Skip to content

docs: update smart-contracts skill and adjust it for protocol 27#47

Merged
kaankacar merged 8 commits into
stellar:mainfrom
marcelosalloum:smart-contracts-p27-refresh
Jul 8, 2026
Merged

docs: update smart-contracts skill and adjust it for protocol 27#47
kaankacar merged 8 commits into
stellar:mainfrom
marcelosalloum:smart-contracts-p27-refresh

Conversation

@marcelosalloum

@marcelosalloum marcelosalloum commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Rewrites the smart-contracts skill as a merge of two sources — the existing skill in this repo and a second, more semantics-focused reference Soroban skill — with every fact updated to protocol 27 (rs-soroban-sdk v27, rs-soroban-env v27, stellar-cli v27). The existing skill carried stale toolchain facts; the reference skill contributed deeper Soroban semantics but taught some deprecated APIs.

Every claim was verified against the v27 source trees, CLI behavior, and live stellar network settings / RPC values — not model memory. The example contract and test in SKILL.md compile and pass against the rc SDK on wasm32v1-none.

What came from which source

Topic Existing skill Reference skill Merged result
Setup, CLI workflow, factories, testing (all layers), security tooling/audits, troubleshooting ✅ sole source From existing skill, corrected
Execution model, auth trees + cross-contract propagation, __check_auth, storage/archival depth, fees/footprints, SEP-41/SAC semantics, allowance race thin/absent From reference skill, verified & condensed
Events ✅ new #[contractevent] API ❌ taught the deprecated env.events().publish() Existing skill's approach, #[topic] markers fixed
Token event shapes table ✅ (outdated shapes) Re-derived from soroban-token-sdk / env SAC source
CAP-71 delegation, CAP-78 extend_ttl_with_limits, CAP-73 trust(), CAP-82 checked 256-bit math, test resource limits New, from v25→v27 release notes and source

Corrections (stale → verified)

Before Now (verified against v27)
Build target wasm32-unknown-unknown wasm32v1-none — the only target the runtime supports (Rust ≥ 1.84)
soroban-sdk = "25.0.1" SDK major = protocol version; self-updating guidance pointing at crates.io / GitHub releases / Stellar Lab
"64KB contract size limit" 128KB on mainnet (contract_max_size_bytes = 131072); full limits table re-measured live with a pointer to lab.stellar.org/network-limits
#[contractevent] example without #[topic] markers Fields without #[topic] silently land in the data map — example fixed, macro semantics documented
token::Client Deprecated alias → token::TokenClient / StellarAssetClient; SEP-41 transfer destination is MuxedAddress
stellar keys generate --global Flag removed in CLI v27 — keys are stored globally by default
crate-type = ["cdylib"] ["lib", "cdylib"], matching the stellar contract init scaffold (lib needed for tests/fuzzing)
~30-day TTL bump examples Below today's floors — mainnet minimums are ~120d persistent / ~1d temporary, ~180d ceiling
"Archived entry → manual RestoreFootprint required" Archived persistent entries in the read-write footprint auto-restore; simulation handles it
Token event shapes with admin topics Re-derived from soroban-token-sdk / env SAC source: mint has no admin topic, SAC appends the SEP-0011 asset topic, muxed transfers use a {to_muxed_id, amount} map

New protocol coverage (was missing entirely)

Protocol Addition
27 CAP-71 custom-account auth delegation (env.custom_account().delegate_auth / get_delegated_signers)
26 CAP-78 extend_ttl_with_limits; CAP-73 SAC trust(); CAP-82 checked 256-bit arithmetic
25 Mainnet resource limits enforced in unit tests (Env::default()), env.cost_estimate() profiling
23 Auto-restore of archived entries; muxed-address token flows

Benchmark (same 3 tasks, old skill vs this PR)

Eval Old skill This PR
Write an escrow contract (10 assertions, compile-checked) 4/10 10/10
Security-review a contract with 5 seeded bugs 5/6 6/6
Protocol-27 toolchain facts (target, SDK, size limit, limits lookup, build) 0/5 5/5
Total 9/21 (43%) 21/21 (100%)

The old skill's failures were exactly the corrections above: wasm32-unknown-unknown builds, "64KB" answers, stale SDK pins, and a missed TTL-extension attack in the security review.

Notes

  • Same four-file layout (SKILL.md, development.md, testing.md, security.md) — sibling skills deep-link into these files
  • 1,126 lines vs 889 before, despite the added coverage — trimmed link farms, duplicated mistake lists, and per-cost-type metering tables
  • Skill description strengthened so "Soroban"-phrased prompts reliably trigger it

Every technical claim was verified against rs-soroban-sdk v27.0.0-rc.1,
rs-soroban-env v27.0.0, stellar-cli 27.0.0, and live network settings;
the example contract and test compile and pass against the rc SDK.

