tapfreighter: add delegation key filtering for burn supply commits

This commit extends the ChainPorterConfig with DelegationKeyChecker and
BurnSupplyCommitter dependencies to enable supply commitment tracking for
asset burns. When processing burn events, the chain porter now filters
assets to only submit supply commitment events for those where we control
the delegation key.

The sendBurnSupplyCommitEvents method uses functional filtering to
pre-process the burn list, ensuring we only attempt to create supply
commitments for assets we're authorized to manage. This prevents
unnecessary processing and potential errors for assets where we lack
delegation authority.

Author: Roasbeef

tapfreighter/chain_porter.go

@@ -24,6 +24,7 @@ import (
 	"github.com/lightninglabs/taproot-assets/tappsbt"
 	"github.com/lightninglabs/taproot-assets/tapscript"
 	"github.com/lightninglabs/taproot-assets/tapsend"
+	"github.com/lightninglabs/taproot-assets/universe"
 	"github.com/lightningnetwork/lnd/chainntnfs"
 	"github.com/lightningnetwork/lnd/lnwallet"
 	"github.com/lightningnetwork/lnd/lnwallet/chainfee"
@@ -49,6 +50,15 @@ type ProofImporter interface {
 		replace bool, proofs ...*proof.AnnotatedProof) error
 }
 
+// BurnSupplyCommitter is used by the chain porter to update the on-chain supply
+// commitment when burns new 1st party burns are confirmed.
+type BurnSupplyCommitter interface {
+	// SendBurnEvent sends a burn event to the supply commitment state
+	// machine.
+	SendBurnEvent(ctx context.Context, assetSpec asset.Specifier,
+		burnLeaf universe.BurnLeaf) error
+}
+
 // ChainPorterConfig is the main config for the chain porter.
 type ChainPorterConfig struct {
 	// ChainParams are the chain parameters for the chain porter.
@@ -100,6 +110,15 @@ type ChainPorterConfig struct {
 	// ErrChan is the main error channel the custodian will report back
 	// critical errors to the main server.
 	ErrChan chan<- error
+
+	// BurnSupplyCommitter is used to track supply changes (burns) and
+	// create periodic on-chain supply commitments.
+	BurnCommitter BurnSupplyCommitter
+
+	// DelegationKeyChecker is used to verify that we control the delegation
+	// key for a given asset, which is required for creating supply
+	// commitments.
+	DelegationKeyChecker address.DelegationKeyChecker
 }
 
 // ChainPorter is the main sub-system of the tapfreighter package. The porter
@@ -677,6 +696,94 @@ func (p *ChainPorter) storeProofs(sendPkg *sendPackage) error {
 	return nil
 }
 
