Architecture for "Marlowe Transaction Creation"

[bwbush]

The Marlowe Transaction Creation component of Marlowe Runtime builds a valid Marlowe transaction from the inputs that will be applied to the contract, the constraints on Marlowe transactions in general, and the UTxOs available for building the transaction.

Resources:

• Narrative of requirements
• Tutorial on building and running Marlowe transactions (high level), using marlowe-cli run
• Tutorial on building and running Marlowe transactions (low level), using marlowe-cli transaction

Acceptance criteria:

1. Compute regular fees
2. Compute Plutus execution cost
3. Make coin selection
4. Balance transaction
5. Find collateral
6. Obey transaction constraints

[bwbush]

Sequence of Interactions

Transaction to Apply Inputs

1. Marlowe Transaction Creation (MTC) component receives request for applying inputs to a Marlowe contract:
   a. The TxOutRef that identifies the Marlowe contract.
   b. The TransactionInput that is to be applied to the contract.
   c. The name of the Marlowe Role that is authorizing the transaction, or the PKH authorizing the transaction.
   d. The list of addresses whose unpsent UTxOs can be used in building the transaction.
   e. The change address.
2. MTC queries the Marlowe Contract History (MCH) component:
   a. The currently unspent UTxO for the contract identified by the TxOutRef for the contract's creation.
   b. The Datum at that unspent UTxO.
   c. The UTxO in which the authorizing role token resides, or at the PKH authorizing the transaction.
   d. A map of address to unspent UTxOs at each address, for use in building the transaction.
3. MTC runs computeTransaction to yield TransactionOutput.
4. MTC optionally fails if TransactionOutput contains warnings txOutWarnings.
5. MTC serializes the TransactionInput{txInputs} to a Redeemer.
6. MTC serializes the TransactionOutput{txOutState,txOutContract} to a new Datum.
7. MTC identifies external payments (to PKH or role-validator address) in TransactionOutput{txOutPayments}.
8. MTC identifies total IDeposit in TransactionInput.
9. MTC selects UTxOs that cover the deposit, plus a buffer for the transaction fees and minimum Ada.
   a. Minimize the number of signatures needed by minimizing the number of addresses used.
   b. Minimize the number of irrelevant native tokens consumed.
10. MTC constructs a provisional TxBodyContent:
    a. TxIn to consume role token (if any).
    b. TxOut to return role to the address from which it was spent.
    c. TxIn to consume the UTxO at the script address, along with the datum there and the script for the witness.
    d. Consume sufficient UTxOs to cover deposit plus buffer.
    e. Send change to one of the change address.
11. MTC computes execution cost, fees, and change.
12. MTC serialises as CBOR for a TxBody.
13. MTC sends unsigned transaction to Marlowe Wallet Interface (MWI) for signing.
14. MTC receives signed transaction from MWI.
15. MTC submits signed transaction to local node.

Transaction to Create Contract

1. Marlowe Transaction Creation (MTC) component receives request for creating a Marlowe contract:
   a. The Contract and State for the contract.
   b. The addresses to which role tokens should be sent.
   c. The list of addresses whose unpsent UTxOs can be used in building the transaction.
   d. The change address.
2. MTC queries the Marlowe Contract History (MCH) component:
   a. A map of address to unspent UTxOs at each address, for use in building the transaction.
3. MTC serializes the MarloweData to a new Datum.
4. MTC selects UTxOs that cover the deposit to the contract address, plus a buffer for the transaction fees and minimum Ada.
   a. Minimize the number of signatures needed by minimizing the number of addresses used.
   b. Minimize the number of irrelevant native tokens consumed.
5. MTC constructs a provisional TxBodyContent:
   a. Consume sufficient UTxOs to cover deposit plus buffer.
   e. Send change to one of the change address.
6. MTC computes execution cost, fees, and change.
7. MTC serialises as CBOR for a TxBody.
8. MTC sends unsigned transaction to Marlowe Wallet Interface (MWI) for signing.
9. MTC receives signed transaction from MWI.
10. MTC submits signed transaction to local node.

Transaction to Withdraw Funds

1. Marlowe Transaction Creation (MTC) component receives request for withdrawing funds paid by a Marlowe contract:
   a. The TxOutRef that identifies the Marlowe contract.
   b. The name of the Marlowe Role that is authorizing the transaction, or the PKH authorizing the transaction.
   c. The list of addresses whose unpsent UTxOs can be used in building the transaction.
   f. The change address.
2. MTC queries the Marlowe Contract History (MCH) component:
   a. The currently unspent UTxOs at the role-payout address for the contract identified by the TxOutRef for the contract's creation.
   b. The UTxO with the correct Datum.
   c. The UTxO in which the authorizing role token resides, or at the PKH authorizing the transaction.
   d. A map of address to unspent UTxOs at each address, for use in building the transaction.
3. MTC selects UTxOs that cover the potential transaction fees and minimum Ada.
   a. Minimize the number of signatures needed by minimizing the number of addresses used.
   b. Minimize the number of irrelevant native tokens consumed.
4. MTC constructs a provisional TxBodyContent:
   a. TxIn to consume role token.
   b. TxOut to return role to the address from which it was spent.
   c. TxIn to consume the UTxO at the script address, along with the datum there and the script for the witness.
   d. Consume sufficient UTxOs to cover potential fees.
   e. Send change to one of the change address.
5. MTC computes execution cost, fees, and change.
6. MTC serialises as CBOR for a TxBody.
7. MTC sends unsigned transaction to Marlowe Wallet Interface (MWI) for signing.
8. MTC receives signed transaction from MWI.
9. MTC submits signed transaction to local node.

[hrajchert]

I would add in the Transaction to Create Contract

1.e Optionally, a set of contract metadata (Map Int Json) to be attached to the tx metadata

[bwbush]

Because we might want to defer some Transaction Creation functions to wallets, we should aim for very clean separation between sub-components:

• determining constraints on the transactions and ingredients within it
• querying UTxOs available for coin selection
• coin selection as a process
• the particular algorithm used for coin selection
• serializing the transaction (as CBOR)
• submitting the transaction

[jhbertra]

I think these are all behaviours that can be injected (or composed)

[bwbush]

Here is work in progress on a proof-of-principle example for coin selection and transaction creation in Marlowe: #240.

[jhbertra]

@bwbush thanks for this thorough summary of the requirements! This very clearly lays out everything that needs to be done to create the transactions.

The first thing that comes to me is that there are potentially two approaches we can take with this component, each of which offers advantages and disadvantages:

1. Implement it as a pure pipeline that accepts a request and produces an unsigned transaction, or an error.
2. Implement it as a protocol, and have the contract creator interactively request new information from the client as needed.

Advantages of the pure pipeline approach:

• Easier to test (much of the existing runtime code is difficult to test because it is not written like this (for legitimate reasons)).
• More library-like - can be used outside of the runtime executables more easily

Advantages of the protocol approach:

• Resources can be incrementally requested as needed rather than being provided up-front. For example, if more addresses are required to satisfy the constraints, they can be requested on demand. This would fit the generator-like interface of wallets for obtaining addresses, and not limit it to a finite set provided with the request.
• Consumers can report progress in a more fine-grained manner

My intuition tells me that having a pure function to compute the unsigned transaction given a full universe of inputs would be extremely useful, but I also think the interactive, incremental approach of being able to request resources as needed from the client has advantages that would be a shame to lose.

Ultimately, I think we may be able to have it both ways. If we implement the transaction creation as a protocol, we can convert that to a pure function which accepts a context data structure that contains all the necessary information, and feeds that into the protocol. This could be used as a library function, or it could be used by the CLI when working with a fixed set of addresses. The protocol version could be used when writing a wallet integration, or in an interactive CLI mode.

