Deployed 282f5c9 with MkDocs version: 1.6.1
Home /
Cardano Foundation /
cardano-mpfs-onchain
Feb 12, 2-3 AM (0)
Feb 12, 3-4 AM (0)
Feb 12, 4-5 AM (0)
Feb 12, 5-6 AM (0)
Feb 12, 6-7 AM (0)
Feb 12, 7-8 AM (0)
Feb 12, 8-9 AM (0)
Feb 12, 9-10 AM (0)
Feb 12, 10-11 AM (0)
Feb 12, 11-12 PM (0)
Feb 12, 12-1 PM (0)
Feb 12, 1-2 PM (0)
Feb 12, 2-3 PM (0)
Feb 12, 3-4 PM (0)
Feb 12, 4-5 PM (0)
Feb 12, 5-6 PM (0)
Feb 12, 6-7 PM (0)
Feb 12, 7-8 PM (0)
Feb 12, 8-9 PM (0)
Feb 12, 9-10 PM (0)
Feb 12, 10-11 PM (0)
Feb 12, 11-12 AM (0)
Feb 13, 12-1 AM (0)
Feb 13, 1-2 AM (0)
Feb 13, 2-3 AM (0)
Feb 13, 3-4 AM (0)
Feb 13, 4-5 AM (0)
Feb 13, 5-6 AM (0)
Feb 13, 6-7 AM (0)
Feb 13, 7-8 AM (0)
Feb 13, 8-9 AM (0)
Feb 13, 9-10 AM (0)
Feb 13, 10-11 AM (0)
Feb 13, 11-12 PM (0)
Feb 13, 12-1 PM (0)
Feb 13, 1-2 PM (0)
Feb 13, 2-3 PM (0)
Feb 13, 3-4 PM (0)
Feb 13, 4-5 PM (0)
Feb 13, 5-6 PM (0)
Feb 13, 6-7 PM (0)
Feb 13, 7-8 PM (0)
Feb 13, 8-9 PM (0)
Feb 13, 9-10 PM (0)
Feb 13, 10-11 PM (0)
Feb 13, 11-12 AM (0)
Feb 14, 12-1 AM (0)
Feb 14, 1-2 AM (0)
Feb 14, 2-3 AM (0)
Feb 14, 3-4 AM (0)
Feb 14, 4-5 AM (0)
Feb 14, 5-6 AM (0)
Feb 14, 6-7 AM (0)
Feb 14, 7-8 AM (0)
Feb 14, 8-9 AM (0)
Feb 14, 9-10 AM (0)
Feb 14, 10-11 AM (0)
Feb 14, 11-12 PM (0)
Feb 14, 12-1 PM (0)
Feb 14, 1-2 PM (0)
Feb 14, 2-3 PM (0)
Feb 14, 3-4 PM (0)
Feb 14, 4-5 PM (0)
Feb 14, 5-6 PM (0)
Feb 14, 6-7 PM (0)
Feb 14, 7-8 PM (0)
Feb 14, 8-9 PM (0)
Feb 14, 9-10 PM (0)
Feb 14, 10-11 PM (0)
Feb 14, 11-12 AM (0)
Feb 15, 12-1 AM (0)
Feb 15, 1-2 AM (0)
Feb 15, 2-3 AM (0)
Feb 15, 3-4 AM (0)
Feb 15, 4-5 AM (0)
Feb 15, 5-6 AM (0)
Feb 15, 6-7 AM (0)
Feb 15, 7-8 AM (0)
Feb 15, 8-9 AM (0)
Feb 15, 9-10 AM (2)
Feb 15, 10-11 AM (0)
Feb 15, 11-12 PM (5)
Feb 15, 12-1 PM (0)
Feb 15, 1-2 PM (0)
Feb 15, 2-3 PM (0)
Feb 15, 3-4 PM (0)
Feb 15, 4-5 PM (0)
Feb 15, 5-6 PM (0)
Feb 15, 6-7 PM (0)
Feb 15, 7-8 PM (0)
Feb 15, 8-9 PM (0)
Feb 15, 9-10 PM (0)
Feb 15, 10-11 PM (0)
Feb 15, 11-12 AM (0)
Feb 16, 12-1 AM (0)
Feb 16, 1-2 AM (0)
Feb 16, 2-3 AM (0)
Feb 16, 3-4 AM (0)
Feb 16, 4-5 AM (0)
Feb 16, 5-6 AM (0)
Feb 16, 6-7 AM (0)
Feb 16, 7-8 AM (0)
Feb 16, 8-9 AM (6)
Feb 16, 9-10 AM (6)
Feb 16, 10-11 AM (2)
Feb 16, 11-12 PM (0)
Feb 16, 12-1 PM (1)
Feb 16, 1-2 PM (1)
Feb 16, 2-3 PM (0)
Feb 16, 3-4 PM (1)
Feb 16, 4-5 PM (4)
Feb 16, 5-6 PM (0)
Feb 16, 6-7 PM (0)
Feb 16, 7-8 PM (0)
Feb 16, 8-9 PM (0)
Feb 16, 9-10 PM (0)
Feb 16, 10-11 PM (0)
Feb 16, 11-12 AM (0)
Feb 17, 12-1 AM (0)
Feb 17, 1-2 AM (0)
Feb 17, 2-3 AM (0)
Feb 17, 3-4 AM (0)
Feb 17, 4-5 AM (0)
Feb 17, 5-6 AM (0)
Feb 17, 6-7 AM (0)
Feb 17, 7-8 AM (0)
Feb 17, 8-9 AM (0)
Feb 17, 9-10 AM (0)
Feb 17, 10-11 AM (0)
Feb 17, 11-12 PM (2)
Feb 17, 12-1 PM (0)
Feb 17, 1-2 PM (4)
Feb 17, 2-3 PM (0)
