feat(chain): unify key safety and expand tx primitives beyond Cascade

README.md

@@ -29,7 +29,11 @@ This SDK covers the full action lifecycle used by apps and services:
 
 1. **Chain client (`chain`)**
    - action params + fee lookup
+   - account info lookup
    - action registration transaction flow
+   - generic tx build/sign/broadcast utilities
+   - tx gas simulation helper + adjusted gas signing flow
+   - tx confirmation lookup/wait helpers
 
 2. **sn-api client (`snapi`)**
    - start upload

docs/chain-feasibility-gap-analysis.md

@@ -0,0 +1,47 @@
+# sdk-rs chain expansion feasibility (vs sdk-go)
+
+## Scope requested
+1) Safe/unified key handling for tx signing + message signing.
+2) Expand beyond Cascade into stronger chain interactions (account info, fees, tx sending, tx confirmation).
+
+## Feasibility verdict
+**Feasible now with current Rust stack** (`cosmrs`, `tendermint-rpc`, `reqwest`).
+No blocker found for parity on the requested baseline.
+
+## What exists in sdk-rs today
+- Action params and action-fee query (REST).
+- Register-action tx flow with signing and sequence retry.
+- sn-api upload/download orchestration.
+
+## Gaps relative to sdk-go baseline
+- No dedicated identity/key module (key derivation duplicated in examples).
+- No explicit signer/address mismatch guard in tx path.
+- Fee handling in tx path was static/fixed (not parsed from configured gas price).
+- No generic tx lookup + wait-for-confirmation utility.
+- No explicit account-info public API.
+
+## What was implemented in this step
+- Added `src/keys.rs`:
+  - `SigningIdentity::from_mnemonic(...)` (single source for tx + arbitrary signing keys).
+  - `validate_address(...)` and `validate_chain_prefix(...)`.
+  - `derive_signing_keys_from_mnemonic(...)` helper for existing flows.
+- Updated `src/chain.rs`:
+  - Added signer-vs-creator precheck (`validate_signer_matches_creator`).
+  - Added `get_account_info(address)`.
+  - Added `calculate_fee_amount(gas_limit)` from configured gas price.
+  - Replaced fixed tx fee with gas-price-derived fee.
+  - Added `get_tx(tx_hash)` and `wait_for_tx_confirmation(tx_hash, timeout_secs)`.
+  - Added generic tx path: `build_signed_tx(...)`, `broadcast_signed_tx(...)`, `send_any_msgs(...)`.
+  - Added gas simulation + adjusted signing flow: `simulate_gas_for_tx(...)`, `build_signed_tx_with_simulation(...)`.
+  - Added common Lumera wrapper: `request_action_tx(...)`.
+  - Added broadcast mode support: `Async`, `Sync`, `Commit`.
+- Refactored examples (`golden_devnet`, `ui_server`) to use centralized key derivation helper.
+
+## Next parity steps (recommended)
+1. Add richer tx result/event extraction helpers for action/general events.
+2. Add integration tests for signer/address mismatch and tx wait timeout behavior.
+3. Add convenience wrappers for more common Lumera msgs on top of generic tx path.
+
+## Validation done
+- `cargo check`: pass
+- `cargo test --lib`: pass (13 tests)

examples/golden_devnet.rs

@@ -1,27 +1,11 @@
 use std::{
     path::PathBuf,
-    str::FromStr,
     time::{Duration, SystemTime, UNIX_EPOCH},
 };
 
-use bip32::{DerivationPath, XPrv};
-use bip39::Mnemonic;
-use k256::ecdsa::SigningKey as K256SigningKey;
-use lumera_sdk_rs::{CascadeConfig, CascadeSdk, RegisterTicketRequest};
-
-fn derive_signing_keys(
-    mnemonic: &str,
-) -> anyhow::Result<(cosmrs::crypto::secp256k1::SigningKey, K256SigningKey)> {
-    let m = Mnemonic::parse(mnemonic)?;
-    let seed = m.to_seed("");
-    let path = DerivationPath::from_str("m/44'/118'/0'/0/0")?;
-    let xprv = XPrv::derive_from_path(seed, &path)?;
-    let sk_bytes = xprv.private_key().to_bytes();
-    let chain_sk = cosmrs::crypto::secp256k1::SigningKey::from_slice(&sk_bytes)
-        .map_err(|e| anyhow::anyhow!("cosmrs signing key: {e}"))?;
-    let arb_sk = K256SigningKey::from_slice(&sk_bytes)?;
-    Ok((chain_sk, arb_sk))
-}
+use lumera_sdk_rs::{
+    keys::derive_signing_keys_from_mnemonic, CascadeConfig, CascadeSdk, RegisterTicketRequest,
+};
 
 fn extract_state(v: &serde_json::Value) -> String {
     for key in ["status", "state", "task_status"] {
@@ -69,7 +53,8 @@ async fn main() -> anyhow::Result<()> {
     };
 
     let sdk = CascadeSdk::new(cfg);
-    let (chain_sk, arb_sk) = derive_signing_keys(&mnemonic)?;
+    let (chain_sk, arb_sk) =
+        derive_signing_keys_from_mnemonic(&mnemonic).map_err(|e| anyhow::anyhow!(e.to_string()))?;
 
     let exp_secs = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() + 172800;
     let expiration_time = exp_secs.to_string();

examples/ui_server.rs

@@ -1,7 +1,6 @@
 use std::{
     collections::HashMap,
     net::SocketAddr,
-    str::FromStr,
     sync::Arc,
     time::{SystemTime, UNIX_EPOCH},
 };
@@ -14,8 +13,6 @@ use axum::{
     Json, Router,
 };
 use base64::{engine::general_purpose::STANDARD as B64, Engine as _};
-use bip32::{DerivationPath, XPrv};
-use bip39::Mnemonic;
 use k256::ecdsa::SigningKey as K256SigningKey;
 use lumera_sdk_rs::{CascadeConfig, CascadeSdk, RegisterTicketRequest};
 use rand::{distributions::Alphanumeric, Rng};
@@ -132,25 +129,9 @@ fn random_token(len: usize) -> String {
 fn derive_signing_keys(
     mnemonic: &str,
 ) -> Result<(cosmrs::crypto::secp256k1::SigningKey, K256SigningKey), ApiError> {
-    let m = Mnemonic::parse(mnemonic).map_err(|e| ApiError {
-        error: format!("invalid LUMERA_MNEMONIC: {e}"),
-    })?;
-    let seed = m.to_seed("");
-    let path = DerivationPath::from_str("m/44'/118'/0'/0/0").map_err(|e| ApiError {
-        error: format!("invalid derivation path: {e}"),
-    })?;
-    let xprv = XPrv::derive_from_path(seed, &path).map_err(|e| ApiError {
-        error: format!("failed deriving key from mnemonic: {e}"),
-    })?;
-    let sk_bytes = xprv.private_key().to_bytes();
-    let chain_sk =
-        cosmrs::crypto::secp256k1::SigningKey::from_slice(&sk_bytes).map_err(|e| ApiError {
-            error: format!("failed creating chain signing key: {e}"),
-        })?;
-    let arb_sk = K256SigningKey::from_slice(&sk_bytes).map_err(|e| ApiError {
-        error: format!("failed creating arbitrary signing key: {e}"),
-    })?;
-    Ok((chain_sk, arb_sk))
+    lumera_sdk_rs::keys::derive_signing_keys_from_mnemonic(mnemonic).map_err(|e| ApiError {
+        error: e.to_string(),
+    })
 }
 
 fn extract_state(v: &serde_json::Value) -> String {