tapgarden: implement SealBatch

[jharveyb]

Addresses #722. Depends on #827.

Remaining TODOs:

• Extend tapdb/asset_minting tests to cover new query params for script key, group key, etc.
• Add tests for tapdb/asset_minting/CommitBatchTx, AddSeedlingGroups, FetchSeedlingGroups
• Update SealBatch to reject being called more than once
• Add itest that mints with custom asset group witnesses, custom script keys
• Add itest that spends an asset minted with a custom script key
• Update existing minting itests as needed
• Add itest that spends an anchor amount with a custom script instead of a signature

[jharveyb]

Have an external group witness working now in unit tests. Still looking at ways to prevent SealBatch from being called multiple times.

Right now IIUC we don't explicitly reject new seedling requests after a batch is frozen, so one option is to just freeze the batch at the end of SealBatch + disallow all calls except for FinalizeBatch on a frozen batch. So after calling SealBatch, the only other calls available would be finalize or cancel.

[guggero]

Looks pretty good to me! Looking forward to seeing it in action with an itest 🎉
Main request is to potentially remove some code duplication by moving some of the complexity of the seedlings further down, instead of having two almost identical batch structs.

[jharveyb]

Looks like a possible new flake in custodian event handling?

--- FAIL: TestTransactionConfirmedOnly (123.22s)
    test_postgres.go:11: Creating new Postgres DB for testing
    custodian_test.go:220: 
        	Error Trace:	/home/runner/work/taproot-assets/taproot-assets/tapgarden/custodian_test.go:220
        	            				/home/runner/work/taproot-assets/taproot-assets/tapgarden/custodian_test.go:740
        	            				/home/runner/work/taproot-assets/taproot-assets/tapgarden/custodian_test.go:669
        	Error:      	Received unexpected error:
        	            	method did not return within the timeout
        	Test:       	TestTransactionConfirmedOnly
FAIL
FAIL	github.com/lightninglabs/taproot-assets/tapgarden	156.362s
FAIL

[jharveyb]

Posted some updates, mostly fixes where the group tapscript root wasn't being propogated correctly.

Also some changes in the MintAsset RPC to accomodate all the new fields.

Still working out some marshalling issues when generating group witnesses.

[jharveyb]

Posted my latest state. The issue with the version of the test I was working on before was internal keys not derived from the backing tapd node. Example for derivation here:

taproot-assets/itest/mint_fund_seal_test.go

Line 70 in 761212d

deriveRandomKey := func(lnd *node.HarnessNode) keychain.KeyDescriptor {

The posted version generates a sig for a siglock external to the planter, but I could not get a similar witness working if that key was derived from the backing lnd node, for both the Taproot Assets key family, or a random key family.

I'm at the last steps of the PSBT flow, which is very similar to the multisig test.

[jharveyb]

Remaining tasks:

• freeze batch at the end of SealBatch to prevent further calls to add seedlings, fund, or freeze
• Add CLI support

There's a path toward external key support in the itest via some changes in buildGroupReqs and how the key descriptor is set in the seedling:

#883 (comment)

[jharveyb]

I have a branch that resolves #883 , but the better fix for that would be switching to SignPsbt for the VirtualTxSigner.

From offline discussion, I think for this PR we'll continue to accept a non-local group internal key without any constraints on the keyDescriptor / won't require mutual exclusion of the pubkey and keyLocator. I think having the family and index in the DB for a non-local internal key is useful in some cases, and shouldn't cause issues if it's for the group internal key.

[jharveyb]

CLI commands are added, but they omit the fields with non-trivial formatting like KeyDescriptor or asset.ScriptKey. Similar to the commands we have for generating addresses, some functionality is only available via the RPCs directly.

[lightninglabs-deploy]

@GeorgeTsagk: review reminder
@guggero: review reminder

[guggero]

Very nice! tACK, LGTM 🎉

Mostly nits and nice-to-haves.

[guggero]

Does this command really do anything on the command line other than sanity check that we can generate witnesses for all group keys in the batch? Not sure if we should hide (Hidden: true) the command and only keep it for debugging? Since it probably doesn't make sense to support submitting the actual witnesses through the CLI (only makes sense through RPC).

[Roasbeef]

Hmm, yeh seems odd given that it doesn't have any acutal args in the proto.

[jharveyb]

Yeah I agree it doesn't have much use...

I suppose we want to still expose fund as we'll add other features to that later.

[jharveyb]

Update: added more to the descriptions and hid this cmd. In practice you could do fund + finalize from the CLI if we don't accept witness in seal.

[Roasbeef]

Great itest, but I think it would be easier to follow if some of the sub-components were split down into helper functions. So eg:

• Making the tapscript root for the group key.
• Making the root for the funding output tapscript leaf.
• Signing on both levels,
• The multi-sig sign and transfer at the end,

etc

[Roasbeef]

Hmm, yeh seems odd given that it doesn't have any acutal args in the proto.

[Roasbeef]

Shouldn't this require that group witnesses re provided? Otherwise, how can you seal a batch w/o providing the witness?

[jharveyb]

The check for all assets that need a witness, having a witness, is in the planter:

taproot-assets/tapgarden/planter.go

Line 1360 in 4b15443

switch {

For all assets without an external witness, we try to derive the default witness. If we are unable to, DeriveGroupKey fails and no groups would be saved to disk.

So this call would fail if at least one external witness is needed. From the RPC layer, we can't really know if any external witnesses are needed.

[jharveyb]

Updated to address all comments, itest should be more readable now + other small fixes.

[Roasbeef]

LGTM 🍵