Skip to content

XLS-96 Confidential MPT#294

Draft
ckeshava wants to merge 18 commits into
XRPLF:mainfrom
ckeshava:cmpt
Draft

XLS-96 Confidential MPT#294
ckeshava wants to merge 18 commits into
XRPLF:mainfrom
ckeshava:cmpt

Conversation

@ckeshava

@ckeshava ckeshava commented Apr 27, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

High Level Overview of Change

This PR materializes support for Confidential MPTs in the xrpl-rust library. Here are some salient points about the design choices:

  • This PR introduces models for all the five transactions in the Confidential-Transfer amendment.
  • This library makes use of the C-bindings-for-rust + shared-library of C-code generated from the mpt-crypto Github repository.
  • The usage of C-bindings necessitate the "std" portion of the Rust library. ConfidentialMPTs are the first amendment which have necessitated the use of std in xrpl-rust SDK.
  • This PR also adds models for transactions and requests associated with the cMPT feature.
  • Although the mpt-crypto exposes 88 functions that aid in cryptography-related tasks, xrpl-rust SDK makes use of 12 of these methods for cMPT-related proof-generation transactions. Since xrpl-rust is unlikely to be used as a "validator", the verifier-methods of mpt-crypto library are exposed, but unused.

References:

Sister work in xrpl-py library: https://github.com/XRPLF/xrpl-py/pull/919/changes
mpt-crypto C library: https://github.com/XRPLF/mpt-crypto
Confidential Transfers specification: https://raw.githubusercontent.com/XRPLF/XRPL-Standards/refs/heads/master/XLS-0096-confidential-mpt/README.md

Note to Reviewers: The integration tests are failing because the xrpld instance does not recognise the "ConfidentialTransfer" amendment. This will be rectified once the feature is merged into the develop branch of rippled.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Refactor (non-breaking change that only restructures code)
  • Tests (You added tests for code that already exists, or your new feature included in this PR)
  • Documentation Updates
  • Release

Test Plan

New tests will be added to verify all the new additions to the xrpl-rust SDK. This includes transaction-model related integration+unit tests. It also includes tests against the Rust-wrappers around the linkage of C-shared-library.

Note: This SDK has been tested against the Confidential-Transfer feature branch at the commit: dacd108657d99ff740074d7fc5258772c9ce7a76. Here is the branch with the feature code: https://github.com/XRPLF/rippled/tree/ripple/confidential-transfer. Please build the referenced cpp code if you want to run a standalone rippled node with the Confidential-Transfer amendment.

ckeshava added 3 commits April 24, 2026 16:35
@ckeshava
Rust FFI C-bindings using bindgen; Download all platform binaries fro…
1dc905c 
…m mpt-crypto Github CI
@ckeshava
WIP 2/3: Safe mpt-crypto wrapper: This crate allows users to access t…
2eba122 
…he interfaces exported by mpt-crypto-sys with the typical guarantees of Rust.
@ckeshava
WIP: This commit includes all the transaction models pertaining to Co…
39aca93 
…nfidential MPTs.

What is remaining?
- The integration tests pertaining to ConfidentialMPTs are not complete.
- All the transaction+request models, binary-codec changes pertaining to MPTokensV1 is missing in xrpl-rust. This is a prereq for the above point.
@ckeshava ckeshava changed the title Cmpt XLS-96 Confidential MPT Apr 27, 2026
@codecov

codecov Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.29%. Comparing base (bbaef35) to head (ba947d2).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #294      +/-   ##
==========================================
+ Coverage   83.51%   84.29%   +0.77%     
==========================================
  Files         219      200      -19     
  Lines       22304    20810    -1494     
==========================================
- Hits        18628    17542    -1086     
+ Misses       3676     3268     -408
Flag Coverage Δ
integration ?
unit 84.29% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
src/lib.rs 0.00% <ø> (ø)
src/models/transactions/mod.rs 47.56% <ø> (ø)

... and 23 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

ckeshava and others added 14 commits June 1, 2026 11:18
@ckeshava
fix linter errors
8ac286f
@ckeshava
minor: fix cargo clippy errors
1e25b8d
@ckeshava
Merge branch 'main' into cmpt
acee836
@ckeshava
feat: Do not auto-remove docker container on an ephemeral CI machine
9fef818
@ckeshava
feat: Wire up confidential_mpt (non-default feature) in the Github CI…
2a20f36 
… Unit+Integ tests. Note: The mpt-crypto-sys internal crate is excluded from the integ tests coverage
@ckeshava
minor: re-export mpt_crypto library; Ensures that all users of xrpl-r…
3821cff 
…ust+cmpt feature can make use of mpt_crypto exposed methods
@ckeshava
tests: framework to test the cMPTConvert transaction.
5b8e2a2
@ckeshava
feat: autofill the 10× fee for ConfidentialMPT transactions.
1dbcec3
@ckeshava
tests: cMPT Convert + MergeInbox happy-path integration tests.
a7b0de0
@ckeshava
tests: Integration tests for all the five transactions in Confidentia…
f51df57 
…l_transfer amendment
@ckeshava
minor: fix linter errors
c048ada
@ckeshava
unit test: Additional unit tests for conf_mpt_convert transaction
ad96ce9
@ckeshava @claude
tests: MergeInbox protocol-level failure cases (XLS-0096 §9.2.1.2)
ba947d2 
Add negative-path integration tests for ConfidentialMPTMergeInbox covering
all seven §9.2.1.2 protocol-level failures, plus the helper and model
coverage that support them.

- tests/common: add `test_transaction_with_result`, which signs/submits and
  asserts a caller-specified engine result. `test_transaction` now delegates
  to it with "tesSUCCESS", so the existing callers are unchanged while error
  cases can assert tec/tem/tef codes.

- confidential_mpt.rs: seven MergeInbox failure tests, each asserting the
  code rippled actually returns:
    XRPLF#1 missing issuance/MPToken   -> tecOBJECT_NOT_FOUND
    XRPLF#2 no CanConfidentialAmount   -> tecNO_PERMISSION
    XRPLF#3 uninitialized MPToken      -> tecNO_PERMISSION
    XRPLF#4 unauthorized holder        -> tecNO_AUTH
    XRPLF#5 locked holder              -> tecLOCKED
    XRPLF#6 locked issuance            -> tecLOCKED
    XRPLF#7 issuer merges own issuance -> temMALFORMED
  XRPLF#7 diverges from the spec's stated tefINTERNAL: that preclaim check is an
  unreachable backstop (LCOV_EXCL_LINE), and preflight rejects first with
  temMALFORMED. The test asserts the observable behavior.

- Extend setup_confidential_issuance to grant issuer-side authorization when
  tfMPTRequireAuth is set (required to reach XRPLF#4); add the CanLock /
  RequireAuth / Lock / Unauthorize flag constants.

- Add a builder/accessors unit test for the MergeInbox model.

Verified against a live rippled (ripple/confidential-transfer): all 8
MergeInbox tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@pdp2121
add missing utility functions
49600f8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ckeshava @pdp2121