prove_init_with_commitment_root (private.rs) and build_privacy_transaction
(tps.rs) still built PrivateForeignInit recipients with is_authorized: false,
same stale-semantics bug fixed earlier in the lee crate's own tests.
The prebuilt sequencer DB dump embeds program IDs derived from guest ELF
bytes, which shifted once the PrivateForeignInit rename changed lee_core
(compiled into every guest program). The stale dump caused widespread
"Unknown program" failures across integration test suites that exercise
deployed programs (wallet_ffi, auth_transfer, bridge, amm, token, pinata,
ata, indexer state-consistency checks). Regenerated via
`just regenerate-test-fixture`.
The account_identity's is_authorized flag no longer determines
authorization for this variant, so keep the name tied to what
actually distinguishes it: no nsk, only npk (a foreign account init).
BREAKING:
Before: An endpoint exposing getting a single proof for a commitment
existed.
After: There is one endpoint where you give a vector of commitments
and a vector of Maybe proofs back alongside the shared root.
Mitigation: Use the new rpc endpoint with the appopriate vector.
Breaking:
1. Now a lot of wallet commands return `TransactionExecuted`, instead of `Empty`.
2. Sequencer's `getTransaction()` RPC response changed from `tx` to `(tx, block_id)`
* refactoring integration_tests::keys
* refactor integration_tests: extract new_account/send/restored_private_account helpers
Move repeated account-creation and transfer boilerplate into four public
helpers in integration_tests/src/lib.rs (new_account, send,
restored_private_account, assert_public_account_restored), then apply them
across keys.rs, ata.rs, auth_transfer/public.rs, auth_transfer/private.rs,
token.rs, and amm.rs. Net result: -816 lines of boilerplate.
* Additional refactors
* refactor(integration_tests): apply shared helpers to remaining test files
Use account_balance, get_account, new_account, send, and sync_private
helpers in public.rs, pinata.rs, private_pda.rs, program_deployment.rs,
and token.rs to reduce boilerplate and improve consistency.
* refactor(privacy_preserving_circuit): extract functions for readability
* refactor(privacy_preserving_circuit): address PR review comments
Bundle shared handle_* arguments into PrivateOutputHandler struct in
output.rs and fix misplaced docstring on resolve_external_seed in
execution_state.rs.
* feat: update commitment mechanism for new private account (#546)
* refactor(privacy_preserving_circuit): extract functions for readability
* feat: update commitment mechanism for new private accounts
Allow init accounts to optionally use a real membership proof for
DUMMY_COMMITMENT instead of hardcoding DUMMY_COMMITMENT_HASH as the
CommitmentSetDigest. The wallet fetches the proof from the sequencer
and passes it through the circuit.
* fix: address clippy lints and fix integration test visibility
* add tests
* refactor: removed duplicated code
* refactor: simplify init nullifier mechanism
Replace Option<MembershipProof> with Option<CommitmentSetDigest> on init
variants (PrivateAuthorizedInit, PrivateUnauthorized, PrivatePdaInit).
The circuit now receives the commitment tree root directly instead of
recomputing it from a Merkle proof.
* refactor: use CommitmentSetDigest directly instead of Option for init commitment root
Address PR #546 review feedback: the circuit now accepts CommitmentSetDigest
directly on init variants (PrivateAuthorizedInit, PrivateUnauthorized,
PrivatePdaInit), with callers providing DUMMY_COMMITMENT_HASH as the default.
Also fixes duplicate resolve_external_seed from rebase and rebuilds artifacts.
* style: run cargo +nightly fmt
Rename os_random field to random_seed per review feedback. Fix tests
that constructed SharedSecretKey with a hardcoded EphemeralSecretKey
instead of deriving it via EphemeralSecretKey::new.
Introduce EphemeralSecretKey as a proper struct with EphemeralSecretKey::new()
that derives esk from SHA256("/LEE/v0.3/esk/" || account_id || os_random || nonce).
Rename witness field from esk to os_random. Simplify encapsulate_deterministic
to accept pre-derived EphemeralSecretKey directly.
* initialize pq encryption changes
* key agreement update
* add test and other fixes
* ci fixes
* fix unit tests
* updates from main and ci
* added updated specs for pq encryption
* addressing comments
* addressed comments
* fix clippy errors from main merge
* Rebased to main
BREAKING CHANGE:
- Crate `nssa` renamed to `lee`; update `Cargo.toml` dependencies from `nssa = { workspace = true }` to `lee = { workspace = true }`.
- Crate `nssa_core` renamed to `lee_core`; update similarly.
- Crate `key_protocol` moved under `lee`; update `Cargo.toml` dependencies from `key_protocol = { workspace = true }` to `lee_key_protocol = { workspace = true }`.
- Type `NSSATransaction` (in `common`) renamed to `LeeTransaction`.
- Error type `nssa::error::NssaError` renamed to `lee::error::LeeError`.
- Error type `nssa_core::error::NssaCoreError` renamed to `lee_core::error::LeeCoreError`.
- All `use nssa::` and `use nssa_core::` import paths must be updated to `use lee::` and `use lee_core::` respectively.
- Guest programs must replace `write_nssa_outputs` with `write_lee_outputs`.
- The sequencer RocksDB column family for the chain state was renamed. Existing databases are incompatible and must be wiped before running the new version.
- Domain separators updated: `"NSSA_seed"` → `"LEE_seed"` (key derivation), `"NSSA/v0.2/KDF-SHA256/"` → `"LEE/v0.2/KDF-SHA256/"` (encryption KDF), `"/NSSA/v0.2/AccountId/PDA/"` →
`"/LEE/v0.2/AccountId/PDA/"` (public PDA address derivation). All previously derived keys, encrypted outputs, and public PDA addresses are invalidated.
Following the work done in
https://github.com/logos-blockchain/lssa/pull/292 and the comment on
extending the work
https://github.com/logos-blockchain/lssa/pull/292#pullrequestreview-3672282664,
this commit introduces a new `--label` option to the `wallet account
new` sub command.
**Usage**:
```
wallet account new public --label "Public test account"
wallet account new private --label "Private test account"
```
Labels have to be unique across all accounts in the wallet storage.
The commit also adds tests, which make use of the `WalletSubCommand`
trait functions (hence the change to make it a `pub trait`).