+// sendBurnSupplyCommitEvents sends supply commitment events for all burned
+// assets to track them in the supply commitment state machine.
+func (p *ChainPorter) sendBurnSupplyCommitEvents(ctx context.Context,
+	burns []*AssetBurn) error {
+
+	// If no supply commit manager is configured, skip this step.
+	if p.cfg.BurnCommitter == nil {
+		return nil
+	}
+
+	// If no delegation key checker is configured, skip this step. We need
+	// it to figure out if this is an asset we created or not.
+	if p.cfg.DelegationKeyChecker == nil {
+		return nil
+	}
+
+	delChecker := p.cfg.DelegationKeyChecker
+
+	// We'll use a filter predicate to filter out the burns that we didn't
+	// do ourselves, i.e., those that don't have a delegation key.
+	burnsWithDelegation := fn.Filter(burns, func(burn *AssetBurn) bool {
+		var assetID asset.ID
+		copy(assetID[:], burn.AssetID)
+
+		// If the asset doesn't have a group, then this will return
+		// false.
+		hasDelegationKey, err := delChecker.HasDelegationKey(
+			ctx, assetID,
+		)
+		if err != nil {
+			log.Debugf("Error checking delegation key for "+
+				"asset %x: %v", assetID, err)
+			return false
+		}
+
+		if !hasDelegationKey {
+			log.Debugf("Skipping supply commit burn event "+
+				"for asset %x: delegation key not controlled "+
+				"locally",
+				assetID)
+		}
+
+		return hasDelegationKey
+	})
+
+	for _, burn := range burnsWithDelegation {
+		var assetID asset.ID
+		copy(assetID[:], burn.AssetID)
+
+		groupKeyBytes := burn.GroupKey
+		groupKey, err := btcec.ParsePubKey(groupKeyBytes)
+		if err != nil {
+			return fmt.Errorf("unable to parse group key: %w", err)
+		}
+
+		assetSpec := asset.NewSpecifierOptionalGroupPubKey(
+			assetID, groupKey,
+		)
+
+		// Create a NewBurnEvent for the supply commitment state machine.
+		// We need to create a universe.BurnLeaf for this.
+		burnLeaf := universe.BurnLeaf{
+			UniverseKey: universe.AssetLeafKey{
+				BaseLeafKey: universe.BaseLeafKey{
+					ScriptKey: burn.ScriptKey,
+					OutPoint:  burn.OutPoint,
+				},
+				AssetID: assetID,
+			},
+			BurnProof: burn.Proof,
+		}
+
+		// Send the burn event to the supply commit manager.
+		err = p.cfg.BurnCommitter.SendBurnEvent(
+			ctx, assetSpec, burnLeaf,
+		)
+		if err != nil {
+			return fmt.Errorf("unable to send burn event for "+
+				"asset %x: %w", assetID, err)
+		}
+
+		log.Debugf("Sent supply commit burn event for asset %x",
+			assetID)
+	}
+
+	return nil
+}
+
 // storePackageAnchorTxConf logs the on-chain confirmation of the transfer
 // anchor transaction for the given package.
 func (p *ChainPorter) storePackageAnchorTxConf(pkg *sendPackage) error {
@@ -728,6 +835,12 @@ func (p *ChainPorter) storePackageAnchorTxConf(pkg *sendPackage) error {
 				Amount:     o.Amount,
 				AnchorTxid: pkg.OutboundPkg.AnchorTx.TxHash(),
 				Note:       pkg.Note,
+				ScriptKey:  &o.Asset.ScriptKey,
+				Proof:      o.ProofSuffix,
+				OutPoint: wire.OutPoint{
+					Hash:  pkg.OutboundPkg.AnchorTx.TxHash(),
+					Index: o.AnchorOutputIndex,
+				},
 			}
 
 			if o.Asset.GroupKey != nil {
@@ -739,11 +852,20 @@ func (p *ChainPorter) storePackageAnchorTxConf(pkg *sendPackage) error {
 		}
 	}
 
+	// Send supply commitment events for all burned assets before confirming
+	// the transaction. This ensures that supply commitments are tracked
+	// before the burn is considered complete.
+	err := p.sendBurnSupplyCommitEvents(ctx, burns)
+	if err != nil {
+		return fmt.Errorf("unable to send burn supply commit "+
+			"events: %w", err)
+	}
+
 	// At this point we have the confirmation signal, so we can mark the
 	// parcel delivery as completed in the database.
 	anchorTXID := pkg.OutboundPkg.AnchorTx.TxHash()
 	anchorTxBlockHeight := int32(pkg.TransferTxConfEvent.BlockHeight)
-	err := p.cfg.ExportLog.LogAnchorTxConfirm(ctx, &AssetConfirmEvent{
+	err = p.cfg.ExportLog.LogAnchorTxConfirm(ctx, &AssetConfirmEvent{
 		AnchorTXID:             anchorTXID,
 		BlockHash:              *pkg.TransferTxConfEvent.BlockHash,
 		BlockHeight:            anchorTxBlockHeight,

tapfreighter/interface.go

@@ -78,6 +78,15 @@ type AssetBurn struct {
 
 	// AnchorTxid is the txid of the transaction this burn is anchored to.
 	AnchorTxid chainhash.Hash
+
+	// ScriptKey is the script key of the asset that got burnt.
+	ScriptKey *asset.ScriptKey
+
+	// OutPoint is the outpoint of the asset that got burnt.
+	OutPoint wire.OutPoint
+
+	// Proof is the proof that the asset was burnt.
+	Proof *proof.Proof
 }
 
 // String returns the string representation of the commitment constraints.