refactor proxy program

2026-05-13 03:30:05 +00:00 · 2026-05-06 12:17:30 -03:00 · 2026-05-06 12:17:30 -03:00 · d24931c643
commit d24931c643
parent fb4ddb055a
3 changed files with 54 additions and 29 deletions
--- a/artifacts/test_program_methods/auth_transfer_proxy.bin
+++ b/artifacts/test_program_methods/auth_transfer_proxy.bin
--- a/integration_tests/tests/private_pda.rs
+++ b/integration_tests/tests/private_pda.rs
@ -12,7 +12,7 @@ use integration_tests::{
 };
 use log::info;
 use nssa::{
-    AccountId,
+    AccountId, ProgramId,
    privacy_preserving_transaction::circuit::ProgramWithDependencies,
    program::Program,
 };
@ -21,10 +21,11 @@ use tokio::test;
 use wallet::{PrivacyPreservingAccount, WalletCore};
 use wallet::cli::{Command, account::AccountSubcommand};

-/// Funds a private PDA via auth_transfer directly (no proxy).
+/// Funds a private PDA via the proxy program with a chained call to auth_transfer.
 ///
-/// The PDA is foreign: the wallet knows its account_id/npk/vpk but not the nsk.
-/// auth_transfer claims the uninitialized PDA with Claim::Authorized on the first receive.
+/// A direct call to auth_transfer cannot establish the PDA-to-npk binding because it uses
+/// `Claim::Authorized` rather than `Claim::Pda`. Routing through the proxy provides the binding
+/// via `pda_seeds` in the chained call to auth_transfer.
 async fn fund_private_pda(
    wallet: &WalletCore,
    sender: AccountId,
@ -32,8 +33,10 @@ async fn fund_private_pda(
    npk: NullifierPublicKey,
    vpk: ViewingPublicKey,
    identifier: u128,
+    seed: PdaSeed,
    amount: u128,
-    auth_transfer: &ProgramWithDependencies,
+    proxy_program: &ProgramWithDependencies,
+    auth_transfer_id: ProgramId,
 ) -> Result<()> {
    wallet
        .send_privacy_preserving_tx(
@ -46,9 +49,9 @@ async fn fund_private_pda(
                    identifier,
                },
            ],
-            Program::serialize_instruction(amount)
-                .context("failed to serialize auth_transfer instruction")?,
-            auth_transfer,
+            Program::serialize_instruction((seed, amount, auth_transfer_id, true))
+                .context("failed to serialize auth_transfer_proxy fund instruction")?,
+            proxy_program,
        )
        .await
        .map_err(|e| anyhow::anyhow!("{e}"))?;
@ -78,7 +81,7 @@ async fn spend_private_pda(
                    identifier: 0,
                },
            ],
-            Program::serialize_instruction((seed, amount, auth_transfer_id))
+            Program::serialize_instruction((seed, amount, auth_transfer_id, false))
                .context("failed to serialize auth_transfer_proxy instruction")?,
            spend_program,
        )
@ -124,7 +127,6 @@ async fn private_pda_family_members_receive_and_spend() -> Result<()> {
    let seed = PdaSeed::new([42; 32]);
    let amount: u128 = 100;

-    let auth_transfer_program = ProgramWithDependencies::new(auth_transfer.clone(), [].into());
    let spend_program =
        ProgramWithDependencies::new(proxy, [(auth_transfer_id, auth_transfer)].into());

@ -146,8 +148,10 @@ async fn private_pda_family_members_receive_and_spend() -> Result<()> {
        alice_npk,
        alice_vpk.clone(),
        0,
+        seed,
        amount,
-        &auth_transfer_program,
+        &spend_program,
+        auth_transfer_id,
    )
    .await?;

@ -159,8 +163,10 @@ async fn private_pda_family_members_receive_and_spend() -> Result<()> {
        alice_npk,
        alice_vpk.clone(),
        1,
+        seed,
        amount,
-        &auth_transfer_program,
+        &spend_program,
+        auth_transfer_id,
    )
    .await?;

