Vault migration withdrawal validator

[HinsonSIDAN]

Summary

Add a new migration withdrawal validator to the hydra account module, enabling safe migration of account UTxOs from an old script to a new script while preserving value and updating the trading_logic reference.

Changes

Core Changes

• validators/hydra_account/migration.ak (new): Migration withdrawal validator that validates account UTxOs are correctly moved from old to new script hash, preserving value and updating trading_logic to new hydra_order_book_script_hash
• validators/hydra_account/core.ak: Added HydraAccountMigrate redeemer handling and ProcessMigration operation dispatch to the core account validator
• validators/hydra_account/transferal.ak: Updated transferal logic (input filtering, trade account checks)
• lib/hydra_dex/types.ak: Added HydraAccountMigrate redeemer variant and ProcessMigration operation type

Specs

• spec/8_hydra_account/w_migration.md (new): Full specification for the migration withdrawal validator
• spec/8_hydra_account/core.md: Added migration redeemer documentation
• spec/8_hydra_account/w_transferal.md: Updated transferal spec

Tests

• validators/tests/hydra_account/migration.ak (new): Comprehensive tests for migration validator (happy path + failure cases)
• validators/tests/hydra_account/spend.ak: Added migration redeemer test cases to spend tests
• validators/tests/hydra_account/transferal.ak: Updated transferal tests
• validators/tests/utils.ak: Added test utility helpers for migration scenarios

Build

• plutus.json: Updated compiled validator hashes

Commits

2 commits

---

Generated by /wf:create-pr

[Copilot]

Pull request overview

Adds a new HydraAccount “migration” path to support migrating account UTxOs from an old hydra_account script hash to a new one using an oracle-provided target script hash and updated hydra_order_book_script_hash.

Changes:

• Introduces a new migration withdrawal validator and wires it into hydra_account/core.ak via HydraAccountMigrate / ProcessMigration.
• Tightens hydra internal transferal rules to disallow unrelated hydra_account inputs/outputs (beyond the from/to accounts) while allowing non-account inputs/outputs.
• Adds specs and tests for the migration flow and updates types to include the new redeemer/operation.

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
validators/hydra_account/migration.ak	New withdrawal validator enforcing migration rules (old → new script) and trading logic update.
validators/hydra_account/core.ak	Adds HydraAccountMigrate spend handling + ProcessMigration withdrawal dispatch.
validators/hydra_account/transferal.ak	Updates “no other inputs/outputs” rule to be specific to hydra_account address.
lib/hydra_dex/types.ak	Adds HydraAccountMigrate and ProcessMigration variants.
validators/tests/hydra_account/migration.ak	New test suite for migration withdrawal validator.
validators/tests/hydra_account/spend.ak	Adds spend-path tests for the new migrate redeemer.
validators/tests/hydra_account/transferal.ak	Updates transferal tests to cover the new “no other hydra_account inputs/outputs” rule.
validators/tests/utils.ak	Adds migration-related mock hashes, datum, and helper account constructors.
spec/8_hydra_account/w_migration.md	New spec describing migration withdrawal behavior and workflow.
spec/8_hydra_account/core.md	Documents HydraAccountMigrate spend behavior.
spec/8_hydra_account/w_transferal.md	Updates transferal spec to match the new filtering rule.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The spec says migration preserves total value: inputs_value(AI) == outputs_value(AO), but the implementation currently preserves only without_lovelace() value. Please clarify whether lovelace is intentionally excluded (and update the spec wording accordingly) or update the validator to preserve full value.

Suggested change

	- Total value preserved: `inputs_value(AI) == outputs_value(AO)`
	- Total non-ADA value preserved (excluding lovelace): `inputs_value(AI).without_lovelace() == outputs_value(AO).without_lovelace()`

[Copilot]

Migration workflow step 4 says to use ProcessMigration withdrawal on the new script, but the surrounding description (and HydraAccountMigrate spend logic) implies the withdrawal script that must be present is the old hydra_account script hash being spent. Please fix this to avoid confusing integrators about which withdrawal script hash must be included in the transaction.

Suggested change

	4. Migrate all `hydra_account` UTxOs using `ProcessMigration` withdrawal on the **new** script
	4. Migrate all `hydra_account` UTxOs using `ProcessMigration` withdrawal on the **old** `hydra_account` script

[Copilot]

is_value_preserved compares inputs_value/outputs_value after without_lovelace(). This means a migration can pass while moving arbitrary lovelace out of the old account UTxO(s) (and, if an account UTxO only holds lovelace, the check becomes 0 == 0 and account_outputs can even be empty). If the intent is to preserve full value (as the spec/PR description suggest), compare full Value (including lovelace) and/or add explicit constraints for lovelace (e.g., allow only fee-related delta) and require at least one migrated output at the new script address.