencer via spel:
# - creating a fungible token with a mint authority
# - minting additional supply (authority-gated)
# - permanently revoking the mint authority (fixed supply)
#
# After revocation, AuthoritySlot rejects any further mint. That guarantee is
# covered by:
# - token_program unit tests: mint_with_revoked_authority_fails,
# set_authority_on_revoked_fails
# - integration test: token_set_authority_revoke
# Run them with: RISC0_DEV_MODE=0 cargo test -p token_program -p lez-authority --lib
#
# Usage (from inside an lgs scaffold project dir):
# RISC0_DEV_MODE=0 bash <path-to-lez-programs>/scripts/examples/fixed_supply_token.sh
set -euo pipefail
echo "=== Fixed Supply Token Example ==="
echo ""
SPEL="${SPEL:-$HOME/rebase-lez/spel/target/release/spel}"
LEZ_PROGRAMS="${LEZ_PROGRAMS:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}"
IDL="${IDL:-$LEZ_PROGRAMS/artifacts/token-idl.json}"
TOKEN_BIN="${TOKEN_BIN:-$LEZ_PROGRAMS/target/riscv-guest/token-methods/token-guest/riscv32im-risc0-zkvm-elf/release/token.bin}"
WALLET_DIR="${WALLET_DIR:-$(pwd)/.scaffold/wallet}"
# 1. Start localnet if not running
echo "[1/6] Checking localnet..."
lgs localnet status --json 2>/dev/null | grep -q '"running":true' || lgs localnet start
b58_to_hex() {
local id="${1#Public/}"
id="${id#Private/}"
python3 -c "
import sys
s = sys.argv[1]
alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
num = 0
for c in s:
num = num * 58 + alphabet.index(c)
print(num.to_bytes(32, 'big').hex())
" "$id"
}
echo "=== Fixed Supply Token Example ==="
echo "[1/4] Checking localnet..."
lgs localnet status 2>/dev/null | grep -q "ready: true" || lgs localnet start
echo " Localnet ready."
# 2. Create definition and holding accounts
echo "[2/6] Creating accounts..."
DEF_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
HOLD_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
echo "[2/4] Creating accounts..."
DEF_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}')
HOLD_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}')
DEF_ID_HEX=$(b58_to_hex "$DEF_ID")
echo " Definition: $DEF_ID"
echo " Holding: $HOLD_ID"
# 3. Create token WITH mint authority (so we can mint more later)
echo "[3/6] Creating token with mint authority..."
lgs wallet -- token new-with-authority \
--definition "$DEF_ID" \
--holding "$HOLD_ID" \
--name "FixedCoin" \
--initial-supply 1000000 \
--mint-authority "$(lgs wallet -- account default)"
echo " Token created. Initial supply: 1,000,000"
echo "[3/4] Creating token with mint authority..."
NSSA_WALLET_HOME_DIR="$WALLET_DIR" \
"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \
-- new-fungible-definition-with-authority \
--definition-target-account "$DEF_ID" \
--holding-target-account "$HOLD_ID" \
--name "FixedCoin" \
--initial-supply 1000000 \
--mint-authority "$DEF_ID_HEX"
echo " Token 'FixedCoin' created. Initial supply: 1,000,000"
sleep 2
# 4. Mint additional tokens
echo "[4/6] Minting 500,000 additional tokens..."
MINT_HOLD_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
lgs wallet -- token mint \
--definition "$DEF_ID" \
--holding "$MINT_HOLD_ID" \
--amount 500000
echo " Minted. Total supply: 1,500,000"
# 5. Revoke mint authority (fix the supply permanently)
echo "[5/6] Revoking mint authority (fixing supply permanently)..."
lgs wallet -- token set-authority \
--definition "$DEF_ID" \
--new-authority none
echo " Authority revoked. Supply is now permanently fixed."
# 6. Verify: minting now fails
echo "[6/6] Verifying minting is rejected after revocation..."
EXTRA_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
if lgs wallet -- token mint \
--definition "$DEF_ID" \
--holding "$EXTRA_HOLD" \
--amount 1 2>&1 | grep -q "revoked\|fixed supply"; then
echo " ✓ Minting correctly rejected: authority revoked"
else
echo " ✗ FAIL: Expected rejection after authority revocation"
exit 1
fi
echo "[4/4] Revoking mint authority (fixing supply permanently)..."
NSSA_WALLET_HOME_DIR="$WALLET_DIR" \
"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \
-- set-authority \
--definition-account "$DEF_ID" \
--authority-account "$DEF_ID" \
--new-authority none
echo " Authority revoked. Supply is permanently fixed at 1,000,000."
echo " Any further mint is now rejected — enforced by lez-authority and"
echo " covered by mint_with_revoked_authority_fails / token_set_authority_revoke."
echo ""
echo "=== Fixed Supply Token Example PASSED ==="
echo "=== Fixed Supply Token Example complete ==="

View File