[jhbertra]

Here is an example of what such a protocol may look like:

stateDiagram-v2
  [*] --> Init
  Init --> Building : BuildTransaction
  Building --> ProducingAddress : AwaitAddress
  ProducingAddress --> Done : AddressesExhausted
  ProducingAddress --> Building : YieldAddress
  Building --> Done : BuildFailed
  Building --> Signing : SignTransaction
  Signing --> Done : SignFailed
  Signing --> Submitting : TransactionSigned
  Submitting --> Done : TransactionRejected
  Submitting --> Accepted : TransactionAccepted
  Accepted --> Done : TransactionPublished
  Done --> [*]

# Notes
#
# Init: Client has agency
# Building: Server has agency
# ProducingAddress: Client has agency
# Signing: Client has agency
# Submitting: Server has agency
# Accepted: Server has agency
# Done: Nobody has agency
#
# BuildTransaction:
#   - Specifies the type of transaction to construct (create, apply-inputs, withdraw)
#   - Contains necessary request parameters and context

Loading

[jhbertra]

Not sure about the terminology "published" - this is meant to be when the transaction leaves the mempool and is added to a new block.

[bwbush]

Could we use pipeline-like library components to build the protocol? As wallets become more sophisticated, we might want to defer more to them. (In some use cases we might be forced to defer to them.)

Also, how heavy will the state be, where will it be held, will it be persisted, is it resumable or undoable?

[jhbertra]

Yeah, I think that makes more sense. Build the stages of the process as a library and assemble them into a protocol for interactive tools.

[jhbertra]

For this component, I think it's worth discussing what the CLI might look like, as that could affect some of the architecture choices we make. Here's one possible API:

Contract Commands

$ marlowe contract --help
Usage: marlowe contract COMMAND

  Create and interact with Marlowe contracts

Available options:
  -h,--help                Show this help text

Available commands:
  create                   Create a new Marlowe contract
  apply-inputs             Apply inputs to a running Marlowe contract
  withdraw                 Withdraw funds from a Marlowe contract
  submit                   Submit a signed transaction to the configured node

Create Command

$ marlowe contract create --help
Usage: marlowe contract create [-i|--interactive] [-r|--role ROLE=ADDRESS]
                                [-a|--address ADDRESS] --change-address ADDRESS
                                [-s|--signing-command CMD]
                                (--core-file FILE_PATH |
                                  --contract-file FILE_PATH
                                  [
                                    [--timeout-arg PARAM=TIMEOUT |
                                      --value-arg PARAM=VALUE] |
                                    --args-file FILE_PATH])

  Create a new Marlowe contract

Available options:
  -i,--interactive         Run the command in interactive mode.
  -r,--role ROLE=ADDRESS   The name of a role in the contract with the address
                           to send the token to
  -a,--address ADDRESS     An address whose unspent tx outs can be used as
                           inputs to the transaction
  --change-address ADDRESS The address to which the change of the transaction
                           should be sent.
  -s,--signing-command CMD A command that signs the transaction.
                           It should read an unsigned tx from stdin in CBOR format and
                           write a signed tx to stdout in CBOR format, or exit with a
                           non-zero exit code on failure.

                           If not specified, this command will print the unsigned tx to
                           stdout in CBOR format without submitting anything.
                           After signing the tx with a wallet, you can submit the signed
                           tx using the
                           marlowe contract submit
                           command.

                           If specified, this command will pass the unsigned tx to the given
                           signing command, parse the output of the command, and submit the signed tx to the
                           configured Cardano Node and write the resulting contract ID to stdout.
  --core-file FILE_PATH    A file containing the Core Marlowe definition of the
                           contract to create.
  --contract-file FILE_PATH
                           A file containing the Extended Marlowe definition of
                           the contract to create.
  --timeout-arg PARAM=TIMEOUT
                           The name of a timeout parameter in the contract and a
                           value to assign to it
  --value-arg PARAM=VALUE  The name of a value parameter in the contract and a
                           value to assign to it
  --args-file FILE_PATH    A file containing the Extended Marlowe arguments to
                           apply to the contract.
  -h,--help                Show this help text

Apply Inputs Command

$ marlowe contract apply-inputs --help
Usage: marlowe contract apply-inputs
         [-i|--interactive] [-a|--address ADDRESS] --change-address ADDRESS
         [-s|--signing-command CMD] (-c|--contract CONTRACT_ID)
         ((-r|--role ROLE_NAME) | (-a|--address ADDRESS))
         [-l|--validity-lower-bound POSIX_TIMESTAMP]
         [-l|--validity-upper-bound POSIX_TIMESTAMP] [INPUT]

  Apply inputs to a running Marlowe contract

Available options:
  -i,--interactive         Run the command in interactive mode.
  -a,--address ADDRESS     An address whose unspent tx outs can be used as
                           inputs to the transaction
  --change-address ADDRESS The address to which the change of the transaction
                           should be sent.
  -s,--signing-command CMD A command that signs the transaction.
                           It should read an unsigned tx from stdin in CBOR format and
                           write a signed tx to stdout in CBOR format, or exit with a
                           non-zero exit code on failure.

                           If not specified, this command will print the unsigned tx to
                           stdout in CBOR format without submitting anything.
                           After signing the tx with a wallet, you can submit the signed
                           tx using the
                           marlowe contract submit
                           command.

                           If specified, this command will pass the unsigned tx to the given
                           signing command, parse the output of the command, and submit the signed tx to the
                           configured Cardano Node and write the resulting contract ID to stdout.
  -c,--contract CONTRACT_ID
                           The ID of the contract to apply the inputs to.
  -r,--role ROLE_NAME      The name of the role applying the inputs.
  -a,--address ADDRESS     The address applying the inputs.
  -l,--validity-lower-bound POSIX_TIMESTAMP
                           The lower bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  -l,--validity-upper-bound POSIX_TIMESTAMP
                           The upper bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  INPUT                    An input to apply (as a JSON string)
  -h,--help                Show this help text

Deposit Command

$ marlowe contract deposit --help
Usage: marlowe contract deposit [-i|--interactive] [-a|--address ADDRESS]
                                 --change-address ADDRESS
                                 [-s|--signing-command CMD]
                                 (-c|--contract CONTRACT_ID)
                                 [-l|--validity-lower-bound POSIX_TIMESTAMP]
                                 [-l|--validity-upper-bound POSIX_TIMESTAMP]
                                 (--from-role ROLE_NAME |
                                   --from-address ADDRESS)
                                 (--to-role ROLE_NAME | --to-address ADDRESS)
                                 ((-c|--currency MINTING_POLICY_ID)
                                   (-n|--token-name TOKEN_NAME)
                                   (-q|--quantity INTEGER) |
                                   (-l|--lovelace INTEGER))

  Deposit funds into an account in a contract

Available options:
  -i,--interactive         Run the command in interactive mode.
  -a,--address ADDRESS     An address whose unspent tx outs can be used as
                           inputs to the transaction
  --change-address ADDRESS The address to which the change of the transaction
                           should be sent.
  -s,--signing-command CMD A command that signs the transaction.
                           It should read an unsigned tx from stdin in CBOR format and
                           write a signed tx to stdout in CBOR format, or exit with a
                           non-zero exit code on failure.

                           If not specified, this command will print the unsigned tx to
                           stdout in CBOR format without submitting anything.
                           After signing the tx with a wallet, you can submit the signed
                           tx using the
                           marlowe contract submit
                           command.

