Skip to content

Devnet full protocol flow — US1 complete#20

Merged
paolino merged 33 commits intomainfrom
003-devnet-full-flow
Apr 21, 2026
Merged

Devnet full protocol flow — US1 complete#20
paolino merged 33 commits intomainfrom
003-devnet-full-flow

Conversation

@paolino
Copy link
Copy Markdown
Contributor

@paolino paolino commented Apr 21, 2026
edited
Loading

Summary

Full devnet E2E protocol flow for US1 (#9), covering coalition bootstrap through settlement and redemption.

Architecture: unified voucher validator

All three operations (spend, redeem, revert) use a single on-chain validator with a `VoucherAction` sum-type redeemer. One script, one address — the redeemer variant (Constr 0/1/2) selects the operation.

Patches

  • T001–T004: Skeleton Aiken modules, Haskell scaffolding, fixture generation
  • T005–T009: On-chain types, Haskell ToData/FromData
  • T010–T014: DevnetEnv, HarvestFlow, coalition-metadata apply
  • T015–T017: Coalition bootstrap + shop/reificator onboard
  • T016b: Coalition sig fix (own_ref vs txid)
  • T021–T023: Coalition ref input checks, DevnetSpendSpec migration
  • T018–T020: Settlement scenarios (first, second, negative)
  • T028–T030/T024–T027: Redemption validator + DevnetRedeemSpec

CI fixes

  1. Regenerate applied fixtures (`e6c2be8`): `aiken blueprint apply -v dotted.title` silently fails for large params
  2. Remove coalition from regular inputs (`01975f4`): BabbageNonDisjointRefInputs fix
  3. Poll for funded UTxOs (`59b2d09`): waitForFunded replaces stale waitForUtxos
  4. Unified voucher validator (`5d8d796`): Merge spend/redeem/revert into one validator with VoucherAction sum-type — fixes MissingScript in redeem tests

paolino added 27 commits April 20, 2026 10:37
@paolino
spec: devnet E2E full protocol flow (issue #9)
6f8ab18
@paolino
docs: journey dependency graph for orientation
9443166
@paolino
spec: scope to prototype-grade CoalitionDatum + per-customer UTxOs
59731c1 
Security invariants unchanged; scale concerns (MPF, MPFS) deferred
to #5 / #8. Registry is a list in a reference-input UTxO, settlements
are per-customer script UTxOs. Explicitly states security has nothing
to do with usability.
@paolino
lean: scaffold prototype state-machine model (#9)
939ae0c
@paolino
plan: devnet E2E full protocol flow (#9)
210505d
@paolino
tasks: devnet E2E full protocol flow (#9)
d9bee50
@paolino
refine: amend constitution IX; drop trie language; drop v-spend backc…
77762d5 
…ompat
@paolino
T001: skeleton Aiken modules for coalition_metadata, voucher_redeem, …
535da2c 
…voucher_revert
@paolino
T002: skeleton Haskell modules Harvest.Actions and HarvestFlow; regis…
b93feb3 
…ter in cabal
@paolino
T003: extend generate_fixtures.js to emit c2 keypair + cert-2 bundle
d2bd4aa
@paolino
T004: regenerate fixture tree (c1/c2/cert-1/cert-2)
0220c5c
@paolino
T005: define CoalitionDatum and GovernanceRedeemer in onchain/lib/har…
951c948 
…vest/coalition_types.ak
@paolino
T006: implement coalition_metadata validator per all six checks
5c2a24b
@paolino
T007: extend VoucherDatum with shop_pk and reificator_pk (wire-compat…
46455a9 
… at Constr 0)
@paolino
T008: Harvest.Actions pure state types (HarvestState, VoucherEntry, R…
52fcee6 
…eject, Step)
@paolino
T009: ToData/FromData for CoalitionDatum and extended VoucherDatum
94f87cf
@paolino
T010: expose coalition actor keys in DevnetEnv
1135fcd
@paolino
T011: HarvestFlow data type and bootstrapCoalition
c445075
@paolino
T012: apply coalition-metadata blueprint; Harvest.Script.coalitionAddr
3b506ab
@paolino
T013: pure bootstrap/addShop/addReificator/revokeReificator transitions
6a537e2
@paolino
T014: pure settle/redeem/revert transitions
7ec98b0
@paolino
t015-devnetfullflowspec-skeleton
9c336c9
@paolino
t016-scenario-coalition-bootstrap
95100e0
@paolino
t016b: switch coalition sig from txid to own_ref (bug fix)
0f4351a
@paolino
t017-scenario-shop-reificator-onboard
645d54f
@paolino
T021/T021b/T022/T023: voucher_spend requires coalition ref input
79dabbc 
Extends voucher_spend.ak with a coalition_hash parameter and the four
settlement checks from specs/003-devnet-full-flow/contracts/voucher-datum.md:
coalition ref input present + parseable, datum.shop_pk in shop_pks,
signing reificator in reificator_pks and matches datum.reificator_pk,
output carries same role-binding fields with only commit_spent updated.

