Skip to content

feat(soroban): add application compliance contract (Predicate Registry)#60

Merged
alex-predicate merged 8 commits intomainfrom
feat/soroban-application-compliance
Apr 3, 2026
Merged

feat(soroban): add application compliance contract (Predicate Registry)#60
alex-predicate merged 8 commits intomainfrom
feat/soroban-application-compliance

Conversation

@alex-predicate
Copy link
Copy Markdown
Contributor

@alex-predicate alex-predicate commented Apr 1, 2026

Summary

  • Adds predicate-registry Soroban smart contract — the Stellar equivalent of the EVM PredicateRegistry.sol for application compliance (Track 2 of Stellar Support PRD)
  • Adds predicate-client helper library for downstream contracts to validate attestations
  • Full feature parity with EVM: attester management, policy binding, Ed25519 attestation validation with UUID replay protection

Details

predicate-registry contract

  • Owner management — constructor-based initialization, require_auth() for owner-gated operations
  • Attester registration — register/deregister Ed25519 public keys with O(1) swap-and-pop removal
  • Policy management — self-service set_policy_id/get_policy_id per client address
  • Statement hashing — SHA-256 over XDR-serialized statement + network passphrase (domain separation)
  • Attestation validation — expiration check, UUID replay protection, UUID/expiration matching, Ed25519 signature verification, attester whitelist check

predicate-client library

  • Re-exports registry types (Statement, Attestation, RegistryError)
  • authorize_transaction() helper — mirrors EVM PredicateClient._authorizeTransaction()

Key Stellar/Soroban adaptations from EVM

EVM Soroban
ECDSA recovery Ed25519 verify
keccak256(abi.encode(...)) sha256(xdr(...))
block.chainid Network passphrase
msg.sender Explicit address + require_auth()

Test plan

  • 15 unit tests for predicate-registry (attester CRUD, policy CRUD, validation happy path + 5 error cases)
  • All 30 workspace tests pass (cargo test --workspace)
  • WASM build succeeds — predicate_registry.wasm (27KB)
  • Manual deployment to Stellar testnet
  • Integration test with test-stablecoin contract

🤖 Generated with Claude Code

alex-predicate and others added 5 commits April 1, 2026 18:59
@alex-predicate @claude
feat(soroban): scaffold predicate-registry contract with types
fd478da 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alex-predicate @claude
feat(soroban): add attester registration and deregistration
22aac1f 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alex-predicate @claude
feat(soroban): add policy management to predicate-registry
d79eaab 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@alex-predicate @claude
feat(soroban): add statement hashing and attestation validation
da4c5fc 
Implement Ed25519 signature verification over SHA-256 hashed statements
with UUID replay protection in the Predicate Registry contract.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alex-predicate @claude
feat(soroban): add predicate-client helper library
d72c8e1 
Adds a reusable rlib crate that wraps the PredicateRegistry cross-contract
call behind an authorize_transaction() helper, mirroring the EVM
PredicateClient mixin pattern. Also adds rlib output to predicate-registry
so its types can be re-exported by the client crate.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
claude[bot]
claude bot reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Code review skipped — your organization's overage spend limit has been reached.

Code review is billed via overage credits. To resume reviews, an organization admin can raise the monthly limit at claude.ai/admin-settings/claude-code.

Once credits are available, reopen this pull request to trigger a review.

alex-predicate and others added 3 commits April 1, 2026 22:21
@alex-predicate @claude
fix(soroban): address code review — Statement fields, hashStatementSa…
aeff88f 
…fe, TTLs, events, owner transfer

- Add msg_value (i128) to Statement; change encoded_sig_and_args from BytesN<32> to Bytes
- Add caller-bound hash verification (hashStatementSafe) to prevent cross-contract replay
- Add TTL management (PERSISTENT_TTL_THRESHOLD/EXTEND ~30d) for all persistent storage writes
- Suppress deprecated events().publish() warnings with #[allow(deprecated)] + TODO for contractevent
- Add transfer_ownership with owner-only guard
- Add test_validate_invalid_signature (wrong-key signing detection)
- Update predicate-client: new params (msg_value, Bytes, caller), improved doc comments

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alex-predicate @claude
style(soroban): apply cargo fmt formatting
1619861 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alex-predicate @claude
fix(soroban): address code review — caller auth, validation ordering,…
3081a7b 
… two-step ownership

- Add caller.require_auth() in validate_attestation to prevent UUID burning
- Move attester registration check before ed25519_verify for early short-circuit
- Implement two-step ownership transfer (propose + accept) with events
- Centralize TTL constants in types.rs
- Use storage.remove() instead of set(false) on attester deregistration
- Enrich validation event with attester and caller fields
- Add predicate-client end-to-end integration test
- Document attesters Vec scaling assumption (<50 entries)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
penDerGraft
penDerGraft reviewed Apr 2, 2026
View reviewed changes
penDerGraft
penDerGraft approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@penDerGraft penDerGraft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with this but admittedly don't have a super clear idea how it all works. The biggest takeaway for me is that we need to thoroughly test these contracts end-to-end and ensure they behave the same as their EVM counterparts.

@alex-predicate alex-predicate merged commit 13b9965 into main Apr 3, 2026
4 checks passed
@alex-predicate alex-predicate deleted the feat/soroban-application-compliance branch April 3, 2026 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jesse-Sawa Jesse-Sawa Jesse-Sawa left review comments

@claude claude[bot] claude[bot] left review comments

@penDerGraft penDerGraft penDerGraft approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alex-predicate @penDerGraft @Jesse-Sawa