                           If specified, this command will pass the unsigned tx to the given
                           signing command, parse the output of the command, and submit the signed tx to the
                           configured Cardano Node and write the resulting contract ID to stdout.
  -c,--contract CONTRACT_ID
                           The ID of the contract to apply the inputs to.
  -l,--validity-lower-bound POSIX_TIMESTAMP
                           The lower bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  -l,--validity-upper-bound POSIX_TIMESTAMP
                           The upper bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  --from-role ROLE_NAME    The name of the role depositing funds.
  --from-address ADDRESS   The address depositing funds.
  --to-role ROLE_NAME      The name of the role into whose account to deposit
                           the funds.
  --to-address ADDRESS     The address into whose account to deposit the funds.
  -c,--currency MINTING_POLICY_ID
                           The minting policy ID of the token(s) to deposit.
  -n,--token-name TOKEN_NAME
                           The token name of the token(s) to deposit.
  -q,--quantity INTEGER    The number of tokens to deposit
  -l,--lovelace INTEGER    The number of lovelace to deposit
  -h,--help                Show this help text

Choose Command

$ marlowe contract choose --help
Usage: marlowe contract choose [-i|--interactive] [-a|--address ADDRESS]
                                --change-address ADDRESS
                                [-s|--signing-command CMD]
                                (-c|--contract CONTRACT_ID)
                                [-l|--validity-lower-bound POSIX_TIMESTAMP]
                                [-l|--validity-upper-bound POSIX_TIMESTAMP]
                                (--role ROLE_NAME | --address ADDRESS)
                                --choice CHOICE_ID --value INTEGER

  Make a choice in a contract

Available options:
  -i,--interactive         Run the command in interactive mode.
  -a,--address ADDRESS     An address whose unspent tx outs can be used as
                           inputs to the transaction
  --change-address ADDRESS The address to which the change of the transaction
                           should be sent.
  -s,--signing-command CMD A command that signs the transaction.
                           It should read an unsigned tx from stdin in CBOR format and
                           write a signed tx to stdout in CBOR format, or exit with a
                           non-zero exit code on failure.

                           If not specified, this command will print the unsigned tx to
                           stdout in CBOR format without submitting anything.
                           After signing the tx with a wallet, you can submit the signed
                           tx using the
                           marlowe contract submit
                           command.

                           If specified, this command will pass the unsigned tx to the given
                           signing command, parse the output of the command, and submit the signed tx to the
                           configured Cardano Node and write the resulting contract ID to stdout.
  -c,--contract CONTRACT_ID
                           The ID of the contract to apply the inputs to.
  -l,--validity-lower-bound POSIX_TIMESTAMP
                           The lower bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  -l,--validity-upper-bound POSIX_TIMESTAMP
                           The upper bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  --role ROLE_NAME         The name of the role making the choice.
  --address ADDRESS        The address making the choice.
  --choice CHOICE_ID       The ID of the choice being made.
  --value INTEGER          The integer value being chosen.
  -h,--help                Show this help text

Notify Command

$ marlowe contract notify --help
Usage: marlowe contract notify [-i|--interactive] [-a|--address ADDRESS]
                                --change-address ADDRESS
                                [-s|--signing-command CMD]
                                (-c|--contract CONTRACT_ID)
                                [-l|--validity-lower-bound POSIX_TIMESTAMP]
                                [-l|--validity-upper-bound POSIX_TIMESTAMP]

  Continue execution of a contract awaiting a 'notify' input.

Available options:
  -i,--interactive         Run the command in interactive mode.
  -a,--address ADDRESS     An address whose unspent tx outs can be used as
                           inputs to the transaction
  --change-address ADDRESS The address to which the change of the transaction
                           should be sent.
  -s,--signing-command CMD A command that signs the transaction.
                           It should read an unsigned tx from stdin in CBOR format and
                           write a signed tx to stdout in CBOR format, or exit with a
                           non-zero exit code on failure.

                           If not specified, this command will print the unsigned tx to
                           stdout in CBOR format without submitting anything.
                           After signing the tx with a wallet, you can submit the signed
                           tx using the
                           marlowe contract submit
                           command.

                           If specified, this command will pass the unsigned tx to the given
                           signing command, parse the output of the command, and submit the signed tx to the
                           configured Cardano Node and write the resulting contract ID to stdout.
  -c,--contract CONTRACT_ID
                           The ID of the contract to apply the inputs to.
  -l,--validity-lower-bound POSIX_TIMESTAMP
                           The lower bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  -l,--validity-upper-bound POSIX_TIMESTAMP
                           The upper bound of the transaction validity interval.
                           If not specified, this value is determined from the
                           contract.
  -h,--help                Show this help text

Submit Command

$ marlowe contract submit --help
Usage: marlowe contract submit

  Submit a signed transaction to the configured node. Reads a CBOR-encoded
  signed tx from stdin

Available options:
  -h,--help                Show this help text

Withdraw Command

marlowe contract withdraw --help
Usage: marlowe contract withdraw [-i|--interactive] [-a|--address ADDRESS]
                                  --change-address ADDRESS
                                  [-s|--signing-command CMD]
                                  (-r|--role ROLE_NAME)

  Withdraw funds from one or more role in a Marlowe contract

Available options:
  -i,--interactive         Run the command in interactive mode.
  -a,--address ADDRESS     An address whose unspent tx outs can be used as
                           inputs to the transaction
  --change-address ADDRESS The address to which the change of the transaction
                           should be sent.
  -s,--signing-command CMD A command that signs the transaction.
                           It should read an unsigned tx from stdin in CBOR format and
                           write a signed tx to stdout in CBOR format, or exit with a
                           non-zero exit code on failure.

                           If not specified, this command will print the unsigned tx to
                           stdout in CBOR format without submitting anything.
                           After signing the tx with a wallet, you can submit the signed
                           tx using the
                           marlowe contract submit
                           command.

                           If specified, this command will pass the unsigned tx to the given
                           signing command, parse the output of the command, and submit the signed tx to the
                           configured Cardano Node and write the resulting contract ID to stdout.
  -r,--role ROLE_NAME      The name of the role from which to withdraw funds.
  -h,--help                Show this help text

[jhbertra]

I think we'd want to be able to run Core-only contracts that don't have Extended Marlowe equivalents, so maybe --contract-file would be optional.

That was the intent, actually. The CLI options define this as

contractOptions = coreContractOption <|> extendedContractOptions

so the CLI would either allow one to specify an extended contract file + arguments, or a core contract file. The output of optparse-applicative perhaps doesn't communicate this as clearly as it could however.

These command will need awareness of the network (or connection to something that is aware of it) because the SlotConfig parameters will be needed for the POSIX to slot conversions.

What I've done in History for this is I've passed a SlotConfig record into it as a dependency. It queries the slot config from the query API of chainseekd in main as part of bootstrapping the processes.

We need to support applying multiple inputs in a single transaction. This important for some use cases, not just for saving transaction fees.

The command for this would be marlowe contract apply-inputs which accepts variadic inputs as arguments.

The validity bounds are required for applying inputs, but not needed for creation or withdrawal

Yup, these aren't included in those commands.

We should discussion whether we want this CLI to conform to the conventions (good or bad) of cardano-cli or whether we should just do what makes most sense.

Which conventions are these?

I especially like --signing-command, but fear it might not be general enough. Should we have --signing-method or --signing-plugin or something, where command-based signing is just one option. Depending upon how we approach wallet integration, we may have to refactor the signing interface.

Yeah, the signing interface is the most awkward part here. I think signing-command may be general enough, but might be incredibly awkward in some circumstances... so I think this is something where we'll want to do a survey of the different wallets to see what the most natural interface would be.

In general, more than one role could cooperate to create a transaction that applies inputs authorized by all of them. (This is the "multisig case".) Do we want to support this edge case?

Yeah, and to that point I think it makes no sense for the apply-inputs command to have a --role option. The roles needed to sign the transaction should be inferrable from the inputs.

