Second review round on PR #125 (LP-0013):
- set_authority now rejects foreign-owned definitions. It takes the
ProgramContext and asserts definition_account.program_owner ==
self_program_id, matching mint and initialize_account. Without this a
foreign-owned account with token-shaped data could have its authority
field rewritten. Added test_set_authority_rejects_foreign_owned_definition.
- demo-full-flow.sh now calls instruction and flag names that exist in
the regenerated token IDL: new-fungible-definition (was the nonexistent
new-fungible-definition-with-authority), --total-supply (was
--initial-supply), and drops --authority-account for the self-authority
mint/set-authority path (the rest account is --authority-accounts and is
empty when the definition is its own authority).
- Stripped a trailing-space lint nit in docs/LP-0013-README.md.
Addresses review on PR #125 (LP-0013):
#1 authority transfer now hands control to the new signer. mint and
set_authority take a trailing authority_accounts (Vec<AccountWithMetadata>):
empty preserves the original self/PDA-authority behavior (AMM unchanged),
one entry lets an external/rotated authority actually mint or rotate again.
Tests: rotated_authority_can_mint, rotated_authority_old_key_cannot_mint.
#2 metadata-backed fungibles take a real mint_authority instead of a
hardcoded Authority::renounced(), matching the plain-fungible supply model.
Test: test_metadata_fungible_with_authority_is_mintable.
#3 demo-full-flow.sh resolves TOKEN_BIN from the README-documented
cargo risczero build output, falling back to the workspace build, with an
explicit TOKEN_BIN override still respected.
Regenerated token-idl.json for the new trailing authority_accounts.
Addresses @0x-r4bbit's review:
- lez-authority now provides an Authority(Option<[u8;32]>) newtype and an
Ownable trait (require_owner / transfer_ownership / renounce_ownership);
programs embed the authority slot in their account type instead of calling
a wrapper. Replaces the old AuthoritySlot.
- TokenDefinition::Fungible embeds authority: Authority; TokenDefinition
implements Ownable.
- Fold mint authority into NewFungibleDefinition { mint_authority: Option<AccountId> };
remove the separate NewFungibleDefinitionWithAuthority instruction.
- mint/set_authority authorize against the definition account itself (its id
must match the stored authority and be authorized in the tx), restoring the
2-account mint shape and supporting PDA authorities.
- Fix AMM: the pool-definition PDA is now the LP token's mint authority, so the
AMM mints LP at creation and on add-liquidity (was permanently revoked).
- Instruction params use AccountId; remove LP-0013-specific comments.
- Regenerate token/amm/ata/stablecoin IDLs.
Tests: lez-authority 8, token unit 56, token/amm/stablecoin/ata integration all
green under RISC0_DEV_MODE=1; fmt + clippy clean.
- set_authority rejects all-zero new_authority on rotation (matches creation guard)
- SetAuthority/Mint doc comments now list the required authority signer account
- README: add --authority-account to mint/set-authority CLI examples,
correct error-code table to actual panic strings, make program ID build-dependent
- new_fungible_definition_with_authority rejects all-zero mint_authority (RFP-001 reliability)
- add test_new_fungible_definition_with_authority_rejects_zero_authority
- restore demo-full-flow.sh (had been overwritten with example content); now
uses the correct account parsing, base58->hex authority, and --authority-account flag
- commit updated Cargo.lock files for the lez-authority dependency