hyperledger-labs
diff --git a/‎README_PR_BALANCE_FIX_WALKTHROUGH.md‎
Lines changed: 192 additions & 0 deletions b/‎README_PR_BALANCE_FIX_WALKTHROUGH.md‎
Lines changed: 192 additions & 0 deletions
diff --git a/‎build_errors.txt‎ b/‎build_errors.txt‎
diff --git a/‎under/00_index.md‎
Lines changed: 38 additions & 0 deletions b/‎under/00_index.md‎
Lines changed: 38 additions & 0 deletions
@@ -0,0 +1,192 @@
+# PR Walkthrough: IssuedBalance / RedeemedBalance Fix
+
+This document explains the full story of the PR from problem discovery to final push, including why each step was taken.
+
+## 1) Executive Summary
+
+We fixed a balance-accounting bug in SQL storage logic where issued balance was undercounted in integration flows.
+
+Observed failure:
+- `issued balance: got 10, expected 130`
+- Failing path: fungible end-to-end tests with auditor = issuer
+
+Final fix touched only two files:
+- `token/services/storage/db/sql/common/tokens.go`
+- `token/services/storage/db/dbtest/tokens.go`
+
+Final commit on branch:
+- `cd1e31f0` - `fix: correct IssuedBalance/RedeemedBalance queries and add TRedeemedBalance test`
+
+## 2) What Was Failing Initially
+
+Integration logs showed a mismatch in issued balance:
+- Expected by scenario: `130`
+- Returned by code: `10`
+
+This indicated that issued tokens were being filtered incorrectly in the query layer.
+
+## 3) Hypothesis and Plan
+
+Initial hypothesis:
+- The SQL query for issuer-side accounting was likely treating token deletion too simplistically.
+
+Plan:
+1. Inspect balance SQL in `sql/common/tokens.go`.
+2. Verify semantic difference between transfer-spent tokens and redeem-spent tokens.
+3. Adjust query logic to classify these correctly.
+4. Add a deterministic DB-level test.
+5. Re-run focused tests and then fix CI hygiene issues (format/lint/signoff).
+
+## 4) Root Cause (Core Technical Issue)
+
+In token flows, a token can become deleted for two different reasons:
+
+1. Transfer spend:
+- original token marked deleted
+- `spent_by` references successor tx
+- successor token exists in token table
+
+2. Redeem spend:
+- original token marked deleted
+- `spent_by` has no successor token in token table
+
+The accounting bug came from mixing these semantics, which caused issued/redeemed calculations to be inaccurate in some paths.
+
+## 5) Why Self-Join Was the Right Fix
+
+The fix uses token-table lineage checks (self-join using `spent_by -> tx_id`) to decide if a deleted token was:
+- replaced (transfer path), or
+- terminal (redeem path)
+
+Why this was chosen:
+- It uses authoritative token lineage, not indirect assumptions.
+- It matches how supply should be tracked for issuer metrics.
+- It prevents transfer deletions from being incorrectly treated as redemption loss.
+
+## 6) Code Changes Made
+
+### A) SQL accounting logic
+File: `token/services/storage/db/sql/common/tokens.go`
+
+What changed:
+- Corrected IssuedBalance/RedeemedBalance query semantics using self-join lineage behavior.
+- Kept filters for token type, issuer identity, and time windows aligned with method signatures.
+
+Outcome:
+- Issuer-side balance accounting now matches integration expectations.
+
+### B) DB regression test
+File: `token/services/storage/db/dbtest/tokens.go`
+
+What changed:
+- Added `TRedeemedBalance` test case and included it in test matrix.
+- Test setup uses issuer perspective (`Issuer: true`, `IssuerRaw`) and checks:
+  - no redeemed tokens initially
+  - redeemed totals after delete operations
+  - issuer/type scoping
+  - empty-type aggregation behavior
+
+Outcome:
+- Query semantics are now locked by test coverage.
+
+## 7) Important Mid-Stream Errors and How They Were Resolved
+
+### Error A: Wrong test API usage
+Observed during compile:
+- `not enough arguments in call to db.RedeemedBalance`
+- `balance.Uint64 undefined (type uint64 has no field or method Uint64)`
+
+Cause:
+- Test initially called the method with wallet-like arguments and assumed big-int style return.
+
+Fix:
+- Updated calls to actual signature:
+  - `RedeemedBalance(ctx, tokenType, issuerRaw, from, to) (uint64, error)`
+- Updated assertions to compare plain `uint64`.
+
+### Error B: Confusion from long-running/stale test output
+Cause:
+- Multiple terminals, mixed CWDs, piped/truncated output.
+- Integration tests are heavy and environment-dependent.
+
+Fix:
+- Used focused package tests for fast logic validation.
+- Interpreted postgres failures as local Docker environment issue, not code regression.
+
+### Error C: CI gofmt failure
+CI error:
+- `The following gofmt issues were flagged: ./token/services/storage/db/sql/common/tokens.go`
+
+Fix:
+- Ran `gofmt -l -s -w` on changed files and re-amended commit.