[jhbertra]

Regarding the signing, I wonder if we could even have the CLI open an editor like vim with the unsigned transaction in the buffer beneath a fold, and have the user paste the signed transaction above the fold (like how git commit works):

<user pastes signed tx CBOR here>
---
# Use a wallet to sign the following unsigned transaction and paste the signed transaction above the fold. Then save and quit to continue.
<unsigned tx CBOR...>

[bwbush]

Which conventions are these?

cardano-cli transaction build --help will show the conventions relevant to us. For example, cardano-cli uses --invalid-before and --invalid-hereafter, but the proposal above uses --validity-lower-bound and --validity-upper-bound. I'm okay with either: it sort of depends upon whether we want to be Marlowe-centric or Cardano-centric, though using non-Cardano terminology may confuse some developers.

[bwbush]

Would this proposed interface support interleaving a deposit, a notify, and a choice in a single transaction? We have sometimes used that capability in contracts that we've run with marlowe-cli run prepare, which supports an arbitrary sequence of (deposit | choice | notify)*:

$ marlowe-cli run prepare --help
Usage: marlowe-cli run prepare --marlowe-file MARLOWE_FILE 
                               [--deposit-account PARTY --deposit-party PARTY 
                                 [--deposit-token TOKEN]
                                 --deposit-amount INTEGER |
                                 --choice-name NAME --choice-party PARTY
                                 --choice-number INTEGER |
                                 --notify] --invalid-before POSIX_TIME
                               --invalid-hereafter POSIX_TIME 
                               [--out-file OUTPUT_FILE] [--print-stats]

  Prepare the next step of a Marlowe contract and write the output to a JSON
  file.

Available options:
  --marlowe-file MARLOWE_FILE
                           JSON input file for the Marlowe state and contract.
  --deposit-account PARTY  The account for the deposit.
  --deposit-party PARTY    The party making the deposit.
  --deposit-token TOKEN    The token being deposited, if not Ada.
  --deposit-amount INTEGER The amount of token being deposited.
  --choice-name NAME       The name of the choice made.
  --choice-party PARTY     The party making the choice.
  --choice-number INTEGER  The number chosen.
  --notify                 Notify the contract.
  --invalid-before POSIX_TIME
                           Minimum time for the input, in POSIX milliseconds.
  --invalid-hereafter POSIX_TIME
                           Maximum time for the input, in POSIX milliseconds.
  --out-file OUTPUT_FILE   JSON output file for contract.
  --print-stats            Print statistics.
  -h,--help                Show this help text

[jhbertra]

RE cardano-cli conventions:

I think it makes sense to adopt existing conventions.

RE arbitrary sequences of inputs:

That is the idea of the apply-inputs command, though the interface is definitely up for debate! Something like what marlowe-cli prepare uses may be better.

[bwbush]

@jhbertra, @paluh, @dino-iog: here is an complete implementation of a coin selection algorithm for Marlowe transactions. The code is not tidy, but it is fully documented and provides a recipe that could be refactored into a clean implementation:

marlowe-cardano/marlowe-cli/src/Language/Marlowe/CLI/Transaction.hs

Lines 1059 to 1185 in cd66f37

	-- | Build a non-Marlowe transaction that cleans an address.
	selectCoins :: MonadError CliError m
	=> MonadIO m
	=> MonadReader (CliEnv era) m
	=> LocalNodeConnectInfo CardanoMode -- ^ The connection info for the local node.
	-> Value -- ^ The value of the input from the script, if any.
	-> [(AddressInEra era, Maybe Datum, Value)] -- ^ The transaction outputs.
	-> Maybe (PayToScript era) -- ^ Otherwise unlisted outputs to the script address.
	-> AddressInEra era -- ^ The change address.
	-> m (TxIn, [TxIn], [(AddressInEra era, Maybe Datum, Value)]) -- ^ Action select the collateral, inputs, and outputs.
	selectCoins connection inputs outputs pay changeAddress =
	do
	-- Find the UTxOs that we have to work with.
	utxos <-
	fmap (M.toList . unUTxO)
	. queryInEra connection
	. QueryUTxO
	. QueryUTxOByAddress
	. S.singleton
	$ toAddressAny' changeAddress
	-- Fetch the protocol parameters
	protocol <- queryInEra connection QueryProtocolParameters
	-- We want to consume as few UTxOs as possible, in order to keep the script context smaller.
	let
	-- Extract the value of a UTxO.
	txOutToValue (TxOut _ value _ _) = txOutValueToValue value
	-- Compute the value of all of the available UTxOs.
	universe = foldMap (txOutToValue . snd) utxos
	-- Bound the possible fee.
	fee = lovelaceToValue $ 2 * maximumFee protocol
	-- Test whether value only contains lovelace.
	onlyLovelace value = lovelaceToValue (selectLovelace value) == value
	-- Select the collateral.
	collateral <-
	case filter (\candidate -> let value = txOutToValue $ snd candidate in onlyLovelace value && selectLovelace value >= selectLovelace fee) utxos of
	utxo : _ -> pure $ fst utxo
	[] -> throwError . CliError $ "No collateral found in " <> show utxos <> "."
	-- Bound the lovelace that must be included with change
	minUtxo <-
	(<>) <$> findMinUtxo protocol (changeAddress, Nothing, universe) -- Output to native tokens.
	<*> findMinUtxo protocol (changeAddress, Nothing, mempty ) -- Pure lovelace to change address.
	let
	-- Compute the value of the outputs.
	outgoing = foldMap (\(_, _, value) -> value) outputs <> maybe mempty PayToScript.value pay
	-- Find the net additional input that is needed.
	incoming = outgoing <> fee <> minUtxo <> negateValue inputs
	-- Remove the lovelace from a value.
	deleteLovelace value = value <> negateValue (lovelaceToValue $ selectLovelace value)
	-- Compute the excess and missing tokens in a value.
	matchingCoins required candidate =
	let
	delta =
	fmap snd
	. valueToList
	. deleteLovelace
	$ candidate <> negateValue required
	excess = length $ filter (> 0) delta
	deficit = length $ filter (< 0) delta
	in
	(excess, deficit)
	-- Ensure that coin selection for tokens is possible.
	unless (snd (matchingCoins incoming universe) == 0)
	. throwError
	. CliError
	$ "Insufficient tokens available for coin selection: "
	<> show incoming <> " required, but " <> show universe <> " available."
	-- Ensure that coin selection for lovelace is possible.
	unless (selectLovelace incoming <= selectLovelace universe)
	. throwError
	. CliError
	$ "Insufficient lovelace available for coin selection: "
	<> show incoming <> " required, but " <> show universe <> " available."
	-- Satisfy the native-token requirements.
	let
	-- Sort the UTxOs by their deficit, excess, and lovelace in priority order.
	priority required candidate =
	let
	candidate' = txOutToValue $ snd candidate
	(excess, deficit) = matchingCoins required candidate'
	notOnlyLovelace = not $ onlyLovelace candidate'
	insufficientLovelace = selectLovelace candidate' < selectLovelace required
	in
	(
	deficit -- It's most important to not miss any required coins,
	, excess -- but we don't want extra coins;
	, notOnlyLovelace -- prefer lovelace-only UTxOs if there is no deficit,
	, insufficientLovelace -- and prefer UTxOs with sufficient lovelace.
	)
	-- Use a simple greedy algorithm to select coins.
	select _ [] = [] --
	select required candidates =
	let
	-- Choose the best UTxO from the candidates.
	next = minimumBy (compare `on` priority required) candidates
	-- Determine the remaining candidates.
	candidates' = delete next candidates
	-- Ignore negative quantities.
	filterPositive = valueFromList . filter ((> 0) . snd) . valueToList
	-- Compute the remaining requirement.
	required' = filterPositive $ required <> negateValue (txOutToValue $ snd next)
	in
	-- Decide whether to continue.
	if required' == mempty
	-- The requirements have been met.
	then pure next
	-- The requirements have not been met.
	else next : select required' candidates'
	-- Select the coins.
	selection = select incoming utxos
	-- Compute the native token change, if any.
	change =
	deleteLovelace
	$ (mconcat $ txOutToValue . snd <$> selection)
	<> negateValue incoming
	-- Compute the change that contains native tokens used for balancing, omitting ones explicitly specified in the outputs.
	output <-
	if change == mempty
	then pure []
	else (: []) <$> ensureMinUtxo protocol (changeAddress, Nothing, change)
	-- Return the coin selection.
	pure
	(
	collateral
	, fst <$> selection
	, outputs <> output
	)
	-- FIXME: There are pathological failures that could happen if there are very many native tokens.

