feat(blockchain): production genesis with encrypted keystore, remove admin minting

- Introduce production setup script: scripts/setup_production.py - Generates aitbc1genesis (treasury) and aitbc1treasury (spending) wallets - Encrypts keys via AES-GCM, stores password in keystore/.password (600) - Creates allocations.json and genesis.json with fixed total supply - Sets mint_per_unit=0 (no inflation) - Update make_genesis.py: - Accept allocations file instead of single faucet - Use 'allocations' key in genesis (renamed from 'accounts') - Enforce mint_per_unit=0 in default params - Remove admin mint endpoint: - Deleting MintFaucetRequest and /rpc/admin/mintFaucet from router.py - Removes faucet CLI command from cli/aitbc_cli/commands/blockchain.py - RPC supply endpoint now computes total supply from genesis file (fixed) - Validators endpoint derives list from trusted_proposers config - Config enhancements (config.py): - Add keystore_path and keystore_password_file - Change mint_per_unit default to 0 - main.py: Auto-load proposer private key from keystore into settings.proposer_key (hex) for future use - Launcher scripts: - scripts/mainnet_up.sh: Loads .env.production, derives proposer_id from keystore if needed, starts node + RPC - scripts/devnet_up.sh: Updated to use new allocations-based genesis and proper proposer address - Documentation: - Rewrite blockchain-node/README.md for production model (no faucet, keystore management, multi-chain) - Update MEMORY.md with production blockchain section - Database: Multi-chain support already present via chain_id foreign keys. This change makes the blockchain production‑ready: immutable supply, secure key storage, and removal of dev‑only admin functions. Co-authored-by: Andreas Michael Fleckl <andreas@example.com>
2026-03-16 09:24:07 +00:00
parent f11f277e71
commit 337c68013c
13 changed files with 974 additions and 211 deletions
--- a/apps/blockchain-node/src/aitbc_chain/consensus/poa.py
+++ b/apps/blockchain-node/src/aitbc_chain/consensus/poa.py
@@ -1,7 +1,9 @@
 import asyncio
 import hashlib
+import json
 import re
 from datetime import datetime
+from pathlib import Path
 from typing import Callable, ContextManager, Optional

 from sqlmodel import Session, select
@@ -9,7 +11,7 @@ from sqlmodel import Session, select
 from ..logger import get_logger
 from ..metrics import metrics_registry
 from ..config import ProposerConfig
-from ..models import Block
+from ..models import Block, Account
 from ..gossip import gossip_broker

 _METRIC_KEY_SANITIZE = re.compile(r"[^a-zA-Z0-9_]")
@@ -199,14 +201,17 @@ class PoAProposer:
                height=0,
                hash=block_hash,
                parent_hash="0x00",
-                proposer="genesis",
+                proposer=self._config.proposer_id,  # Use configured proposer as genesis proposer
                timestamp=timestamp,
                tx_count=0,
                state_root=None,
            )
            session.add(genesis)
            session.commit()
-            
+
+            # Initialize accounts from genesis allocations file (if present)
+            await self._initialize_genesis_allocations(session)
+
            # Broadcast genesis block for initial sync
            await gossip_broker.publish(
                "blocks",
@@ -222,6 +227,33 @@ class PoAProposer:
                }
            )

+    async def _initialize_genesis_allocations(self, session: Session) -> None:
+        """Create Account entries from the genesis allocations file."""
+        # Look for genesis file relative to project root: data/{chain_id}/genesis.json
+        # Alternatively, use a path from config (future improvement)
+        genesis_path = Path(f"./data/{self._config.chain_id}/genesis.json")
+        if not genesis_path.exists():
+            self._logger.warning("Genesis allocations file not found; skipping account initialization", extra={"path": str(genesis_path)})
+            return
+
+        with open(genesis_path) as f:
+            genesis_data = json.load(f)
+
+        allocations = genesis_data.get("allocations", [])
+        created = 0
+        for alloc in allocations:
+            addr = alloc["address"]
+            balance = int(alloc["balance"])
+            nonce = int(alloc.get("nonce", 0))
+            # Check if account already exists (idempotent)
+            acct = session.get(Account, (self._config.chain_id, addr))
+            if acct is None:
+                acct = Account(chain_id=self._config.chain_id, address=addr, balance=balance, nonce=nonce)
+                session.add(acct)
+                created += 1
+        session.commit()
+        self._logger.info("Initialized genesis accounts", extra={"count": created, "total": len(allocations)})
+
    def _fetch_chain_head(self) -> Optional[Block]:
        with self._session_factory() as session:
            return session.exec(select(Block).order_by(Block.height.desc()).limit(1)).first()