--- a/test_program_methods/guest/src/bin/auth_transfer_proxy.rs
+++ b/test_program_methods/guest/src/bin/auth_transfer_proxy.rs
@ -1,17 +1,22 @@
-use nssa_core::program::{
-    AccountPostState, ChainedCall, PdaSeed, ProgramId, ProgramInput, ProgramOutput,
-    read_nssa_inputs,
+use nssa_core::{
+    account::AccountWithMetadata,
+    program::{AccountPostState, ChainedCall, PdaSeed, ProgramId, ProgramInput, ProgramOutput, read_nssa_inputs},
 };
 use risc0_zkvm::serde::to_vec;

-/// Spends from a private PDA by proxying the debit through auth_transfer.
+/// Proxy for interacting with private PDAs via auth_transfer.
 ///
-/// pre_states[0] = the private PDA (must be authorized)
-/// pre_states[1] = the recipient
+/// The `is_fund` flag selects the operating mode:
 ///
-/// The PDA-to-npk binding is established via `pda_seeds` in the chained call to auth_transfer.
-/// Funding a PDA is done by calling auth_transfer directly (no proxy needed).
-type Instruction = (PdaSeed, u128, ProgramId);
+/// - `false` (Spend): pre_states = [pda (authorized), recipient].
+///   Debits the PDA. The PDA-to-npk binding is established via `pda_seeds` in the chained
+///   call to auth_transfer.
+///
+/// - `true` (Fund): pre_states = [sender (authorized), pda (foreign/uninitialized)].
+///   Credits the PDA. A direct call to auth_transfer cannot bind the PDA because auth_transfer
+///   uses `Claim::Authorized`, not `Claim::Pda`. Routing through this proxy establishes the
+///   binding via `pda_seeds` in the chained call.
+type Instruction = (PdaSeed, u128, ProgramId, bool);

 fn main() {
    let (
@ -19,24 +24,38 @@ fn main() {
            self_program_id,
            caller_program_id,
            pre_states,
-            instruction: (seed, amount, auth_transfer_id),
+            instruction: (seed, amount, auth_transfer_id, is_fund),
        },
        instruction_words,
    ) = read_nssa_inputs::<Instruction>();

-    let Ok([pda, recipient]) = <[_; 2]>::try_from(pre_states) else {
+    let Ok([first, second]) = <[_; 2]>::try_from(pre_states) else {
        return;
    };

-    assert!(pda.is_authorized, "PDA must be authorized");
+    assert!(first.is_authorized, "first pre_state must be authorized");

-    let pda_post = AccountPostState::new(pda.account.clone());
-    let recipient_post = AccountPostState::new(recipient.account.clone());
+    // In Fund mode the PDA (second) starts unauthorized (PrivatePdaForeign). We pass it to the
+    // chained call with is_authorized=true so the value matches what the circuit will resolve via
+    // pda_seeds, satisfying the consistency assertion in validate_and_sync_states.
+    let chained_pre_states = if is_fund {
+        let pda_authorized = AccountWithMetadata {
+            account: second.account.clone(),
+            account_id: second.account_id,
+            is_authorized: true,
+        };
+        vec![first.clone(), pda_authorized]
+    } else {
+        vec![first.clone(), second.clone()]
+    };
+
+    let first_post = AccountPostState::new(first.account.clone());
+    let second_post = AccountPostState::new(second.account.clone());

    let chained_call = ChainedCall {
        program_id: auth_transfer_id,
        instruction_data: to_vec(&amount).unwrap(),
-        pre_states: vec![pda.clone(), recipient.clone()],
+        pre_states: chained_pre_states,
        pda_seeds: vec![seed],
    };

@ -44,8 +63,8 @@ fn main() {
        self_program_id,
        caller_program_id,
        instruction_words,
-        vec![pda, recipient],
-        vec![pda_post, recipient_post],
+        vec![first, second],
+        vec![first_post, second_post],
    )
    .with_chained_calls(vec![chained_call])
    .write();