Here are closely related artifacts:

1. On the SCP-4417 branch for PR240, the marlowe-cli run auto-execute and marlowe-cli run auto-withdraw command behave exactly as marlowe-cli run execute and marlowe-cli run withdraw except that one does not supply any --tx-in or --tx-out because coin selection is automatic.
2. Language.Marlowe.CLI.Run.autoRunTransaction uses selectCoins to balance a Marlowe create or apply-inputs.
3. Language.Marlowe.CLI.Run.autoRunWithdraw uses selectCoins to balance a Marlowe payout redemption.
4. Jupyter notebooks for the Swap and Zero-Coupon Bond contracts show coin selection working on the preview network and act as test cases.

[bwbush]

Sketch for signature of coin-selection pure function, in terms of Cardano.Api types:

selectCoins :: UTxO                                  -- ^ The inputs that the transaction must spend.
            -> [TxOut CtxTx era]                     -- ^ The outputs that the transaction must produce.
            -> UTxO                                  -- ^ The additional inputs that may be spent by coin selection.
            -> Lovelace                              -- ^ The minimum required excess Lovelace for fee and change.
            -> (TxOut CtxTx era -> TxOut CtxTx era)  -- ^ Function that adjusts an output to conform to the minimum-UTxO ledger rule.
            -> Either
                 e                                   -- ^ Report an error.
                 (
                   Maybe TxIn                        -- ^ Suitable collateral. (This would be more complex for Babbage.)
                 , [TxIn]                            -- ^ The inputs selected for spending, along with the required ones.
                 , [TxOut CtxTx era]                 -- ^ The outputs of the transaction, both selected and required.
                 , Lovelace                          -- ^ The excess Lovelace for fee and change: i.e., the difference between spending and production.
                 )

[jhbertra]

(TxOut CtxTx era -> TxOut CtxTx era)  -- ^ Function that adjusts an output to conform to the minimum-UTxO ledger rule.

How come this needs to be provided as a parameter to selectCoins? Is this functionality that is determined by the caller? This seems more like a dependency that should be injected

[bwbush]

The computation depends upon the protocol parameters and the TxOut, so it seems we either need to provide the protocol parameters or a function like this.

[jhbertra]

I think passing the protocol parameters is more straightforward and less error-prone. If the min UTXO rules only depend on the protocol parameters, I don't see the benefit in giving the caller the responsibility of performing the computation.

[bwbush]

I had formulated this way because I interpreted yesterday's discussion as implying that we didn't want to pass protocol parameters. If we pass those, then we can remove the fee argument, too.

selectCoins :: ProtocolParameters     -- ^ The protocol parameters for the network.
            -> UTxO                   -- ^ The inputs that the transaction must spend.
            -> [TxOut CtxTx era]      -- ^ The outputs that the transaction must produce.
            -> UTxO                   -- ^ The additional inputs that may be spent by coin selection.
            -> Either
                 e                    -- ^ Report an error.
                 (
                   Maybe TxIn         -- ^ Suitable collateral. (This would be more complex for Babbage.)
                 , [TxIn]             -- ^ The inputs selected for spending, along with the required ones.
                 , [TxOut CtxTx era]  -- ^ The outputs of the transaction, both selected and required.
                 , Lovelace           -- ^ The excess Lovelace for fee and change: i.e., the difference between spending and production.
                 )

[jhbertra]

Ah, I think I didn't communicate my idea properly there. When I said we could hide the dependency on the protocol parameters, I meant that we could inject it via partial application. We said we wanted to inject the concrete coin selection algorithm, which means we could have the following signature which does not include the dependency on ProtocolParameters:

-- This is basically what I had in mind for "TransactionConstraints"
data CoinSelection era = CoinSelection
  { collateral :: Maybe TxIn
  , inputs :: Set TxIn
  , outputs :: [TxOut CtxTx era]
  , surplus :: Lovelace
  }
type SelectCoins :: forall era. UTxO -> [TxOut CtxTx era] -> UTxO -> Either SelectCoinsError (CoinSelection era)

And pass functions with that signature around:

somethingThatNeedsToSelectCoins
  :: CoinSelection      -- ^ The coin selection algorithm to use
  -> ...
somethingThatNeedsToSelectCoins selectCoins = ...

We would have an implementation function somewhere which does depend on ProtocolParams:

mkSelectCoins :: ProtocolParams -> SelectCoins

So to obtain a SelectCoins, we'd just need to partially apply it:

-- Somewhere in or near Main.hs when we assemble the dependencies
buildDependencies = do
  protocol <- queryInEra connection QueryProtocolParameters
  let selectCoins = mkSelectCoins protocol
  ...

Then pass that into somethingThatNeedsToSelectCoins:

somethingThatNeedsToSelectCoins selectCoins

Alternatively, we'd need to thread ProtocolParameters through the calls via arguments, or by repeatedly querying them from the Node. Since the protocol parameters never change, we can just pre-apply it and not need to access it again later.

[bwbush]

The signature for balancing is the same as Cardano.Api.makeTransactionBodyAutoBalance. We just need to define a function that performs the three-trial change computation in

marlowe-cardano/marlowe-cli/src/Language/Marlowe/CLI/Transaction.hs

Lines 669 to 715 in 8eaac78

	-- Compute the change.
	BalancedTxBody _ change _ <-
	liftCli
	$ withShelleyBasedEra era
	$ makeTransactionBodyAutoBalance
	eraInMode
	start
	history
	protocol'
	S.empty
	utxo
	TxBodyContent{..}
	changeAddress
	Nothing
	let
	-- Recompute execution units with full set of UTxOs, including change.
	trial =
	withShelleyBasedEra era $ makeTransactionBodyAutoBalance
	eraInMode
	start
	history
	protocol'
	S.empty
	utxo
	(TxBodyContent{..} {txOuts = change : txOuts})
	changeAddress
	Nothing
	-- Correct for a negative balance in cases where execution units, and hence fees, have increased.
	change' =
	case (change, trial) of
	(TxOut _ (TxOutValue _ value) _ _, Left (TxBodyErrorAdaBalanceNegative delta)) ->
	TxOut changeAddress (TxOutValue (toMultiAssetSupportedInEra era) $ value <> lovelaceToValue delta) TxOutDatumNone ReferenceScriptNone
	_ -> change
	-- Construct the body with correct execution units and fees.
	BalancedTxBody txBody _ lovelace <-
	liftCli
	$ withShelleyBasedEra era
	$ makeTransactionBodyAutoBalance
	eraInMode
	start
	history
	protocol'
	S.empty
	utxo
	(TxBodyContent{..} {txOuts = change' : txOuts, txInsReference = TxInsReferenceNone })
	changeAddress
	Nothing

.

[jhbertra]

I'm trying to organize my thoughts around these requirements and thought I'd lay some of them out here.