Feb 17, 3-4 PM (0)
Feb 17, 4-5 PM (3)
Feb 17, 5-6 PM (0)
Feb 17, 6-7 PM (0)
Feb 17, 7-8 PM (1)
Feb 17, 8-9 PM (0)
Feb 17, 9-10 PM (0)
Feb 17, 10-11 PM (0)
Feb 17, 11-12 AM (0)
Feb 18, 12-1 AM (0)
Feb 18, 1-2 AM (0)
Feb 18, 2-3 AM (0)
Feb 18, 3-4 AM (0)
Feb 18, 4-5 AM (0)
Feb 18, 5-6 AM (4)
Feb 18, 6-7 AM (2)
Feb 18, 7-8 AM (5)
Feb 18, 8-9 AM (2)
Feb 18, 9-10 AM (7)
Feb 18, 10-11 AM (3)
Feb 18, 11-12 PM (0)
Feb 18, 12-1 PM (0)
Feb 18, 1-2 PM (0)
Feb 18, 2-3 PM (0)
Feb 18, 3-4 PM (0)
Feb 18, 4-5 PM (0)
Feb 18, 5-6 PM (0)
Feb 18, 6-7 PM (0)
Feb 18, 7-8 PM (0)
Feb 18, 8-9 PM (2)
Feb 18, 9-10 PM (0)
Feb 18, 10-11 PM (0)
Feb 18, 11-12 AM (0)
Feb 19, 12-1 AM (0)
Feb 19, 1-2 AM (0)
Feb 19, 2-3 AM (0)
63 commits this week
Feb 12, 2026
-
Feb 19, 2026
refactor: move process_time and retract_time from validator params to State datum
Per-oracle validator parameters produce different script hashes, breaking the offchain indexer which scans a single deterministic address. Moving time params into the State datum (like max_fee) preserves one address for all oracle configurations. - Add process_time and retract_time fields to State type - Change Retract(OutputReference) to reference State UTxO via reference_inputs - Enforce time param immutability in Modify and Reject outputs - Add readState helper for safe datum extraction from inputs - Update all tests to match new signatures Closes #22
chore: add direnv support
feat: add lean4 compiler to dev shell
feat: add lean4 compiler to dev shell
feat: add Lean 4 theorems for lib.ak token handling functions
Model tokenFromValue, valueFromToken, quantity, and fromAsset as Lean 4 definitions over a flat Value type, with 7 machine-checked theorems mirroring the Aiken unit tests: - valueFromToken_roundtrip - tokenFromValue_ada_only - tokenFromValue_multi_policy - tokenFromValue_multi_asset - quantity_present - quantity_wrong_policy - quantity_valueFromToken
fix: align Lean theorems with Aiken tests
- Fix quantity_wrong_policy to prove = none (not contradiction) - Add quantity_wrong_asset theorem (mirrors Aiken test) - Add quantity_valueFromToken Aiken unit test - Add lib.props.ak with 6 fuzz property tests mirroring Lean theorems
docs: explain security relevance of each theorem and property
Each Lean docstring and Aiken property comment now follows the cage.props.ak pattern: mathematical statement, validator context, and security consequence if the property were violated.
docs: explain security relevance of each theorem and property
Each Lean docstring and Aiken property comment now follows the cage.props.ak pattern: mathematical statement, validator context, and security consequence if the property were violated.
