From 0cb99fe031208994c3a4ddb7a705f13551c4e7d3 Mon Sep 17 00:00:00 2001 From: bristinWild Date: Wed, 3 Jun 2026 01:51:57 +0530 Subject: [PATCH] refactor(examples): rewrite fixed/variable supply scripts to use verified spel flow - replace unverified 'lgs wallet -- token' subcommands with the same spel invocations as demo-full-flow.sh (correct flags, base58->hex authority) - use the new --authority-account signer model - remove misleading || true error-swallowing and false 'verified' claims; point to the unit/integration tests that actually prove the guarantees --- scripts/examples/fixed_supply_token.sh | 115 ++++++++++-------- scripts/examples/variable_supply_token.sh | 140 ++++++++++++---------- 2 files changed, 144 insertions(+), 111 deletions(-) diff --git a/scripts/examples/fixed_supply_token.sh b/scripts/examples/fixed_supply_token.sh index bf4767d..0537436 100755 --- a/scripts/examples/fixed_supply_token.sh +++ b/scripts/examples/fixed_supply_token.sh @@ -1,62 +1,77 @@ #!/usr/bin/env bash -# LP-0013 Example 1: Fixed Supply Token -# Creates a token, mints initial supply, then permanently revokes mint authority. -# After revocation, any further minting is rejected. +# LP-0013 Example: Fixed Supply Token +# +# Demonstrates, against a real LEZ sequencer via spel: +# - creating a fungible token with a mint authority +# - minting additional supply (authority-gated) +# - permanently revoking the mint authority (fixed supply) +# +# After revocation, AuthoritySlot rejects any further mint. That guarantee is +# covered by: +# - token_program unit tests: mint_with_revoked_authority_fails, +# set_authority_on_revoked_fails +# - integration test: token_set_authority_revoke +# Run them with: RISC0_DEV_MODE=0 cargo test -p token_program -p lez-authority --lib +# +# Usage (from inside an lgs scaffold project dir): +# RISC0_DEV_MODE=0 bash /scripts/examples/fixed_supply_token.sh set -euo pipefail -echo "=== Fixed Supply Token Example ===" -echo "" +SPEL="${SPEL:-$HOME/rebase-lez/spel/target/release/spel}" +LEZ_PROGRAMS="${LEZ_PROGRAMS:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +IDL="${IDL:-$LEZ_PROGRAMS/artifacts/token-idl.json}" +TOKEN_BIN="${TOKEN_BIN:-$LEZ_PROGRAMS/target/riscv-guest/token-methods/token-guest/riscv32im-risc0-zkvm-elf/release/token.bin}" +WALLET_DIR="${WALLET_DIR:-$(pwd)/.scaffold/wallet}" -# 1. Start localnet if not running -echo "[1/6] Checking localnet..." -lgs localnet status --json 2>/dev/null | grep -q '"running":true' || lgs localnet start +b58_to_hex() { + local id="${1#Public/}" + id="${id#Private/}" + python3 -c " +import sys +s = sys.argv[1] +alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' +num = 0 +for c in s: + num = num * 58 + alphabet.index(c) +print(num.to_bytes(32, 'big').hex()) +" "$id" +} + +echo "=== Fixed Supply Token Example ===" + +echo "[1/4] Checking localnet..." +lgs localnet status 2>/dev/null | grep -q "ready: true" || lgs localnet start echo " Localnet ready." -# 2. Create definition and holding accounts -echo "[2/6] Creating accounts..." -DEF_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -HOLD_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') +echo "[2/4] Creating accounts..." +DEF_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') +HOLD_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') +DEF_ID_HEX=$(b58_to_hex "$DEF_ID") echo " Definition: $DEF_ID" echo " Holding: $HOLD_ID" -# 3. Create token WITH mint authority (so we can mint more later) -echo "[3/6] Creating token with mint authority..." -lgs wallet -- token new-with-authority \ - --definition "$DEF_ID" \ - --holding "$HOLD_ID" \ - --name "FixedCoin" \ - --initial-supply 1000000 \ - --mint-authority "$(lgs wallet -- account default)" -echo " Token created. Initial supply: 1,000,000" +echo "[3/4] Creating token with mint authority..." +NSSA_WALLET_HOME_DIR="$WALLET_DIR" \ +"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ + -- new-fungible-definition-with-authority \ + --definition-target-account "$DEF_ID" \ + --holding-target-account "$HOLD_ID" \ + --name "FixedCoin" \ + --initial-supply 1000000 \ + --mint-authority "$DEF_ID_HEX" +echo " Token 'FixedCoin' created. Initial supply: 1,000,000" +sleep 2 -# 4. Mint additional tokens -echo "[4/6] Minting 500,000 additional tokens..." -MINT_HOLD_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -lgs wallet -- token mint \ - --definition "$DEF_ID" \ - --holding "$MINT_HOLD_ID" \ - --amount 500000 -echo " Minted. Total supply: 1,500,000" - -# 5. Revoke mint authority (fix the supply permanently) -echo "[5/6] Revoking mint authority (fixing supply permanently)..." -lgs wallet -- token set-authority \ - --definition "$DEF_ID" \ - --new-authority none -echo " Authority revoked. Supply is now permanently fixed." - -# 6. Verify: minting now fails -echo "[6/6] Verifying minting is rejected after revocation..." -EXTRA_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -if lgs wallet -- token mint \ - --definition "$DEF_ID" \ - --holding "$EXTRA_HOLD" \ - --amount 1 2>&1 | grep -q "revoked\|fixed supply"; then - echo " ✓ Minting correctly rejected: authority revoked" -else - echo " ✗ FAIL: Expected rejection after authority revocation" - exit 1 -fi +echo "[4/4] Revoking mint authority (fixing supply permanently)..." +NSSA_WALLET_HOME_DIR="$WALLET_DIR" \ +"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ + -- set-authority \ + --definition-account "$DEF_ID" \ + --authority-account "$DEF_ID" \ + --new-authority none +echo " Authority revoked. Supply is permanently fixed at 1,000,000." +echo " Any further mint is now rejected — enforced by lez-authority and" +echo " covered by mint_with_revoked_authority_fails / token_set_authority_revoke." echo "" -echo "=== Fixed Supply Token Example PASSED ===" +echo "=== Fixed Supply Token Example complete ===" diff --git a/scripts/examples/variable_supply_token.sh b/scripts/examples/variable_supply_token.sh index d89d753..9c58dd0 100755 --- a/scripts/examples/variable_supply_token.sh +++ b/scripts/examples/variable_supply_token.sh @@ -1,73 +1,91 @@ #!/usr/bin/env bash -# LP-0013 Example 2: Variable Supply Token with Authority Rotation -# Creates a token with alice as mint authority, mints tokens, -# rotates authority to bob, verifies alice can no longer mint, -# then bob mints successfully. +# LP-0013 Example: Variable Supply Token with Authority Rotation +# +# Demonstrates, against a real LEZ sequencer via spel: +# - creating a fungible token with a mint authority +# - minting additional supply (authority-gated) +# - rotating the mint authority to a new key +# +# The guarantee that the OLD authority can no longer mint after rotation — +# and that only the current authority's signer is accepted — is enforced by +# lez-authority's AuthoritySlot and covered by: +# - token_program unit tests: set_authority_rotate_then_old_cannot_mint, +# mint_with_wrong_signer_fails, set_authority_wrong_signer_fails +# - integration test: token_set_authority_revoke +# Run them with: RISC0_DEV_MODE=0 cargo test -p token_program -p lez-authority --lib +# +# Usage (from inside an lgs scaffold project dir): +# RISC0_DEV_MODE=0 bash /scripts/examples/variable_supply_token.sh set -euo pipefail -echo "=== Variable Supply Token (Authority Rotation) Example ===" -echo "" +SPEL="${SPEL:-$HOME/rebase-lez/spel/target/release/spel}" +LEZ_PROGRAMS="${LEZ_PROGRAMS:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}" +IDL="${IDL:-$LEZ_PROGRAMS/artifacts/token-idl.json}" +TOKEN_BIN="${TOKEN_BIN:-$LEZ_PROGRAMS/target/riscv-guest/token-methods/token-guest/riscv32im-risc0-zkvm-elf/release/token.bin}" +WALLET_DIR="${WALLET_DIR:-$(pwd)/.scaffold/wallet}" -# 1. Start localnet if not running -echo "[1/7] Checking localnet..." -lgs localnet status --json 2>/dev/null | grep -q '"running":true' || lgs localnet start +b58_to_hex() { + local id="${1#Public/}" + id="${id#Private/}" + python3 -c " +import sys +s = sys.argv[1] +alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' +num = 0 +for c in s: + num = num * 58 + alphabet.index(c) +print(num.to_bytes(32, 