• It seems like in general, we have a few stages of transformation of data:
  1. We receive a request to create a transaction.
  2. We convert the request into an initial set of transaction constraints.
  3. We select UTXOs such that the total balance of the transaction constraints is non-negative.
  4. We update the outputs of the constraints such that the balance is zero.
  5. We convert the constraints into an unsigned, balanced tx body
  6. We sign the transaction
  7. We rebalance the signed transaction
  8. We submit the signed transaction
• This process has some feedback loops which we need to look out for. In particular, step 4 may result in a negative balance if adding the change tx out increases the fees, and step 6 may increase the size (and hence fees) of the transaction which would result in it needing to be re-balanced. In both cases, we need to make sure our surplus balance prior to step 5 can cover these costs, so coin selection needs to take into account how further steps may impact fees. In Brian's example, the coin selection assumes maximum fee, which is probably the easiest to start with.
• The following (loose) function signatures capture the above requirements, so there are the components we'll need to build out and test:

-- Correspond to Step 2 above
buildCreateConstraints :: CreateContractRequest -> Either CreateContractError TransactionConstraints
buildApplyInputsConstraints :: ApplyInputsRequest -> Either ApplyInputsError TransactionConstraints
buildWithdrawConstraints :: WithdrawRequest -> Either WithdrawError TransactionConstraints

-- Corresponds to step 3 above
selectCoins :: TransactionConstraints -> Either SelectCoinsError TransactionConstraints

-- Corresponds to step 4 above
balanceTransaction :: TransactionConstraints -> Either BalanceTransactionError TransactionConstraints

-- Corresponds to step 5 above
buildTransaction :: ScriptDataSupportedInEra era -> TransactionConstraints -> Either BuildTransactionError (Cardano.Api.TxBody era)

-- Corresponds to step 6 above
signTransaction :: Cardano.Api.TxBody era -> m (Either SignTransactionError (Cardano.Api.TxBody era))

-- How to best represent step 7?

In here, the TransactaionConstraints is basically a bag of all the state variables in the pipeline:

data TransactionConstraints = TransactionConstraints
  { availableUtxo :: UTxO
  , outputs :: [TxOut]
  , spentUtxo :: UTxO
  , collateral :: Maybe TxIn
  }

Or something like that. It carries both the available UTxO and the UTxO which will be consumed as input. Each stage would update this structure (we could have it as an opaque type with invariants that should always be preserved - e.g. there are no unary operations that change the total UTxO value (you can shuffle tx outs from available to spent, but neither create nor destroy them).

[jhbertra]

except for pathological Plutus scripts and extreme numbers of native tokens

Could you explain why such pathological cases would break the coin selection?

We really need to co-design the Transaction Creation and the Wallet Interface. Unless we do that, we should probably just accept some fluidity and rework regarding the signing in Transaction Creation.

Yeah, I agree we should co-design it - perhaps some pair programming would be good for this. A certain amount of rework will probably happen regardless.

[bwbush]

Could you explain why such pathological cases would break the coin selection?

1. The provisional coin-selection algorithm has one weakness: A set of candid input UTxOs that are full of native tokens in many inconvenient combinations might require having two or more native-token change outputs. The present implementation assumes that all of the native-token change will fit in a single output.
2. This is not a coin-selection deficiency, but the balancing/fee computation has one weakness: If a Plutus script exhibits non-determinism with respect to a change in just the lovelace value of the pure-ada change output in the transaction.

These two limitation don't affect practical MVM transactions and they aren't fundamental to coin selection, balancing, and fee computations. They just happen to be limitations of the current implementation.

[jhbertra]

Regarding an API for TransactionConstraints, here is a rough idea:

module Language.Marlowe.Runtime.Transaction where

import Data.Function (on)
import Data.Map (Map)
import Data.Set (Set)
import Language.Marlowe.Runtime.ChainSync.Api

data TransactionConstraints = TransactionConstraints
  { availableUtxos       :: Map TxOutRef TransactionOutput
  , mustProduceOutputs   :: [TransactionOutput]
  , mustConsumeInputs    :: Set TransactionInput
  , mustMintTokens       :: Tokens
  , mustUseCollateral    :: Set TransactionInput
  , mustReturnCollateral :: [TransactionOutput]
  }

instance Semigroup TransactionConstraints where
  a <> b = TransactionConstraints
    { availableUtxos = on (<>) availableUtxos a b
    , mustProduceOutputs = on (<>) mustProduceOutputs a b
    , mustConsumeInputs = on (<>) mustConsumeInputs a b
    , mustMintTokens = on (<>) mustMintTokens a b
    , mustUseCollateral = on (<>) mustUseCollateral a b
    , mustReturnCollateral = on (<>) mustReturnCollateral a b
    }

instance Monoid TransactionConstraints where
  mempty = TransactionConstraints
    { availableUtxos = mempty
    , mustProduceOutputs = mempty
    , mustConsumeInputs = mempty
    , mustMintTokens = mempty
    , mustUseCollateral = mempty
    , mustReturnCollateral = mempty
    }

-- | Determines validity of a set of constraints. Internal for testing purposes
-- only. All combinators in this module should obey the following property:
--
-- forall
--      ( f :: TransactionConstraints -> TransactionConstraints
--      , constraints :: TransactionConstraints
--      )
--      . isValid constraints == isValid (f constraints)
isValid :: TransactionConstraints -> Bool
isValid constraints = inputsFromAvailable constraints
  && collateralFromAvailable constraints
  && notNegative (balance constraints)
  && notNegative (collateralBalance constraints)

-- | Add new UTXOs to the set of available UTXOs
addAvailableUtxos :: Map TxOutRef TransactionOutput -> TransactionConstraints -> TransactionConstraints
addAvailableUtxos = undefined

-- | Get the total balance of the constraints (available UTXO balance minus
-- outputs).
balance :: TransactionConstraints -> Assets
balance = undefined

-- | Get the total balance ot the collateral in the constraints (available UTXO
-- balance minus collateral returns).
collateralBalance :: TransactionConstraints -> Assets
collateralBalance = undefined

-- | Get the balance of the transaction inputs and outputs of the constraints
txBalance :: TransactionConstraints -> Assets
txBalance = undefined

-- | Spend the request UTxO if it is available to be spent
spendUtxo :: TxOutRef -> TransactionConstraints -> Maybe TransactionConstraints
spendUtxo = undefined

-- | Append the given output to the outputs of the constraints, provided there
-- are sufficient available funds to do so
produceOutput :: TransactionOutput -> TransactionConstraints -> Maybe TransactionConstraints
produceOutput = undefined

-- | Use the requested UTxO as collateral if it is available to be spent
useCollateral :: TxOutRef -> TransactionConstraints -> Maybe TransactionConstraints
useCollateral = undefined

-- | Append the given output to the collateral returns, provided there
-- are sufficient available funds to do so
returnCollateral :: TransactionOutput -> TransactionConstraints -> Maybe TransactionConstraints
returnCollateral = undefined

[jhbertra]