Corrections to stale facts:
- wasm32v1-none is the only supported target (was wasm32-unknown-unknown)
- contract size limit is 128KB on mainnet (was 64KB); limits table refreshed
  from live `stellar network settings` with a pointer to requery
- #[contractevent] example gained the required #[topic] markers; the
  deprecated env.events().publish() is no longer shown
- token::TokenClient replaces the deprecated token::Client alias;
  SEP-41 transfer destination is MuxedAddress since v23
- crate-type includes "lib" (matches stellar contract init scaffold)

New protocol coverage:
- CAP-71 (p27): custom-account auth delegation via env.custom_account()
- CAP-78 (p26): extend_ttl_with_limits; CAP-73: SAC trust(); CAP-82:
  checked 256-bit arithmetic
- p23+ auto-restore of archived persistent entries in the rw footprint
- SDK 25+ mainnet resource limits enforced in unit tests (cost_estimate)

Deepened from a correctness pass on auth/storage/fees semantics: auth
trees and cross-contract propagation (authorize_as_current_contract),
__check_auth with correct Hash<32> signature, TTL-is-not-a-security-
boundary, footprint/parallelism guidance, contract-side SEP-41/SAC
semantics, and token-consumer + fee-griefing review checklists.
The quoted limits are the current on-chain mainnet config settings and
drift by validator vote; the Lab page is the canonical human-friendly
view of the live values.
Skill selection matches on the frontmatter description text; name the
terms users actually type (Soroban, soroban-sdk, SEP-41, SAC, auth/
storage/TTL errors) so Soroban-phrased requests reliably route here.
An adversarial fact-check pass against CLI v27 caught that
`stellar keys generate --global` no longer exists (keys are stored
globally by default) — fixed in all four occurrences.

A coverage diff against the pre-merge sources flagged genuinely lost
content, restored here verified against v27 source:
- SEP-41 token event shapes table (re-derived from soroban-token-sdk
  and the env SAC event code, which also corrects the older shapes:
  mint has no admin topic, SAC appends the SEP-0011 asset topic,
  muxed transfers use a {to_muxed_id, amount} map)
- "never require_auth your own address inside __check_auth" rule
- routing table now lists constructors/factories/governance explicitly
27.0.0 final ships imminently and later majors will follow, so a pinned
rc string would rot fast. Teach the durable rule instead: SDK major =
protocol version, resolve the current release from crates.io / GitHub
releases, and check the network's live protocol via getVersionInfo or
Stellar Lab. The Cargo.toml example now pins the major only.
soroban-sdk = "27" won't resolve on crates.io until 27.0.0 final ships,
so the copy-paste snippet pins the rc explicitly; the Versions section
still teaches how to resolve the current release.
The rebase resolution takes this branch's rewrite over stellar#45's edits to the
old files; the target and --global fixes from stellar#45 are already covered, but
its --source → --source-account spelling was the one change worth keeping.
@marcelosalloum marcelosalloum force-pushed the smart-contracts-p27-refresh branch from 10141d6 to 648776b Compare July 8, 2026 00:14
@marcelosalloum marcelosalloum marked this pull request as ready for review July 8, 2026 00:16
Copilot AI review requested due to automatic review settings July 8, 2026 00:16
@marcelosalloum marcelosalloum changed the title docs: update smart-contracts skill to protocol 27 docs: update smart-contracts skill and adjust it for protocol 27 Jul 8, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the smart-contracts skill documentation to protocol 27, refreshing toolchain/version facts and expanding Soroban/Stellar smart-contract semantics (auth, storage/TTL, tokens, fees, testing, security) with protocol-27-era APIs and behaviors.

Changes:

  • Refreshes SKILL entry-point guidance and examples for protocol 27 (toolchain/target, versioning guidance, contract anatomy with events).
  • Expands development patterns docs with updated execution model, auth-tree semantics, storage/TTL behavior, token/SAC semantics, and fee/resource limit guidance.
  • Updates testing and security guidance with newer SDK behaviors (resource limits in unit tests, event assertions) and additional vulnerability classes/pitfalls.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
skills/smart-contracts/SKILL.md Updates skill entry-point description, versions/toolchain notes, and the example contract to protocol 27.
skills/smart-contracts/development.md Reworks/expands core semantics (execution model, TTL, auth trees, tokens, fees/limits, troubleshooting) for protocol 27.
skills/smart-contracts/testing.md Updates unit/integration testing guidance, adds resource-limit notes and newer event assertion patterns.
skills/smart-contracts/security.md Expands security review guidance with additional protocol-relevant pitfalls and checklists.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread skills/smart-contracts/testing.md
Comment thread skills/smart-contracts/development.md
The inner #![cfg(test)] attribute is correct for the src/test.rs module
that stellar contract init scaffolds, but pasted into lib.rs it would
gate the whole crate behind cfg(test). Say so next to the snippets.

@oceans404 oceans404 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for contributing smart contract skills and updating for P27!

@kaankacar kaankacar merged commit c2f3c07 into stellar:main Jul 8, 2026
3 checks passed
@marcelosalloum marcelosalloum deleted the smart-contracts-p27-refresh branch July 8, 2026 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants