WIP: enhance supply verifier state machine

Author: ffranr

universe/supplyverifier/README.md

@@ -0,0 +1,120 @@
+# Supply Verifier
+
+The Supply Verifier package provides components to ensure the integrity of an
+asset's supply. It includes a supply syncer for an asset issuer to publish
+cryptographic commitments of the asset's total supply, and a verifier for
+other network participants to validate these commitments. This document outlines
+the core workflows for publishing, syncing, and verifying supply commitments.
+
+## Core Concepts
+
+* **Supply Commitment:** A cryptographic proof representing the total supply of
+  an asset at a specific point in time. This commitment is published by the
+  asset issuer and anchored into an on-chain Bitcoin transaction.
+* **Issuer:** The node responsible for creating and issuing an asset. It is the
+  only entity that can publish supply commitments for that asset.
+* **Universe:** A designated node (or set of nodes) that acts as a repository
+  for supply commitments, making them available to the rest of the network.
+* **User / Verifier:** Any non-issuer node that wants to independently verify
+  the supply of an asset.
+
+## Workflows
+
+There are two primary workflows: publishing a new commitment and syncing
+existing commitments.
+
+### 1\. Publishing a Supply Commitment
+
+This flow is managed by the supply commit state machine on the Issuer's
+node. The `supplyverifier` package provides the supply syncer component, which is
+used by the state machine to push the commitment proof to the default universe
+server as well as the canonical list of universe servers specified in the
+asset's metadata.
+
+1. The supply commit state machine waits for the on-chain commitment
+   transaction to be broadcast and receive sufficient confirmations.
+2. Before the supply commitment creation process is considered final, the state
+   machine uses the supply syncer to push the new supply commitment proof to the
+   Universe for storage and distribution.
+
+#### Call Flow:
+
+* **Issuer Side (Push to Universe):**
+    * The process starts in the `supplycommit.Manager`, which manages and
+      multiplexes across all asset-group-specific supply commit state machines.
+    * It calls `supplySyncer.PushSupplyCommitment` to transmit the on-chain data
+      and supply tree proofs for the supply commitment to the designated
+      universe server(s).
+* **Universe Side (Receiving the Commitment):**
+    * The request is received by `rpcserver.InsertSupplyCommitment`.
+    * The server then passes the commitment to
+      `supplyverify.Manager.InsertSupplyCommit`.
+    * Finally, the commitment is stored locally via
+      `supplyCommitView.InsertSupplyCommit`.
+
+```text
+Issuer Node                           Universe Node
+     |                                     |
+[supplycommit.Manager]                     |
+     |                                     |
+     v                                     |
+[supplySyncer.PushSupplyCommitment] -------> [rpcserver.InsertSupplyCommitment]
+                                           |
+                                           v
+                                           [supplyverify.Manager.InsertSupplyCommit]
+                                           |
+                                           v
+                                           [supplyCommitView.InsertSupplyCommit]
+```
+
+### 2\. Syncing Supply Commitments
+
+This flow is initiated by a User (a non-issuer node) who wants to verify
+the supply of a particular asset.
+
+1. The User enables issuance syncing for the target asset.
+2. The issuance syncer fetches the asset's on-chain data and publishes an
+   event to the supply verifier.
+3. The supply verifier state machine begins the process of syncing supply
+   commitments from the Universe.
+
+#### Call Flow:
+
+* **User Side (Fetch from Universe):**
+    * The sync process is kicked off by the `supplyverify.Manager.SyncSupplyCommit`
+      method. This can be triggered in two ways: either when the supply verifier
+      receives a notification from the issuance syncer, or when a known supply
+      commitment transaction output is spent. The user's node monitors all
+      on-chain supply commitment and pre-commitment outputs; the expenditure of
+      these outputs serves as a signal that a new synchronization is necessary
+      for the corresponding asset group.
+    * It first calls `supplyCommitView.FetchSupplyCommit` to find the last
+      commitment it has stored locally.
+    * It then calls `supplySyncer.FetchSupplyCommit`, which makes an RPC call via
+      `rpc.FetchSupplyCommit` to the Universe.
+* **Universe Side (Serving the Commitment):**
+    * The request is received by `rpcserver.FetchSupplyCommit`.
+    * The server retrieves the requested commitment(s) via
+      `supplyverify.Manager.FetchSupplyCommit`.
+    * The data is read from local storage using
+      `supplyCommitView.FetchSupplyCommit` and sent back to the User.
+
+```text
+User/Verifier Node                    Universe Node
+      |                                     |
+[supplyverify.Manager.SyncSupplyCommit]     |
+      |                                     |
+      v                                     |
+[supplyCommitView.FetchSupplyCommit]        | (Finds last known local commit)
+      |                                     |
+      v                                     |
+[supplySyncer.FetchSupplyCommit]            |
+      |                                     |
+      v                                     |
+[rpc.FetchSupplyCommit] -------------------> [rpcserver.FetchSupplyCommit]
+                                            |
+                                            v
+                                            [supplyverify.Manager.FetchSupplyCommit]
+                                            |
+                                            v
+                                            [supplyCommitView.FetchSupplyCommit]

universe/supplyverifier/env.go

@@ -32,10 +32,17 @@ type SupplyCommitView interface {
 	UnspentPrecommits(ctx context.Context,
 		assetSpec asset.Specifier) lfn.Result[supplycommit.PreCommits]
 
-	// SupplyCommit returns the latest supply commitment for a given asset
-	// spec.
-	SupplyCommit(ctx context.Context,
-		assetSpec asset.Specifier) supplycommit.RootCommitResp
+	// FetchStartingCommitment fetches the very first supply commitment of
+	// an asset group. If no commitment is found, it returns
+	// ErrCommitmentNotFound.
+	FetchStartingCommitment(ctx context.Context,
+		assetSpec asset.Specifier) (*supplycommit.RootCommitment, error)
+
+	// FetchLatestCommitment fetches the latest supply commitment of an
+	// asset group. If no commitment is found, it returns
+	// ErrCommitmentNotFound.
+	FetchLatestCommitment(ctx context.Context,
+		assetSpec asset.Specifier) (*supplycommit.RootCommitment, error)
 
 	// FetchCommitmentByOutpoint fetches a supply commitment by its outpoint
 	// and group key. If no commitment is found, it returns
@@ -52,12 +59,6 @@ type SupplyCommitView interface {
 		spentOutpoint wire.OutPoint) (*supplycommit.RootCommitment,
 		error)
 
-	// FetchStartingCommitment fetches the very first supply commitment of
-	// an asset group. If no commitment is found, it returns
-	// ErrCommitmentNotFound.
-	FetchStartingCommitment(ctx context.Context,
-		assetSpec asset.Specifier) (*supplycommit.RootCommitment, error)
-
 	// InsertSupplyCommit inserts a supply commitment into the database.
 	InsertSupplyCommit(ctx context.Context,
 		assetSpec asset.Specifier, commit supplycommit.RootCommitment,
@@ -99,6 +100,17 @@ type Environment struct {
 	// pre-commitments.
 	SupplyCommitView SupplyCommitView
 
+	// SupplyTreeView is used to fetch supply leaves by height.
+	SupplyTreeView SupplyTreeView
+
+	// AssetLookup is used to look up asset information such as asset groups
+	// and asset metadata.
+	AssetLookup supplycommit.AssetLookup
+
+	// SupplySyncer is used to retrieve supply commitments from a universe
+	// server.
+	SupplySyncer SupplySyncer
+
 	// ErrChan is the channel that is used to send errors to the caller.
 	ErrChan chan<- error
 

universe/supplyverifier/events.go

@@ -0,0 +1,78 @@
+package supplyverifier
+
+import (
+	"github.com/btcsuite/btcd/wire"
+	"github.com/lightninglabs/taproot-assets/fn"
+	"github.com/lightninglabs/taproot-assets/universe/supplycommit"
+	"github.com/lightningnetwork/lnd/chainntnfs"
+	"github.com/lightningnetwork/lnd/protofsm"
+)
+
+// Event is a special interface used to create the equivalent of a sum-type, but
+// using a "sealed" interface.
+type Event interface {
+	eventSealed()
+}
+
+// Events is a special type constraint that enumerates all the possible protocol
+// events.
+type Events interface {
+}
+
+// FsmEvent is a type alias for the event type of the supply verifier state
+// machine.
+type FsmEvent = protofsm.EmittedEvent[Event]
+
+// InitEvent is the first event that is sent to the state machine.
+type InitEvent struct{}
+
+// eventSealed is a special method that is used to seal the interface.
+func (i *InitEvent) eventSealed() {}
+
+// SyncVerifyEvent is sent to SyncVerifyState to prompt it to sync-verify
+// starting from the given outpoint, or from scratch if no outpoint is given.
+type SyncVerifyEvent struct {
+	// SpentCommitOutpoint is an optional outpoint that was spent which
+	// triggered the need to start syncing from the beginning. If this is
+	// None, then we will sync from the first supply commitment.
+	SpentCommitOutpoint fn.Option[wire.OutPoint]
+}
+
+// eventSealed is a special method that is used to seal the interface.
+func (e *SyncVerifyEvent) eventSealed() {}
+
+// WatchOutputsEvent is an event that carries the set of outputs to watch.
+type WatchOutputsEvent struct {
+	// PreCommits is the set of all pre-commitments that should be watched
+	// for a spend.
+	PreCommits supplycommit.PreCommits
+
+	// SupplyCommit is the latest known supply commitment that should be
+	// watched for a spend.
+	SupplyCommit *supplycommit.RootCommitment
+}
+
+// eventSealed is a special method that is used to seal the interface.
+func (e *WatchOutputsEvent) eventSealed() {}
+
+// SpendEvent is sent in response to an intent to be notified of a spend of an
+// outpoint.
+type SpendEvent struct {
+	// SpendDetail is the details of the spend that was observed on-chain.
+	SpendDetail *chainntnfs.SpendDetail
+
+	// PreCommitments is the set of all pre-commitments that were being
+	// watched for a spend.
+	PreCommitments []supplycommit.PreCommitment
+
+	// SpentPreCommitment is the pre-commitment that was spent. This will
+	// be non-nil only if the spent output was a pre-commitment.
+	SpentPreCommitment *supplycommit.PreCommitment
+
+	// SpentSupplyCommitment is the supply commitment that was spent. This
+	// will be non-nil only if the spent output was a supply commitment.
+	SpentSupplyCommitment *supplycommit.RootCommitment
+}
+
+// eventSealed is a special method that is used to seal the interface.
+func (s *SpendEvent) eventSealed() {}

universe/supplyverifier/manager.go

@@ -38,19 +38,6 @@ type DaemonAdapters interface {
 	Stop() error
 }
 
-// StateMachineStore is an interface that allows the state machine to persist
-// its state across restarts. This is used to track the state of the state
-// machine for supply verification.
-type StateMachineStore interface {
-	// CommitState is used to commit the state of the state machine to disk.
-	CommitState(context.Context, asset.Specifier, State) error
-
-	// FetchState attempts to fetch the state of the state machine for the
-	// target asset specifier. If the state machine doesn't exist, then a
-	// default state will be returned.
-	FetchState(context.Context, asset.Specifier) (State, error)
-}
-
 // IssuanceSubscriptions allows verifier state machines to subscribe to
 // asset group issuance events.
 type IssuanceSubscriptions interface {
@@ -90,11 +77,6 @@ type ManagerCfg struct {
 	// interact with external daemons whilst processing internal events.
 	DaemonAdapters DaemonAdapters
 
-	// StateLog is the main state log that is used to track the state of the
-	// state machine. This is used to persist the state of the state machine
-	// across restarts.
-	StateLog StateMachineStore
-
 	// ErrChan is the channel that is used to send errors to the caller.
 	ErrChan chan<- error
 }
@@ -238,23 +220,18 @@ func (m *Manager) startAssetSM(ctx context.Context,
 		AssetSpec:        assetSpec,
 		Chain:            m.cfg.Chain,
 		SupplyCommitView: m.cfg.SupplyCommitView,
+		SupplyTreeView:   m.cfg.SupplyTreeView,
+		SupplySyncer:     m.cfg.SupplySyncer,
 		ErrChan:          m.cfg.ErrChan,
 		QuitChan:         m.Quit,
 	}
 
-	// Before we start the state machine, we'll need to fetch the current
-	// state from disk, to see if we need to emit any new events.
-	initialState, err := m.cfg.StateLog.FetchState(ctx, assetSpec)
-	if err != nil {
-		return nil, fmt.Errorf("unable to fetch current state: %w", err)
-	}
-
 	// Create a new error reporter for the state machine.
 	errorReporter := NewErrorReporter(assetSpec)
 
 	fsmCfg := protofsm.StateMachineCfg[Event, *Environment]{
 		ErrorReporter: &errorReporter,
-		InitialState:  initialState,
+		InitialState:  &InitState{},
 		Env:           env,
 		Daemon:        m.cfg.DaemonAdapters,
 	}