Or, perhaps this more monoid-centric API makes a little more sense:

module Language.Marlowe.Runtime.Transaction where

import Data.Function (on)
import Data.Map (Map)
import Data.Set (Set)
import qualified Data.Set as Set
import Language.Marlowe.Runtime.ChainSync.Api
import Cardano.Api (IsShelleyBasedEra, EraHistory, TxBody)
import Cardano.Api.Byron (EraInMode)
import Cardano.Api.Shelley (PoolId, ProtocolParameters)

data TransactionConstraints = TransactionConstraints
  { availableUtxos              :: Map TxOutRef TransactionOutput
  , mustProduceOutputs          :: [TransactionOutput]
  , mustConsumeInputs           :: Set (TxOutRef, Maybe Redeemer)
  , mustMintTokens              :: Tokens
  , mustSendCollateralInputs    :: Set TxOutRef
  , mustReturnCollateralOutputs :: [TransactionOutput]
  }

instance Semigroup TransactionConstraints where
  a <> b = TransactionConstraints
    { availableUtxos = on (<>) availableUtxos a b
    , mustProduceOutputs = on (<>) mustProduceOutputs a b
    , mustConsumeInputs = on (<>) mustConsumeInputs a b
    , mustMintTokens = on (<>) mustMintTokens a b
    , mustSendCollateralInputs = on (<>) mustSendCollateralInputs a b
    , mustReturnCollateralOutputs = on (<>) mustReturnCollateralOutputs a b
    }

instance Monoid TransactionConstraints where
  mempty = TransactionConstraints
    { availableUtxos = mempty
    , mustProduceOutputs = mempty
    , mustConsumeInputs = mempty
    , mustMintTokens = mempty
    , mustSendCollateralInputs = mempty
    , mustReturnCollateralOutputs = mempty
    }

-- | The resulting transaction may spend the given UTXOs as either inputs or
-- collateral.
maySpendUtxos :: Map TxOutRef TransactionOutput -> TransactionConstraints
maySpendUtxos utxos = mempty { availableUtxos = utxos }

-- | The resulting transaction will use the given UTXO as an input.
mustSpendUtxo :: TxOutRef -> Maybe Redeemer -> TransactionConstraints
mustSpendUtxo txOutRef redeemer = mempty { mustConsumeInputs = Set.singleton (txOutRef, redeemer) }

-- | The resulting transaction will produce the given output as an input. Order
-- of outputs is determined by the order in which constraints are appended.
mustProduceOutput :: TransactionOutput -> TransactionConstraints
mustProduceOutput output = mempty { mustProduceOutputs = [output] }

-- | The resulting transaction will use the given UTxO as collateral.
mustSendCollateral :: TxOutRef -> TransactionConstraints
mustSendCollateral input = mempty { mustSendCollateralInputs = Set.singleton input }

-- | The resulting transaction will return the given collateral outputs.
mustReturnCollateral :: TransactionOutput -> TransactionConstraints
mustReturnCollateral output = mempty { mustReturnCollateralOutputs = [output] }

-- | Solve the given transaction constraints such that the resulting transaction is balanced.
-- This is to say that feeding the resulting 'TxBody' back into 'Cardano.Api.makeTransactionBodyAutoBalance'
-- would produce a 'BalancedTxBody' in which the change output is zero.
solveConstraints
  :: forall era mode
   . IsShelleyBasedEra era
  => EraInMode era mode
  -> SystemStart
  -> EraHistory mode
  -> ProtocolParameters
  -> AddressInEra era  -- ^ the change address to send any surplus balance
  -> TransactionConstraints
  -> Either SolveConstraintsError (TxBody era)
solveConstraints = ...

[jhbertra]

This would result in the following APIs:

buildCreateConstraints :: CreateContractRequest -> Either CreateContractError TransactionConstraints
buildApplyInputsConstraints :: ApplyInputsRequest -> Either ApplyInputsError TransactionConstraints
buildWithdrawConstraints :: WithdrawRequest -> Either WithdrawError TransactionConstraints

-- Corresponds to step 3 above
selectCoins :: ProtocolParameters -> TransactionConstraints -> Either SelectCoinsError TransactionConstraints

-- Corresponds to steps 4 + 5 above
solveConstraints
  :: forall era mode
   . IsShelleyBasedEra era
  => EraInMode era mode
  -> SystemStart
  -> EraHistory mode
  -> ProtocolParameters
  -> AddressInEra era  -- ^ the change address to send any surplus balance
  -> TransactionConstraints
  -> Either SolveConstraintsError (TxBody era)

[jhbertra]

Some ideas for the wallet interface:

• The wallet interface is a function that takes an unsigned (or partially signed) transaction body and returns a signed transaction.
• It could also be a function that takes an unsigned (or partially signed) transaction body and returns a key witness set (this is the same API that CIP-30 uses).
• The runtime could just spit out an unsigned tx CBOR blob. The submit command could read the signed tx and submit it to the node. CLIs could hide some of this away with interactive modes, or by opening up HTML documents to interact with Lace or CIP-30 wallets, or by making a request to a cardano-wallet instance. The web server could represent this as a series of HATEOS-driven REST calls (e.g., POST /contracts would return a JSON payload with the unsigned tx CBOR + a URI to POST the signed tx CBOR to submit it, which would return a JSON payload with the contract id + a URI to GET the progress of the submission), which 3rd party apps could use to build out their own workflows and integrate different wallet backends.

[bwbush]

wallet interface is a function

We also need to query the wallet interface for the list of addresses whose unspent UTxOs we can use.

this is the same API that CIP-30 uses

Yes, as close to CIP-30 as possible. I think CIP-30 should be the primary interface and we can adapt to handle cardano-wallet and cardano-cli.

The runtime could just spit out an unsigned tx CBOR blob

We probably should wrap the CBOR in the standard JSON text envelope that Cardano.Api provides. That is directly compatible with cardano-cli transaction submit and the JSON tags the era involved, which may be useful for other submission methods.

[jhbertra]

From an architectural perspective, I'm starting to think the runtime component should take the protocol-based approach mentioned above, with the client filling the roles of A) providing wallet addresses and B) delegating transaction signing. This decouples the wallet from the runtime very effectively, allowing consumers to plug in the wallet backend of their choice. From the perspective of the CLI, providing explicit signing key files (like the marlowe-cli does) may be the best approach, as launching web browser windows from a CLI is awkward to say the least. I also think wallet integration is more of a concern for DApps than the CLI, which can afford to be a bit more low-level. This is still highly debatable though, and I don't think we need to make a clear decision yet on how the CLI will interact with wallets so long as we have a clear picture of how the runtime will obtain the information via its API.

I arrived at this point of view by imagining things from the perspective of a 3rd party app using the runtime: if I want to be able to integrate the wallet of my choice into my DApp, I don't want to be limited by the fact that I'm using the Marlowe Runtime and have to go through it to integrate the wallet. Instead, I'd want to be able to provide the wallet data the runtime asks for by querying it from the wallet myself.

[hrajchert]

as launching web browser windows from a CLI is awkward to say the least.

I don't think that is awkward at all, I've seen it done for different applications. You can either launch a website directly or just say please connect to http://localhost:xxx. If you use a modern terminal that will be an hyperlink.

[jhbertra]

I am certainly open to exploring it!

[jhbertra]

I was trying to create a sequence diagram to represent the various interactions between components and quickly realized that having this as a long-running stateful protocol was going to result in a lot of unnecessary complexity. Instead, I've modelled the core transaction submission API as a set of commands. This is functionally equivalent to the protocol approach, except that the state is represented via the intermediate arguments and results, making the runtime process stateless. The idea is to expose these commands via a Job protocol server. The following definitions represent the Runtime's interface for transaction creation.

