Brings the nullifier-based wallet balance fetch (NullifierIndex,
sync_updates_via_nullifiers) onto the vpk-binding base, so account
updates are found by nullifier rather than only by view tag.
Conflict resolutions (semantic):
- wallet/lib.rs: keep vpk-binding's for_private_account(npk, vpk, kind);
add theirs' nsk into the 4-tuple consumed by index.track().
- wallet/storage/key_chain.rs: keep theirs' private_account/private_accounts
split (the iterator is reused by the nullifier index) and restore the vpk
in the derivation; adapt 4 pre-vpk call sites (for_private_account 2->3 arg,
AccountId::from((npk,id)) -> (npk,vpk,id)).
- artifacts/*: took ours; regenerate with `just build-artifacts`.
* refactor(privacy_preserving_circuit): extract functions for readability
* refactor(privacy_preserving_circuit): address PR review comments
Bundle shared handle_* arguments into PrivateOutputHandler struct in
output.rs and fix misplaced docstring on resolve_external_seed in
execution_state.rs.
* feat: update commitment mechanism for new private account (#546)
* refactor(privacy_preserving_circuit): extract functions for readability
* feat: update commitment mechanism for new private accounts
Allow init accounts to optionally use a real membership proof for
DUMMY_COMMITMENT instead of hardcoding DUMMY_COMMITMENT_HASH as the
CommitmentSetDigest. The wallet fetches the proof from the sequencer
and passes it through the circuit.
* fix: address clippy lints and fix integration test visibility
* add tests
* refactor: removed duplicated code
* refactor: simplify init nullifier mechanism
Replace Option<MembershipProof> with Option<CommitmentSetDigest> on init
variants (PrivateAuthorizedInit, PrivateUnauthorized, PrivatePdaInit).
The circuit now receives the commitment tree root directly instead of
recomputing it from a Merkle proof.
* refactor: use CommitmentSetDigest directly instead of Option for init commitment root
Address PR #546 review feedback: the circuit now accepts CommitmentSetDigest
directly on init variants (PrivateAuthorizedInit, PrivateUnauthorized,
PrivatePdaInit), with callers providing DUMMY_COMMITMENT_HASH as the default.
Also fixes duplicate resolve_external_seed from rebase and rebuilds artifacts.
* style: run cargo +nightly fmt
Rename os_random field to random_seed per review feedback. Fix tests
that constructed SharedSecretKey with a hardcoded EphemeralSecretKey
instead of deriving it via EphemeralSecretKey::new.
Introduce EphemeralSecretKey as a proper struct with EphemeralSecretKey::new()
that derives esk from SHA256("/LEE/v0.3/esk/" || account_id || os_random || nonce).
Rename witness field from esk to os_random. Simplify encapsulate_deterministic
to accept pre-derived EphemeralSecretKey directly.
The indexer's storage location was the `home` field of IndexerConfig, used only to derive the RocksDB dir. Defaulting to "." meant it landed in the process CWD — fine for the standalone service, but wrong when the indexer runs embedded in a logos_host subprocess (RocksDB ended up in an arbitrary/unwritable dir). Storage location is an operational concern the host should own, not something baked into a user-editable config.
Remove `home` from IndexerConfig and pass the storage directory explicitly:
- core: `IndexerCore::new(config, storage_dir)` derives `<storage_dir>/rocksdb`.
- ffi: `start_indexer(runtime, config_path, storage_dir)`; null/empty storage_dir falls back to ".". Lets a host (e.g. a Logos module's instance persistence path) own where state lives.
- service: `run_server(config, storage_dir, port)` + a `--data-dir` flag (default ".") on the binary, preserving current behaviour.
- drop `home` from the committed indexer config JSONs and the test fixtures.
BREAKING CHANGE: `start_indexer` gains a `storage_dir` parameter and IndexerConfig no longer has a `home` field.