Skip to content

Rewrite README to be SEP-58-native, aligned with the architecture doc (STE-56)#8

Merged
yvesfracari merged 3 commits into
mainfrom
pedro/ste-56-rewrite-readme-to-be-sep-58-native-and-aligned-with-the
Jun 12, 2026
Merged

Rewrite README to be SEP-58-native, aligned with the architecture doc (STE-56)#8
yvesfracari merged 3 commits into
mainfrom
pedro/ste-56-rewrite-readme-to-be-sep-58-native-and-aligned-with-the

Conversation

@yvesfracari

@yvesfracari yvesfracari commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

What

Rewrites the README so a grant reviewer opening the repo sees a project natively built around SEP-58, consistent with docs/ARCHITECTURE.md and reflecting the code shipped in STE-53/54/55. Also fixes the pinned Docker image, which had never actually worked end to end (required to make every README command runnable).

Note: the issue asks to link docs/PROPOSAL.md, but that doc was deliberately replaced by docs/ARCHITECTURE.md in db716d2 — the README links and stays consistent with ARCHITECTURE.md instead.

README changes

  • Leads with SEP-58: field→pipeline mapping table for all six fields (bldimg, bldopt, source_repo, source_rev, tarball_url, tarball_sha256) with honest MVP/roadmap status per step, plus a source-mode table matching reader/src/sep58.ts exactly (public-repo, hosted-tarball, hosted-tarball-unpinned, content-addressed, none). SEP-46 stays documented as the meta transport, not the headline.
  • SEP-55 reframed as complementary: provenance question ("did a trusted CI compile this Wasm?") vs reproduction question ("does this source produce this Wasm?"), exposed as distinct trust levels — no inferior framing anywhere.
  • Build image story repositioned: SDF stellar-cli-docker images via bldimg + docker/allowlist.json are the primary path (sdf-trusted); this repo's pinned Dockerfile is the interim/fallback (publicly-auditable). Eviction-downgrades-never-deletes semantics documented.
  • New capabilities documented with runnable examples: SEP-58 fields + source-mode inference in read, the imageTrust dimension on verify results, and the content-addressed tarball flow (digest gate first, --docker rebuild).
  • Roadmap: ARCHITECTURE.md §11 milestones with their done-when tests (no tranche table).
  • Kept: reproducibility caveats (extended with the fixture's no-SEP-58-metadata honesty note), live testnet fixture table, verdict model, quick start.

Docker image fixes (prerequisite for "all commands run")

The documented Docker path was broken in two ways:

  1. Image didn't build: the official stellar-cli release binary links libdbus-1.so.3, absent from rust:1.91.1-bookworm → install libdbus-1-3.
  2. --network=none made every in-container build fail: cargo had no registry and couldn't fetch. Fixed with the staged source-acquisition model from ARCHITECTURE.md §8 — the fixture's locked dependency graph is prefetched into the image at build time (manifests + Cargo.lock only; no contract code compiled into the image). Build context moves to the repo root (docker build -f docker/Dockerfile … .) with a whitelist .dockerignore.

Verification (every README command executed)

Command Result
cargo test --locked / stellar contract build --locked pass; hash 6fe7bd58…
pnpm install && pnpm test && pnpm run build 66 passed, 3 skipped
read --id CDVSGPL… prints meta entries, SEP-58 fields, source mode none
verify --id … --wasm … FULL_MATCH, exit 0
verify --id … --tarball … --tarball-sha256 … --docker FULL_MATCH, exit 0
docker build -f docker/Dockerfile … + docker run --network=none … rebuilt hash equals on-chain 6fe7bd58…
scripts/verify.sh … (plain and --docker, and tarball form) FULL_MATCH, exit 0
SOROSCAN_INTEGRATION=1 … integration.testnet.test.ts 3 passed

One caveat surfaced and documented in the quick start: tarball mode without --docker rebuilds in a temp dir, where directory-scoped version managers (asdf/direnv) don't see .tool-versions — so the pinned rust must be the active toolchain outside the repo tree.

Closes STE-56

@yvesfracari
Make the pinned build image work network-isolated
617acf4 
The Docker path never ran end to end: the official stellar-cli release
binary links libdbus-1.so.3, which rust:1.91.1-bookworm doesn't ship, so
the image failed to build; and with --network=none the in-container cargo
could not fetch the dependency graph, so even a successful image couldn't
compile anything.

Install libdbus-1-3, and prefetch the fixture workspace's locked
dependency graph into the image at build time (manifests + Cargo.lock
only, stub lib.rs for target discovery) — the staged source-acquisition
model from docs/ARCHITECTURE.md §8: dependencies arrive while the image
is built, the compile runs with no network. Build context moves to the
repo root so the lockfile is reachable; a whitelist .dockerignore keeps
the context to the manifests.

Verified: docker build + network-isolated docker run reproduce the
on-chain hash 6fe7bd58…, and both 'verify --tarball --docker' and
'scripts/verify.sh --docker' return FULL_MATCH with exit 0.
@yvesfracari
Rewrite README to be SEP-58-native (STE-56)
4e7d954 
A grant reviewer opening the repo now sees a project built around SEP-58
end to end, consistent with docs/ARCHITECTURE.md and the code shipped in
STE-53/54/55:

- Lead with SEP-58; field→pipeline mapping table for all six fields and
  a source-mode table matching reader/src/sep58.ts. SEP-46 stays
  documented as the meta transport, not the headline.
- SEP-55 reframed as the complementary trust level (provenance question
  vs reproduction question), exposed distinctly — no inferior framing.
- Build image story repositioned: SDF stellar-cli-docker images via
  bldimg + docker/allowlist.json as the primary path, this repo's pinned
  Dockerfile as the publicly-auditable fallback, with the
  eviction-downgrades semantics spelled out.
- New capabilities documented with runnable examples: SEP-58 fields and
  source-mode inference in 'read', the imageTrust dimension on verify
  results, and the content-addressed tarball flow (digest gate first).
- Roadmap replaced with the ARCHITECTURE.md §11 milestones including
  their done-when tests.
- Kept: reproducibility caveats (extended with the fixture's
  no-SEP-58-metadata honesty note), live testnet fixture table, verdict
  model, quick start.

Every command in the README was executed and passes; the tarball example
returns FULL_MATCH with exit 0 against the live testnet fixture.
@linear-code

linear-code Bot commented Jun 12, 2026

Copy link
Copy Markdown

STE-56

@yvesfracari
Honest digest-pinning status: the MVP image is tag-pinned until publi…
56c8b15 
…shed

The intro claimed rebuilds run in a digest-pinned image, but the repo's
own image has no registry digest yet (allowlist digest: null, manifest
baseImageDigest TODO). Soften the claim and restore the explicit caveat
the rewrite had dropped: digest references are the requirement, and the
digest is recorded in the manifest and allowlist once the image is
published.
@yvesfracari yvesfracari merged commit 92bba05 into main Jun 12, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yvesfracari