-- | The low-level runtime API for building and submitting transactions.
data MarloweTxCommand status err result where
  -- | Construct a transaction that starts a new Marlowe contract. The
  -- resulting, unsigned transaction can be signed via the cardano API or a
  -- wallet provider. When signed, the 'Submit' command can be used to submit
  -- the transaction to the attached Cardano node.
  Create
    :: IsShelleyBasedEra era
    => MarloweVersion v
    -- ^ The Marlowe version to use
    -> WalletAddresses
    -- ^ The wallet addresses to use when constructing the transaction
    -> Map TokenName Address
    -- ^ The initial distribution of role tokens
    -> Map Int Aeson.Value
    -- ^ Optional metadata to attach to the transaction
    -> Contract v
    -- ^ The contract to run
    -> MarloweTxCommand Void CreateError
        ( ContractId -- The ID of the contract (tx output that carries the datum)
        , TxBody era -- The unsigned tx body, to be signed by a wallet.
        )

  -- | Construct a transaction that advances an active Marlowe contract by
  -- applying a sequence of inputs. The resulting, unsigned transaction can be
  -- signed via the cardano API or a wallet provider. When signed, the 'Submit'
  -- command can be used to submit the transaction to the attached Cardano node.
  ApplyInputs
    :: IsShelleyBasedEra era
    => MarloweVersion v
    -- ^ The Marlowe version to use
    -> WalletAddresses
    -- ^ The wallet addresses to use when constructing the transaction
    -> ContractId
    -- ^ The ID of the contract to apply the inputs to.
    -> Maybe UTCTime
    -- ^ The "invalid before" bound of the validity interval. If omitted, this
    -- is computed from the contract.
    -> Maybe UTCTime
    -- ^ The "invalid hereafter" bound of the validity interval. If omitted, this
    -- is computed from the contract.
    -> Core.Redeemer v
    -- ^ The inputs to apply.
    -> MarloweTxCommand Void ApplyInputsError
        ( TxBody era -- The unsigned tx body, to be signed by a wallet.
        )

  -- | Construct a transaction that withdraws available assets from an active
  -- Marlowe contract for a set of roles in the contract. The resulting,
  -- unsigned transaction can be signed via the cardano API or a wallet
  -- provider. When signed, the 'Submit' command can be used to submit the
  -- transaction to the attached Cardano node.
  Withdraw
    :: IsShelleyBasedEra era
    => MarloweVersion v
    -- ^ The Marlowe version to use
    -> WalletAddresses
    -- ^ The wallet addresses to use when constructing the transaction
    -> ContractId
    -- ^ The ID of the contract to withdraw assets from.
    -> Set TokenName
    -- ^ The names of the roles whose assets to withdraw.
    -> MarloweTxCommand Void WithdrawError
        ( TxBody era -- The unsigned tx body, to be signed by a wallet.
        )

  -- | Submits a signed transaction to the attached Cardano node.
  --
  -- NOTE While the intended use for this command is to submit the transactions
  -- created with the other commands in this API, it is in fact a
  -- general-purpose API for submitting any signed transaction to the node via
  -- the Runtime... such use would technically be abuse of the Runtime, as
  -- such, I am wondering if this opens up potential vulnerabilities.
  Submit
    :: IsShelleyBasedEra era
    => Tx era
    -- ^ A signed transaction to submit
    -> MarloweTxCommand
        SubmitStatus -- This job reports the status of the tx submission, which can take some time.
        SubmitError
        BlockHeader  -- The block header of the block this transaction was added to.

data WalletAddresses = WalletAddresses
  { changeAddress  :: Address
  , extraAddresses :: Address
  }

data CreateError
data ApplyInputsError
data WithdrawError
data SubmitError

data SubmitStatus
  = Submitting
  | Submitted
  | Accepted

[bwbush]

I'm clarifying that in

data TransactionConstraints = TransactionConstraints
  { availableUtxos              :: Map TxOutRef TransactionOutput
  , mustProduceOutputs          :: [TransactionOutput]
  , mustConsumeInputs           :: Set (TxOutRef, Maybe Redeemer)
  , mustMintTokens              :: Tokens
  , mustSendCollateralInputs    :: Set TxOutRef
  , mustReturnCollateralOutputs :: [TransactionOutput]
  }

1. The type TransactionOutput is from Runtime, not from Semantics.
2. Tokens contains the count of tokens.
3. availableUtxos could be here or in a function argument.
4. Could the two collateral fields be replaced by availableCollateralUtxos, either in this type or as a function argument, either a Set TxOutRef or Maybe (Set TxOutRef), where the latter indicates no preference?
5. This lacks a mustIncludeMetadata.
6. It also lacks a `mustBeSignedBy :: Set PubKeyHash.

[jhbertra]

Here's a new version of TransactionConstraints based on the discussion points above

module Language.Marlowe.Runtime.Transaction.Constraints where

import Cardano.Api (AddressInEra, EraHistory, IsShelleyBasedEra, ScriptDataSupportedInEra, TxBody)
import Cardano.Api.Byron (EraInMode)
import Cardano.Api.Shelley (PoolId, ProtocolParameters)
import qualified Data.Aeson as Aeson
import Data.Function (on)
import Data.Map (Map)
import Data.Set (Set)
import qualified Data.Set as Set
import Language.Marlowe.Runtime.ChainSync.Api

data TransactionConstraints = TransactionConstraints
  { requiredOutputs    :: [TransactionOutput]
  , requiredInputs     :: Set (TxOutRef, Maybe Redeemer)
  , mints              :: Tokens
  , requiredMetadata   :: Map Int Aeson.Value
  , requiredSignatures :: Set PaymentKeyHash
  }

instance Semigroup TransactionConstraints where
  a <> b = TransactionConstraints
    { requiredOutputs = on (<>) requiredOutputs a b
    , requiredInputs = on (<>) requiredInputs a b
    , mints = on (<>) mints a b
    , requiredMetadata = on (<>) requiredMetadata a b
    , requiredSignatures = on (<>) requiredSignatures a b
    }

instance Monoid TransactionConstraints where
  mempty = TransactionConstraints
    { requiredOutputs = mempty
    , requiredInputs = mempty
    , mints = mempty
    , requiredMetadata = mempty
    , requiredSignatures = mempty
    }

-- | The resulting transaction will use the given UTXO as an input.
mustSpendUtxo :: TxOutRef -> Maybe Redeemer -> TransactionConstraints
mustSpendUtxo txOutRef redeemer = mempty { requiredInputs = Set.singleton (txOutRef, redeemer) }

-- | The resulting transaction will produce the given output as an input. Order
-- of outputs is determined by the order in which constraints are appended.
mustProduceOutput :: TransactionOutput -> TransactionConstraints
mustProduceOutput output = mempty { requiredOutputs = [output] }

-- | The resulting transaction will mint the specified tokens.
mustMintTokens :: Tokens -> TransactionConstraints
mustMintTokens mints = mempty { mints = mints }

-- | The resulting transaction will include the specified metadata at the
-- specified index.
mustIncludeMetadata :: Map Int Aeson.Value -> TransactionConstraints
mustIncludeMetadata metadata = mempty { requiredMetadata = metadata }

-- | The resulting transaction requires a signature for the given payment key hash.
mustBeSignedBy :: PaymentKeyHash -> TransactionConstraints
mustBeSignedBy paymentKey = mempty { requiredSignatures = Set.singleton paymentKey }

data WalletContents era = WalletContents
  { utxos           :: Map TxOutRef TransactionOutput -- ^ All available UTXOs for the wallet
  , collateralUtxos :: Set TxOutRef -- ^ The set of UTXOs which can be used as collateral
  , changeAddress   :: AddressInEra era -- ^ The wallet's change address for sending surplus balance.
  }

-- | Solve the given transaction constraints such that the resulting transaction is balanced.
-- This is to say that feeding the resulting 'TxBody' back into 'Cardano.Api.makeTransactionBodyAutoBalance'
-- would produce a 'BalancedTxBody' in which the change output is zero.
solveConstraints
  :: forall era mode
   . ScriptDataSupportedInEra era
  -> EraInMode era mode
  -> SystemStart
  -> EraHistory mode
  -> ProtocolParameters
  -> WalletContents era
  -> TransactionConstraints
  -> Either SolveConstraintsError (TxBody era)
solveConstraints = _