Skip to content

Flexible Minting Policies for Token Standards #2559

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PhilippGackstatter merged 39 commits into from
Mar 17, 2026
Merged

Flexible Minting Policies for Token Standards #2559

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
300aece
add mint_policies
onurinanc Mar 5, 2026
b22d4f3
add mint_policy_owner_only_per_cap
onurinanc Mar 5, 2026
2a0aeb6
add ownable2step
onurinanc Mar 9, 2026
5de4a82
merge upstream/next
onurinanc Mar 9, 2026
6f1d526
merge
onurinanc Mar 9, 2026
2add1a5
separate mint policies and policy manager
onurinanc Mar 9, 2026
51f5900
Merge remote-tracking branch 'upstream/next' into onur-mint-policies
onurinanc Mar 9, 2026
a96e0bd
fix
onurinanc Mar 9, 2026
f6282ba
fix
onurinanc Mar 9, 2026
6ba27ca
rename distribute to mint
onurinanc Mar 9, 2026
6768626
Merge branch 'next' into onur-mint-policies
onurinanc Mar 10, 2026
e5e1809
fix comments
onurinanc Mar 12, 2026
d2de23c
prep merge
onurinanc Mar 12, 2026
89f1716
merge next
onurinanc Mar 12, 2026
ecb8e35
merge
onurinanc Mar 12, 2026
be94473
Merge remote-tracking branch 'origin/onur-mint-policies' into onur-mi…
onurinanc Mar 12, 2026
5dc6b6d
rename as mint_and_send
onurinanc Mar 12, 2026
c053466
fmt
onurinanc Mar 12, 2026
00dcca7
add owner controlled
onurinanc Mar 12, 2026
4ba4304
add auth_tx_controlled
onurinanc Mar 12, 2026
f9a5e17
refactor
onurinanc Mar 12, 2026
dc52903
typo
onurinanc Mar 12, 2026
688d7c4
fix name
onurinanc Mar 12, 2026
89cd101
typo
onurinanc Mar 12, 2026
984c02d
typo
onurinanc Mar 12, 2026
c643c9c
fix tests
onurinanc Mar 12, 2026
36b760e
Merge branch 'next' into onur-mint-policies
bobbinth Mar 14, 2026
f8be317
fix reviews
onurinanc Mar 16, 2026
602d17e
rename AuthTxControlled -> AuthControlled
onurinanc Mar 16, 2026
b66aeff
rerun ci
onurinanc Mar 16, 2026
0b6089a
Merge branch 'next' into onur-mint-policies
onurinanc Mar 16, 2026
4b3aef5
fix comments
onurinanc Mar 16, 2026
baa1750
Merge remote-tracking branch 'origin/onur-mint-policies' into onur-mi…
onurinanc Mar 16, 2026
9fdd4e2
apply comments
onurinanc Mar 16, 2026
7266248
Merge branch 'next' into onur-mint-policies
bobbinth Mar 16, 2026
372b5b7
Apply suggestion from @PhilippGackstatter
bobbinth Mar 16, 2026
5c32e04
add MintPolicyAuthority comments
onurinanc Mar 17, 2026
8386f14
Merge remote-tracking branch 'origin/onur-mint-policies' into
onurinanc Mar 17, 2026
bbf11c5
fix
onurinanc Mar 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
- Added `Ownable2Step` account component with two-step ownership transfer (`transfer_ownership`, `accept_ownership`, `renounce_ownership`) and `owner`, `nominated_owner` procedures ([#2292](https://github.com/0xMiden/miden-base/pull/2292)).
- Added PSM authentication procedures and integrated them into `AuthMultisig` ([#2527](https://github.com/0xMiden/protocol/pull/2527)).
- Added `CodeBuilder::with_warnings_as_errors()` to promote assembler warning diagnostics to errors ([#2558](https://github.com/0xMiden/protocol/pull/2558)).
- Added `MintPolicyConfig` for flexible minting policy enforcement ([#2559](https://github.com/0xMiden/protocol/pull/2559))
- Added `MockChain::add_pending_batch()` to allow submitting user batches directly ([#2565](https://github.com/0xMiden/protocol/pull/2565)).
- Added `create_fungible_key` for construction of fungible asset keys ([#2575](https://github.com/0xMiden/protocol/pull/2575)).
- Implemented the `on_before_asset_added_to_account` asset callback ([#2571](https://github.com/0xMiden/protocol/pull/2571)).
Expand Down
6 changes: 3 additions & 3 deletions crates/miden-agglayer/asm/agglayer/faucet/mod.masm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ proc build_p2id_output_note
mem_store.OUTPUT_NOTE_TARGET_ACCOUNT_ID_SUFFIX_PTR
mem_store.OUTPUT_NOTE_TARGET_ACCOUNT_ID_PREFIX_PTR

