Expose PCZT getters and add governance wallet query methods#4
Closed
greg0x wants to merge 2 commits into
Closed
Conversation
External governance protocols (shielded voting) need to: - Replace the Orchard bundle in a PCZT after constructing a custom governance action (Pczt::set_orchard) - Read back the spend_auth_sig after a hardware wallet signs the PCZT, so the signature can be threaded into a ZK delegation proof - Serialize an orchard::pczt::Bundle into the PCZT wire format from outside the crate (Bundle::serialize_from) - Construct an ephemeral SqliteShardStore from a raw connection to build Merkle witnesses without going through WalletDb (SqliteShardStore::from_connection) Remove set_orchard and narrow serialize_from visibility (#3) Clean up PCZT APIs that are no longer needed now that governance PCZT construction uses `Creator::build_from_parts` (see valargroup/zcash_voting#1). - Remove `Pczt::set_orchard()` — was only used by librustvoting to manually inject an orchard bundle after creating an empty PCZT shell. No longer needed since `build_from_parts` accepts the bundle directly. - Narrow `orchard::Bundle::serialize_from` from `pub` to `pub(crate)` — only used internally by the creator role, no external callers.
WalletDb gains two new methods (not on traits — governance-specific): - get_orchard_notes_at_snapshot(account, height): returns all Orchard notes received at or before snapshot_height and unspent as of that height. Backward-looking query for voting snapshots, unlike select_unspent_notes which is forward-looking. - generate_orchard_witnesses_at_frontier(positions, frontier, height): copies wallet shard data to ephemeral in-memory DB, inserts the lightwalletd frontier as a checkpoint, and generates Merkle witnesses. Wallet DB is strictly read-only. These replace the wallet DB access previously embedded in librustvoting, completing the clean separation: librustzcash owns wallet domain, librustvoting owns voting domain, SDK wires them together. Fix rustfmt and clippy warnings in generate_orchard_witnesses_at_frontier Applies rustfmt formatting and replaces redundant closures with direct function references (`.map_err(SqliteClientError::DbError)`).
greg0x
force-pushed
the
valargroup/pczt-governance-extensions-0.11
branch
from
0669f6c to
b167c8d
Compare
greg0x
changed the base branch from
maint/zcash_client_sqlite-0.19.x
to
maint/zcash_client_sqlite-0.18.x
greg0x
changed the base branch from
maint/zcash_client_sqlite-0.18.x
to
maint/zcash_client_sqlite-0.19.x
greg0x
pushed a commit
that referenced
this pull request
Mar 24, 2026
fix(keys): enforce debug redaction for AccountPubKey/UFVK, extend tests, and update changelogs
p0mvn
pushed a commit
that referenced
this pull request
Apr 3, 2026
…14868de..23f0768ea 23f0768ea Release lightwallet-protocol v0.4.0 41156c767 Merge pull request #11 from zcash/feature/get_mempool_tx_pools 7c130e883 Add `lightwalletProtocolVersion` field to `LightdInfo` struct. edbb726d7 Apply suggestion from code review 38fddd73b Apply suggestions from code review 0250f2720 Add pool type filtering to `GetMempoolTx` argument. 54ccaadd5 Change semantics of pool-based pruning of compact transactions from "may prune" to "must prune". b0667ec99 Merge pull request #9 from zcash/2025-11-doc-TransparentAddressBlockFilter f3fea7bd4 doc: TransparentAddressBlockFilter doesn't include mempool a67dd323a Merge pull request #8 from zcash/2025-11-lightdinfo-upgrade-info 11da4b7e3 add next upgrade info to LightdInfo structure (GetLightdInfo) 42cd8f720 Transparent data docs update (#7) c0cf957ac Merge pull request #5 from zcash/2025-11-comments 912fc3609 Minor clarification in GetBlockRange documentation. 