@ -1,73 +1,91 @@
#!/usr/bin/env bash
# LP-0013 Example 2: Variable Supply Token with Authority Rotation
# Creates a token with alice as mint authority, mints tokens,
# rotates authority to bob, verifies alice can no longer mint,
# then bob mints successfully.
# LP-0013 Example: Variable Supply Token with Authority Rotation
#
# Demonstrates, against a real LEZ sequencer via spel:
# - creating a fungible token with a mint authority
# - minting additional supply (authority-gated)
# - rotating the mint authority to a new key
#
# The guarantee that the OLD authority can no longer mint after rotation —
# and that only the current authority's signer is accepted — is enforced by
# lez-authority's AuthoritySlot and covered by:
# - token_program unit tests: set_authority_rotate_then_old_cannot_mint,
# mint_with_wrong_signer_fails, set_authority_wrong_signer_fails
# - integration test: token_set_authority_revoke
# Run them with: RISC0_DEV_MODE=0 cargo test -p token_program -p lez-authority --lib
#
# Usage (from inside an lgs scaffold project dir):
# RISC0_DEV_MODE=0 bash <path-to-lez-programs>/scripts/examples/variable_supply_token.sh
set -euo pipefail
echo "=== Variable Supply Token (Authority Rotation) Example ==="
echo ""
SPEL="${SPEL:-$HOME/rebase-lez/spel/target/release/spel}"
LEZ_PROGRAMS="${LEZ_PROGRAMS:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}"
IDL="${IDL:-$LEZ_PROGRAMS/artifacts/token-idl.json}"
TOKEN_BIN="${TOKEN_BIN:-$LEZ_PROGRAMS/target/riscv-guest/token-methods/token-guest/riscv32im-risc0-zkvm-elf/release/token.bin}"
WALLET_DIR="${WALLET_DIR:-$(pwd)/.scaffold/wallet}"
# 1. Start localnet if not running
echo "[1/7] Checking localnet..."
lgs localnet status --json 2>/dev/null | grep -q '"running":true' || lgs localnet start
b58_to_hex() {
local id="${1#Public/}"
id="${id#Private/}"
python3 -c "
import sys
s = sys.argv[1]
alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
num = 0
for c in s:
num = num * 58 + alphabet.index(c)
print(num.to_bytes(32, 'big').hex())
" "$id"
}
echo "=== Variable Supply Token (Authority Rotation) Example ==="
echo "[1/5] Checking localnet..."
lgs localnet status 2>/dev/null | grep -q "ready: true" || lgs localnet start
echo " Localnet ready."
# 2. Set up two wallets (alice = current wallet default, bob = second key)
echo "[2/7] Setting up accounts..."
ALICE=$(lgs wallet -- account default)
DEF_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
ALICE_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
echo " Alice: $ALICE"
echo "[2/5] Creating accounts..."
DEF_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}')
HOLD_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}')
NEW_AUTH_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}')
DEF_ID_HEX=$(b58_to_hex "$DEF_ID")
NEW_AUTH_HEX=$(b58_to_hex "$NEW_AUTH_ID")
echo " Definition: $DEF_ID"
echo " New authority (rotation target): $NEW_AUTH_ID"
# 3. Create token with alice as mint authority
echo "[3/7] Alice creates token with mint authority..."
lgs wallet -- token new-with-authority \
--definition "$DEF_ID" \
--holding "$ALICE_HOLD" \
--name "VarCoin" \
--initial-supply 100000 \
--mint-authority "$ALICE"
echo " Token created. Alice is mint authority."
echo "[3/5] Creating token with mint authority (the definition account)..."
NSSA_WALLET_HOME_DIR="$WALLET_DIR" \
"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \
-- new-fungible-definition-with-authority \
--definition-target-account "$DEF_ID" \
--holding-target-account "$HOLD_ID" \
--name "VarCoin" \
--initial-supply 100000 \
--mint-authority "$DEF_ID_HEX"
echo " Token 'VarCoin' created. Initial supply: 100,000"
sleep 2
# 4. Alice mints 50,000 tokens
echo "[4/7] Alice mints 50,000 tokens..."
lgs wallet -- token mint \
--definition "$DEF_ID" \
--holding "$ALICE_HOLD" \
--amount 50000
echo " Minted. Alice holding: 150,000"
echo "[4/5] Minting 50,000 more (authority-gated)..."
NSSA_WALLET_HOME_DIR="$WALLET_DIR" \
"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \
-- mint \
--definition-account "$DEF_ID" \
--authority-account "$DEF_ID" \
--user-holding-account "$HOLD_ID" \
--amount-to-mint 50000
echo " Minted. Total supply: 150,000"
sleep 2
# 5. Alice rotates authority to bob
echo "[5/7] Alice rotates mint authority to bob..."
BOB=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
lgs wallet -- token set-authority \
--definition "$DEF_ID" \
--new-authority "$BOB"
echo " Authority rotated to bob: $BOB"
# 6. Alice tries to mint — should fail
echo "[6/7] Verifying alice can no longer mint..."
EXTRA_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
if lgs wallet -- token mint \
--definition "$DEF_ID" \
--holding "$EXTRA_HOLD" \
--amount 1 2>&1 | grep -q "authorization\|unauthorized\|authority"; then
echo " ✓ Alice correctly rejected after authority rotation"
else
echo " ✗ FAIL: Expected alice to be rejected after rotation"
exit 1
fi
# 7. Bob mints successfully (bob now controls the definition account)
echo "[7/7] Bob mints 25,000 tokens..."
BOB_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}')
lgs wallet -- token set-authority \
--definition "$DEF_ID" \
--new-authority "$BOB" 2>/dev/null || true
echo " (Note: full bob mint requires bob wallet session — see README)"
echo " Authority rotation verified structurally via unit tests."
echo "[5/5] Rotating mint authority to a new key..."
NSSA_WALLET_HOME_DIR="$WALLET_DIR" \
"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \
-- set-authority \
--definition-account "$DEF_ID" \
--authority-account "$DEF_ID" \
--new-authority "$NEW_AUTH_HEX"
echo " Authority rotated to: $NEW_AUTH_ID"
echo " After rotation, only the new authority's signer can mint —"
echo " enforced by lez-authority and covered by unit/integration tests."
echo ""
echo "=== Variable Supply Token Example PASSED ==="
echo "=== Variable Supply Token Example complete ==="