# store amount in memory locals for use in faucets::distribute
# store amount in memory locals for use in faucets::mint_and_send
loc_storew_be.BUILD_P2ID_AMOUNT_MEM_LOC_0 dropw loc_storew_be.BUILD_P2ID_AMOUNT_MEM_LOC_1 dropw
# => [pad(16)]

Expand Down Expand Up @@ -350,7 +350,7 @@ proc build_p2id_output_note
exec.asset_conversion::verify_u256_to_native_amount_conversion
# => [amount, tag, note_type, RECIPIENT]

exec.faucets::distribute
exec.faucets::mint_and_send
# => [pad(16)]
end

Expand Down Expand Up @@ -393,7 +393,7 @@ end
#!
#! Panics if:
#! - the rollup exit root Merkle Proof validation via FPI fails.
#! - any of the validations in faucets::distribute fail.
#! - any of the validations in faucets::mint_and_send fail.
#!
#! Invocation: call
@locals(10) # 2 for prefix and suffix, 8 for amount
Expand Down
2 changes: 1 addition & 1 deletion crates/miden-standards/asm/account_components/faucets/basic_fungible_faucet.masm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
#
# See the `BasicFungibleFaucet` Rust type's documentation for more details.

pub use ::miden::standards::faucets::basic_fungible::distribute
pub use ::miden::standards::faucets::basic_fungible::mint_and_send
pub use ::miden::standards::faucets::basic_fungible::burn
2 changes: 1 addition & 1 deletion crates/miden-standards/asm/account_components/faucets/network_fungible_faucet.masm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
#
# See the `NetworkFungibleFaucet` Rust type's documentation for more details.

pub use ::miden::standards::faucets::network_fungible::distribute
pub use ::miden::standards::faucets::network_fungible::mint_and_send
pub use ::miden::standards::faucets::network_fungible::burn
7 changes: 7 additions & 0 deletions crates/miden-standards/asm/account_components/mint_policies/auth_controlled.masm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# The MASM code of the Mint Policy Auth Controlled Account Component.
#
# See the `AuthControlled` Rust type's documentation for more details.

pub use ::miden::standards::mint_policies::auth_controlled::allow_all
pub use ::miden::standards::mint_policies::policy_manager::set_mint_policy
pub use ::miden::standards::mint_policies::policy_manager::get_mint_policy
7 changes: 7 additions & 0 deletions crates/miden-standards/asm/account_components/mint_policies/owner_controlled.masm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# The MASM code of the Mint Policy Owner Controlled Account Component.
#
# See the `OwnerControlled` Rust type's documentation for more details.

pub use ::miden::standards::mint_policies::owner_controlled::owner_only
pub use ::miden::standards::mint_policies::policy_manager::set_mint_policy
pub use ::miden::standards::mint_policies::policy_manager::get_mint_policy
Comment on lines +5 to +7
Copy link
Copy Markdown
Contributor

@bobbinth bobbinth Mar 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This works, but I wonder if it is better to have policy manager be a separate component. Basically, this would export just:

pub use ::miden::standards::mint_policies::owner_controlled::owner_only

And the policy manger would export:

pub use ::miden::standards::mint_policies::policy_manager::set_mint_policy
pub use ::miden::standards::mint_policies::policy_manager::get_mint_policy

On the Rust side, we'd have something like:

pub struct MintPolicyManager {
    authority: PolicyAuthority,
    allowed_policies: Vec<Word>, // roots of allowed policy procedures
    active_policy: Word, // root of the active policy procedure
}

impl MintPolicyManager {
    ...