fix: align Lean theorems with Aiken tests
- Fix quantity_wrong_policy to prove = none (not contradiction) - Add quantity_wrong_asset theorem (mirrors Aiken test) - Add quantity_valueFromToken Aiken unit test - Add lib.props.ak with 6 fuzz property tests mirroring Lean theorems
feat: add Lean 4 theorems for lib.ak token handling functions
Model tokenFromValue, valueFromToken, quantity, and fromAsset as Lean 4 definitions over a flat Value type, with 7 machine-checked theorems mirroring the Aiken unit tests: - valueFromToken_roundtrip - tokenFromValue_ada_only - tokenFromValue_multi_policy - tokenFromValue_multi_asset - quantity_present - quantity_wrong_policy - quantity_valueFromToken
refactor: separate tests into dedicated modules
Move unit and property tests out of cage.ak and lib.ak into dedicated test modules (cage.props.ak, lib.tests.ak) for better organization. Phase property tests (6 fuzz tests mirroring Lean theorems) moved to cage.props.ak. Library tests (12 tests) moved to lib.tests.ak. Validator-level tests remain in cage.ak since validators cannot be imported across modules. All 73 tests pass. plutus.json unchanged (pure refactor).
refactor: separate tests into dedicated modules
Move unit and property tests out of cage.ak and lib.ak into dedicated test modules (cage.props.ak, lib.tests.ak) for better organization. Phase property tests (6 fuzz tests mirroring Lean theorems) moved to cage.props.ak. Library tests (12 tests) moved to lib.tests.ak. Validator-level tests remain in cage.ak since validators cannot be imported across modules. All 73 tests pass. plutus.json unchanged (pure refactor).
docs: add caging proof roadmap
feat: machine-checked proofs for time-phase exclusivity
Add Lean 4 proofs for the three-phase request lifecycle: - Phases 1, 2, 3 are pairwise mutually exclusive - Honest requests in Phase 1/2 are not rejectable - Phase coverage: every honest time point falls in exactly one phase All proofs close via omega (linear arithmetic). Build: nix shell nixpkgs#lean4 -c lake build
feat: add phase property fuzz tests mirroring Lean theorems
6 property-based tests using aiken/fuzz that verify the same phase exclusivity and coverage properties proven formally in MpfsCage/Phases.lean: - phase1_phase2_exclusive - phase1_phase3_exclusive - phase2_phase3_exclusive - phase1_honest_not_rejectable - phase2_honest_not_rejectable - phase_coverage_point
ci: add Lean proof verification to CI
feat: add phase property fuzz tests mirroring Lean theorems
6 property-based tests using aiken/fuzz that verify the same phase exclusivity and coverage properties proven formally in MpfsCage/Phases.lean: - phase1_phase2_exclusive - phase1_phase3_exclusive - phase2_phase3_exclusive - phase1_honest_not_rejectable - phase2_honest_not_rejectable - phase_coverage_point
ci: add Lean proof verification to CI
feat: machine-checked proofs for time-phase exclusivity
Add Lean 4 proofs for the three-phase request lifecycle: - Phases 1, 2, 3 are pairwise mutually exclusive - Honest requests in Phase 1/2 are not rejectable - Phase coverage: every honest time point falls in exactly one phase All proofs close via omega (linear arithmetic). Build: nix shell nixpkgs#lean4 -c lake build
fix: align E2E submitted_at with on-chain POSIX time
Yaci DevKit instant-forwards through a synthetic pre-Conway era, causing on-chain POSIX times to be systematically ahead of wall-clock by ~600 seconds. Compute this offset from the Shelley genesis systemStart and apply it to submitted_at in request datums. Also: add 20% ExUnit margin to Ogmios evaluation, add validTo to reject transactions, and increase test time params to 10 minutes.
feat: time-gated request phases and Reject redeemer
Three exclusive time phases per request prevent DDoS by eliminating race conditions between oracle and requester: - Phase 1: oracle-only Modify - Phase 2: requester-only Retract - Phase 3: oracle Reject (cleanup expired/dishonest requests) Add process_time and retract_time as immutable validator parameters, submitted_at field in Request datum, phase enforcement in Contribute/Modify/Retract, and batch Reject with refund verification. Fix pre-existing TypeScript errors (@types/node, Data typing) and add typecheck CI job.
fix: initialize Custom network slot config from Yaci DevKit genesis
Lucid Evolution's SLOT_CONFIG_NETWORK["Custom"] defaults to slotLength: 0, causing division-by-zero (Infinity) when validFrom/ validTo convert POSIX time to slots. Query the Blockfrost-compatible /genesis endpoint for system_start and slot_length. Also adds spec/CageDatum.lean with formal Lean 4 property spec.
docs: update architecture docs for time-gated phases and Reject
- overview: add phase timeline (gantt), Reject in system/sequence diagrams, updated lifecycle state machine, transaction table - types: add max_fee to State, fee/submitted_at to Request, Migrating to MintRedeemer, Reject to UpdateRedeemer, fix Plutus encoding examples - validators: add Validator Parameters section, Migration section, Reject section, phase constraints on Modify/Contribute/Retract - properties: 16 categories / 67 tests (was 12 / 44), add time-gated phases, reject, fee enforcement, migration categories - Fix source links to cardano-mpfs-onchain repo