6b03f2cce Documentation (comments) only d978256a2 Merge pull request #1 from zcash/compact_tx_transparent 7eeb82e7c Merge pull request #4 from zcash/add_changelog a95359dc9 Apply suggestions from code review 592b637a8 Add transparent data to the `CompactBlock` format. 9d1fb2c41 Add a CHANGELOG.md that documents the evolution of the light client protocol. 180717dfa Merge pull request #3 from zcash/merge_librustzcash_history 450bd4181 Merge the history of the .proto files from `librustzcash` for complete history preservation. a4859d11d Move protobuf files into place for use in `zcash/lightwallet-protocol` 2e66cdd9e Update zcash_client_backend/proto/service.proto eda012519 fix comment f838d10ad Add gRPC LightdInfo Donation Address db12c0415 Merge pull request zcash#1473 from nuttycom/wallet/enrichment_queue 698feba96 Apply suggestions from code review 20ce57ab3 zcash_client_backend: Add `block_height` argument to `decrypt_and_store_transaction` a6dea1da8 Merge pull request zcash#1482 from zancas/doc_tweak 4d2d45fc9 fix incorrect doc-comment e826f4740 update CompactBlock doc-comment, to cover non-Sapling shielded notes, and addresses e9a6c00bf Various documentation improvements 988bc7214 Merge pull request zcash#872 from nuttycom/feature/pre_dag_sync-suggest_scan_ranges 58d07d469 Implement `suggest_scan_ranges` and `update_chain_tip` a9222b338 Address comments from code review. e20310857 Rename proto::compact::{BlockMetadata => ChainMetadata} ac63418c5 Reorganize Sapling and Orchard note commitment tree sizes in CompactBlock. 0fdca14f1 zcash_client_backend: Add note commitment tree sizes to `CompactBlock` serialization. 2a0c2b8b7 zcash_client_backend: Add gRPC bindings behind feature flag 1342f0480 zcash_client_backend: Address compact_formats.proto comments 68aa4e01b zcash_client_backend: Bring in latest `compact_formats.proto` e712eb1bc Add prevHash field to CompactBlock 440384c3e Build protobufs for compact formats git-subtree-dir: zcash_client_backend/lightwallet-protocol git-subtree-split: 23f0768ea4471b63285f3c0e9b6fbb361674aa2b
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the minimal librustzcash surface needed for Zcash shielded voting (governance protocol). Targets
maint/zcash_client_sqlite-0.19.x(orchard 0.11); same changes apply cleanly to main (orchard 0.12).PCZT changes (
pcztcrate)Spend::spend_auth_siggetter — read back the hardware wallet signature after signing, so it can be threaded into a ZK delegation proofSigner::shielded_sighash()getter — expose the cached sighash (already on upstream main, backported here)Wallet changes (
zcash_client_sqlitecrate)Two new governance-specific methods on
WalletDb(inherent, not on wallet traits — these don't belong in the general-purpose API):get_orchard_notes_at_snapshot(account, height)— returns all Orchard notes received at or beforesnapshot_heightand unspent as of that height. Backward-looking query for voting snapshots, unlikeselect_unspent_noteswhich is forward-looking (based on tx expiry).generate_orchard_witnesses_at_frontier(positions, frontier, height)— copies wallet shard data to an ephemeral in-memory database, inserts the lightwalletd frontier as a checkpoint, and generates Merkle witnesses at the snapshot anchor. The wallet DB is strictly read-only.Internal visibility changes
SqliteShardStore::from_connectionwidened topub(needed bygenerate_orchard_witnesses_at_frontiercallers who construct ephemeral stores)orchard::Bundle::serialize_fromnarrowed topub(crate)— only used internally by the creator roleContext
Governance protocols need to construct Orchard-only PCZTs for hardware wallet signing, query wallet notes at a historical snapshot, and generate witnesses anchored at that snapshot's frontier (even if the wallet has synced past it). These changes cleanly separate concerns: librustzcash owns the wallet domain, the voting library owns the voting domain, and the SDK wires them together.