    /// Sets the active mint policy procedure for the policy manager.
    ///
    /// We could also use a more specialized trait here - e.g., `impl MintPolicy`.
    pub fn with_active_policy(mut self, policy: impl Into<Word>) -> Self {
        ...
    }

    ...
}

And then, when creating a faucet account, we'd do something like:

let policy_manager = MintPolicyManager::new(...)
    .with_active_policy(OwnerControlled::owner_only());

let account = AccountBuilder::new(init_seed)
    .account_type(AccountType::FungibleFaucet)
    .storage_mode(AccountStorageMode::Network)
    .with_auth_component(auth_component)
    .with_component(NetworkFungibleFaucet::new(symbol, decimals, max_supply)?)
    .with_component(access_control)
    .with_component(policy_manager)
    .with_component(OwnerControlled::new())
    .build()
    .map_err(FungibleFaucetError::AccountError)?;

This is just a sketch - it may be better to do things a bit differently - but the overall idea is to split out policy manager into a separate component.

This does increase complexity somewhat - and we need to analyze whether it is worth it. But at least superficially, it feels like a cleaner separation of concerns.

Copy link
Copy Markdown
Collaborator Author

@onurinanc onurinanc Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for outlining it! My first idea was to separate MintPolicyManager, but it became more complex as I implemented it. Then, I decided to switch to this version of having policies tied to the policy manager. My preference is to implement this idea while designing and implementing the Role-Based Access Control as I believe we could see the bigger picture by using diffrent Access Control mechanisms than Ownable2Step. That would be also the follow-up PR for Mint Policies. What do you think?

Copy link
Copy Markdown
Contributor

@PhilippGackstatter PhilippGackstatter Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally agreed that it seems better to have a base MintPolicyManager component that can be extended in plug & play fashion with additional mint policy components.

Not a strong opinion whether we should do it in this PR or later.

Copy link
Copy Markdown
Contributor

@bobbinth bobbinth Mar 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good - let's leave this for the follow up.

19 changes: 15 additions & 4 deletions crates/miden-standards/asm/standards/faucets/basic_fungible.masm
View file
Open in desktop
Comment thread
bobbinth marked this conversation as resolved.
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
# BASIC FUNGIBLE FAUCET CONTRACT
#
# See the `BasicFungibleFaucet` documentation for details.
#
# Note: This component requires `MintPolicyManager` component to also be present in the account.
# =================================================================================================

use miden::standards::faucets
use miden::standards::mint_policies::policy_manager

# PROCEDURES
# =================================================================================================

#! Distributes freshly minted fungible assets to the provided recipient by creating a note.
#! Mints fungible assets to the provided recipient by creating a note.
#!
#! Inputs: [amount, tag, note_type, RECIPIENT, pad(9)]
#! Outputs: [note_idx, pad(15)]
Expand All @@ -22,11 +25,19 @@ use miden::standards::faucets
#! - note_idx is the index of the created note.
#!
#! Panics if:
#! - any of the validations in faucets::distribute fail.
#! - active mint policy validation fails.
#! - any of the validations in faucets::mint_and_send fail.
#!
#! Invocation: call
pub proc distribute
exec.faucets::distribute
pub proc mint_and_send
# TODO: Remove once AccountComponentInterface is refactored
# Keep this procedure digest distinct from network_fungible::mint_and_send.
push.0 drop
Comment thread
bobbinth marked this conversation as resolved.

exec.policy_manager::execute_mint_policy
# => [new_amount, new_tag, new_note_type, NEW_RECIPIENT, pad(9)]

exec.faucets::mint_and_send
# => [note_idx, pad(15)]
end

Expand Down
4 changes: 2 additions & 2 deletions crates/miden-standards/asm/standards/faucets/mod.masm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ const METADATA_SLOT_LOCAL=0
# Layout: [token_supply, max_supply, decimals, token_symbol]
const METADATA_SLOT=word("miden::standards::fungible_faucets::metadata")