'big').hex()) +" "$id" +} + +echo "=== Variable Supply Token (Authority Rotation) Example ===" + +echo "[1/5] Checking localnet..." +lgs localnet status 2>/dev/null | grep -q "ready: true" || lgs localnet start echo " Localnet ready." -# 2. Set up two wallets (alice = current wallet default, bob = second key) -echo "[2/7] Setting up accounts..." -ALICE=$(lgs wallet -- account default) -DEF_ID=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -ALICE_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -echo " Alice: $ALICE" +echo "[2/5] Creating accounts..." +DEF_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') +HOLD_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') +NEW_AUTH_ID=$(lgs wallet -- account new public 2>&1 | grep -oE 'account_id [^ ]+' | awk '{print $2}') +DEF_ID_HEX=$(b58_to_hex "$DEF_ID") +NEW_AUTH_HEX=$(b58_to_hex "$NEW_AUTH_ID") echo " Definition: $DEF_ID" +echo " New authority (rotation target): $NEW_AUTH_ID" -# 3. Create token with alice as mint authority -echo "[3/7] Alice creates token with mint authority..." -lgs wallet -- token new-with-authority \ - --definition "$DEF_ID" \ - --holding "$ALICE_HOLD" \ - --name "VarCoin" \ - --initial-supply 100000 \ - --mint-authority "$ALICE" -echo " Token created. Alice is mint authority." +echo "[3/5] Creating token with mint authority (the definition account)..." +NSSA_WALLET_HOME_DIR="$WALLET_DIR" \ +"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ + -- new-fungible-definition-with-authority \ + --definition-target-account "$DEF_ID" \ + --holding-target-account "$HOLD_ID" \ + --name "VarCoin" \ + --initial-supply 100000 \ + --mint-authority "$DEF_ID_HEX" +echo " Token 'VarCoin' created. Initial supply: 100,000" +sleep 2 -# 4. Alice mints 50,000 tokens -echo "[4/7] Alice mints 50,000 tokens..." -lgs wallet -- token mint \ - --definition "$DEF_ID" \ - --holding "$ALICE_HOLD" \ - --amount 50000 -echo " Minted. Alice holding: 150,000" +echo "[4/5] Minting 50,000 more (authority-gated)..." +NSSA_WALLET_HOME_DIR="$WALLET_DIR" \ +"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ + -- mint \ + --definition-account "$DEF_ID" \ + --authority-account "$DEF_ID" \ + --user-holding-account "$HOLD_ID" \ + --amount-to-mint 50000 +echo " Minted. Total supply: 150,000" +sleep 2 -# 5. Alice rotates authority to bob -echo "[5/7] Alice rotates mint authority to bob..." -BOB=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -lgs wallet -- token set-authority \ - --definition "$DEF_ID" \ - --new-authority "$BOB" -echo " Authority rotated to bob: $BOB" - -# 6. Alice tries to mint — should fail -echo "[6/7] Verifying alice can no longer mint..." -EXTRA_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -if lgs wallet -- token mint \ - --definition "$DEF_ID" \ - --holding "$EXTRA_HOLD" \ - --amount 1 2>&1 | grep -q "authorization\|unauthorized\|authority"; then - echo " ✓ Alice correctly rejected after authority rotation" -else - echo " ✗ FAIL: Expected alice to be rejected after rotation" - exit 1 -fi - -# 7. Bob mints successfully (bob now controls the definition account) -echo "[7/7] Bob mints 25,000 tokens..." -BOB_HOLD=$(lgs wallet -- account new --public | grep "account_id" | awk '{print $2}') -lgs wallet -- token set-authority \ - --definition "$DEF_ID" \ - --new-authority "$BOB" 2>/dev/null || true -echo " (Note: full bob mint requires bob wallet session — see README)" -echo " Authority rotation verified structurally via unit tests." +echo "[5/5] Rotating mint authority to a new key..." +NSSA_WALLET_HOME_DIR="$WALLET_DIR" \ +"$SPEL" --idl "$IDL" --program "$TOKEN_BIN" \ + -- set-authority \ + --definition-account "$DEF_ID" \ + --authority-account "$DEF_ID" \ + --new-authority "$NEW_AUTH_HEX" +echo " Authority rotated to: $NEW_AUTH_ID" +echo " After rotation, only the new authority's signer can mint —" +echo " enforced by lez-authority and covered by unit/integration tests." echo "" -echo "=== Variable Supply Token Example PASSED ===" +echo "=== Variable Supply Token Example complete ==="