Migrates the #15 DevnetSpendSpec onto the new tx shape (single-member
coalition bootstrap, threaded ref input) so the suite stays green at
every commit. Extends Harvest.Transaction.spendVoucher with the
coalition TxIn arg and reificator signatory. Refreshes the applied
voucher_spend blueprint fixture.
@paolino
T018/T019/T020: settlement scenarios in DevnetFullFlowSpec
4f293af 
T018: first settlement (c1, non-membership) — asserts commit_spent
rotation after a full coalition-bootstrap + onboard + deploy + settle
pipeline.

T019: second settlement (c1-cert2) — exercises a different fixture
bundle (d=15, C=200) to confirm the validator isn't pinned to one set
of proof values.

T020: negative — substitutes a non-coalition UTxO as the reference
input, validator's find_coalition_ref returns None → rejected (SC-005).

Generalises Fixtures.loadBundleVariant to load alternate fixture sets
(c1-cert2, c2) while sharing VK and applied-script hex.
@paolino paolino added the feat New feature label Apr 21, 2026
@paolino paolino self-assigned this Apr 21, 2026
@paolino paolino force-pushed the 003-devnet-full-flow branch from 4c2c0f3 to 8c09d69 Compare April 21, 2026 09:55
@paolino paolino force-pushed the 003-devnet-full-flow branch from 8c09d69 to 5c4eb17 Compare April 21, 2026 10:04
@paolino
T028-T030/T024-T027: voucher_redeem validator + DevnetRedeemSpec
f19ac16 
Implements the voucher_redeem validator (5 checks from
contracts/voucher-datum.md §Validator checks — redemption),
off-chain redeemVoucher builder, blueprint fixture, and the
DevnetRedeemSpec test scenarios (redeem, re-settle, negative).
@paolino paolino force-pushed the 003-devnet-full-flow branch from 5c4eb17 to f19ac16 Compare April 21, 2026 10:22
paolino added 5 commits April 21, 2026 11:42
@paolino
fix: regenerate applied validator fixtures with proper parameter appl…
e6c2be8 
…ication

The applied-voucher-spend.hex fixture contained the UNAPPLIED compiled
code — aiken blueprint apply with -v dotted.title silently failed
(exit 1). All devnet spend tests saw InvalidReturnValue because the
script still had 2 extra lambda abstractions for vk and coalition_hash.

Fix: use -m module -v validator -o plutus.json format which works
correctly in aiken v1.1.21. Regenerated all three fixtures from a
single aiken build for consistency (coalition-metadata hash changed
slightly between Aiken versions, requiring all dependent fixtures
to use the same hash).
@paolino
fix: remove coalition UTxO from regular inputs (reference only)
01975f4 
The coalition-metadata UTxO is a CIP-31 reference input — it must
not appear in regular inputs. Including it in inputUtxos caused
BabbageNonDisjointRefInputs (inputs ∩ refInputs must be empty)
and MissingScriptWitnessesUTXOW (consumed script input needs a
redeemer). Removing it from inputUtxos in submitSpend and
submitRedeem fixes both.
@paolino
fix: poll for funded UTxOs in DevnetRedeemSpec
59b2d09 
fundReificator used waitForUtxos which returns as soon as any UTxOs
exist at the reificator address. After the spend spec, the address
already has change UTxOs, so waitForUtxos returned immediately with
stale UTxOs that don't contain the 50M fee output. Replace with
waitForFunded that polls until UTxOs with the exact funded amounts
appear.
@paolino
refactor: unified voucher validator (spend/redeem/revert)
5d8d796 
Merge voucher_spend, voucher_redeem, and voucher_revert into a single
voucher_validator with a VoucherAction sum-type redeemer (Constr 0/1/2).
One script, one address — all operations share the same applied fixture.

Aiken: VoucherAction { Spend{...}, Redeem{...}, Revert{...} } with
inline fields, dispatching to handle_spend/handle_redeem/handle_revert.

Haskell: VoucherAction wrapper type with ToData that maps SpendRedeemer
to Constr 0, RedeemRedeemer to Constr 1, RevertRedeemer to Constr 2.

Fixes MissingScript error in DevnetRedeemSpec — the voucher UTxO is
now at the same address regardless of which operation consumes it.
@paolino
style: fourmolu + hlint fixes across offchain sources
d334ebb
@paolino paolino merged commit df19797 into main Apr 21, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@paolino paolino

Labels

feat New feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@paolino