#! Distributes freshly minted fungible assets to the provided recipient by creating a note.
#! Mints fungible assets to the provided recipient by creating a note.
#!
#! Inputs: [amount, tag, note_type, RECIPIENT]
#! Outputs: [note_idx]
Expand All @@ -56,7 +56,7 @@ const METADATA_SLOT=word("miden::standards::fungible_faucets::metadata")
#!
#! Invocation: exec
@locals(4)
pub proc distribute
pub proc mint_and_send
Comment thread
bobbinth marked this conversation as resolved.
# Get the configured max supply and the token supply (= current supply).
# ---------------------------------------------------------------------------------------------

Expand Down
28 changes: 17 additions & 11 deletions crates/miden-standards/asm/standards/faucets/network_fungible.masm
View file
Open in desktop
Comment thread
bobbinth marked this conversation as resolved.
Original file line number Diff line number Diff line change
@@ -1,16 +1,22 @@
# NETWORK FUNGIBLE FAUCET CONTRACT
#
# Note: This component requires `MintPolicyManager` component to also be present in the account.
# =================================================================================================

use miden::standards::faucets
use miden::standards::access::ownable2step
use miden::standards::mint_policies::policy_manager

# PUBLIC INTERFACE
# ================================================================================================

# ASSET DISTRIBUTION
# ASSET MINTING
# ------------------------------------------------------------------------------------------------

#! Distributes freshly minted fungible assets to the provided recipient.
#! Mints fungible assets to the provided recipient by creating a note.
#!
#! This procedure first checks if the note sender is the owner of the faucet, and then
#! mints the asset and creates an output note with that asset for the recipient.
#! This procedure first executes the active mint policy configured via
#! `active_policy_proc_root`, and then mints the asset and creates an output note
#! with that asset for the recipient.
#!
#! Inputs: [amount, tag, note_type, RECIPIENT, pad(9)]
#! Outputs: [note_idx, pad(15)]
Expand All @@ -23,15 +29,15 @@ use miden::standards::access::ownable2step
#! - note_idx is the index of the created note.
#!
#! Panics if:
#! - the note sender is not the owner of this faucet.
#! - any of the validations in faucets::distribute fail.
#! - active mint policy validation fails.
#! - any of the validations in faucets::mint_and_send fail.
#!
#! Invocation: call
pub proc distribute
exec.ownable2step::assert_sender_is_owner
# => [amount, tag, aux, note_type, execution_hint, RECIPIENT, pad(7)]
pub proc mint_and_send
exec.policy_manager::execute_mint_policy
# => [new_amount, new_tag, new_note_type, NEW_RECIPIENT, pad(9)]

exec.faucets::distribute
exec.faucets::mint_and_send
# => [note_idx, pad(15)]
end
Comment thread
PhilippGackstatter marked this conversation as resolved.

Expand Down
12 changes: 12 additions & 0 deletions crates/miden-standards/asm/standards/mint_policies/auth_controlled.masm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# POLICY PROCEDURES
# ================================================================================================

#! Dummy mint predicate to allow all mints.
#!
#! Inputs: [amount, tag, note_type, RECIPIENT, pad(9)]
#! Outputs: [amount, tag, note_type, RECIPIENT, pad(9)]
#! Invocation: dynexec
pub proc allow_all
# Dummy predicate, no checks yet.
push.0 drop
end
18 changes: 18 additions & 0 deletions crates/miden-standards/asm/standards/mint_policies/owner_controlled.masm
View file
Open in desktop
Comment thread
bobbinth marked this conversation as resolved.
Comment thread
bobbinth marked this conversation as resolved.
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
use miden::standards::access::ownable2step

# POLICY PROCEDURES
# ================================================================================================

#! Owner-only mint predicate.
#!
#! Inputs: [amount, tag, note_type, RECIPIENT, pad(9)]
#! Outputs: [amount, tag, note_type, RECIPIENT, pad(9)]
#!
#! Panics if:
#! - note sender is not owner.
#!
#! Invocation: dynexec
pub proc owner_only
exec.ownable2step::assert_sender_is_owner
# => [amount, tag, note_type, RECIPIENT, pad(9)]
end
Loading
Loading