+
+## 8) Test and Validation Story
+
+What was validated successfully:
+- SQLite storage test suite for the changed area (including `TestTokens/RedeemedBalance`) passed.
+- DB-level logic and new regression test compiled and ran in the relevant package scope.
+
+Known non-code blocker during local runs:
+- Postgres-backed tests failed locally due to Docker daemon availability.
+- This was environment-specific and not caused by query logic changes.
+
+## 9) Commit Timeline (Why Multiple Commits/Amends Happened)
+
+Recent branch history included iterative fixes, then final PR commit:
+- `cd1e31f0` final force-updated commit for this PR change set
+
+Why multiple commit updates happened:
+1. Functional SQL/test fix landed.
+2. Commit signoff requirement required `--amend -s`.
+3. CI formatting issue required gofmt and another amend.
+4. Since amend rewrites hash, force-with-lease push was required.
+
+## 10) Visual Flow
+
+```mermaid
+flowchart TD
+A[Integration Failure\nissued balance 10 vs 130] --> B[Inspect SQL balance logic]
+B --> C[Find semantic bug\ndeleted tokens were misclassified]
+C --> D[Implement self-join lineage logic\nspent_by -> successor tx]
+D --> E[Add TRedeemedBalance DB test]
+E --> F[Compile errors in test API usage]
+F --> G[Fix signature and uint64 assertions]
+G --> H[Run focused DB/SQLite tests]
+H --> I[CI fails gofmt]
+I --> J[Run gofmt -l -s -w]
+J --> K[Amend commit with -s]
+K --> L[Force-push --force-with-lease]
+L --> M[PR ready]
+```
+
+## 11) Interview-Ready Deep Questions and Answers
+
+### Q1) Why not just filter on `is_deleted = false`?
+Because deleted tokens can represent both transfer spends and redeem spends. A plain `is_deleted` filter loses semantic information and can miscount issuer accounting.
+
+### Q2) Why use self-join instead of transaction table?
+Self-join directly models token lineage in the token table (`spent_by -> tx_id`) and avoids dependence on potentially indirect transaction interpretations.
+
+### Q3) What did the regression test protect?
+It protects issuer-scoped redeemed accounting across token types and ensures no accidental API mismatch in future refactors.
+
+### Q4) Why did you force-push?
+Because commit was amended (`-s` signoff and gofmt updates), which rewrites commit hash. `--force-with-lease` is the safe way to update remote in that case.
+
+## 12) Exact Files to Review Before Interview
+
+Start with these two files and understand each changed block:
+- `token/services/storage/db/sql/common/tokens.go`
+- `token/services/storage/db/dbtest/tokens.go`
+
+Then glance at integration expectation references for context:
+- `integration/token/fungible/support.go`
+- `integration/token/fungible/tests.go`
+
+## 13) Final Outcome
+
+The PR now:
+- fixes the accounting bug that caused issued balance mismatch,
+- adds regression coverage,
+- passes relevant focused tests,
+- is formatted/signed and pushed as final commit `cd1e31f0`.
@@ -0,0 +1,38 @@
+# End-to-End Workflow Traces — Fabric Token SDK
+
+This directory contains **8 comprehensive code-level traces** of the major workflows in the Fabric Token SDK. Each document follows a transaction from the public API entry point through every internal function call, covering both FabToken (cleartext) and ZKAT-DLOG (zero-knowledge) drivers.
+
+---
+
+## Workflow Index
+
+| # | Workflow | File | Summary |
+|---|----------|------|---------|
+| 1 | **Token Issuance** | [01_token_issuance.md](01_token_issuance.md) | `Transaction.Issue()` → `Request.Issue()` → driver `IssueService.Issue()` → ZK proof generation → endorsement collection → audit → distribution |
+| 2 | **Token Transfer** | [02_token_transfer.md](02_token_transfer.md) | `Transaction.Transfer()` → UTXO selection (`Selector.Select()` with locking) → change handling → `TransferService.Transfer()` → ZK range proofs → verification |
+| 3 | **Token Redemption** | [03_token_redemption.md](03_token_redemption.md) | `Transaction.Redeem()` → transfer variant with nil owner → `SelectIssuerForRedeem()` → `IsRedeem()` detection → differences from normal transfer |
+| 4 | **Atomic Swap** | [04_atomic_swap.md](04_atomic_swap.md) | `ExchangeRecipientIdentities` → `CollectActionsView` multi-party coordination → `CollectActionsResponderView` → DVP variant → comparison with normal transfer |
+| 5 | **Auditor Check** | [05_auditor_check.md](05_auditor_check.md) | `requestAudit()` → `AuditApproveView` → ZKAT-DLOG `Auditor.Check()` with Pedersen commitment recomputation → `InspectIdentity()` → audit record storage |
+| 6 | **Token Upgrade** | [06_token_upgrade.md](06_token_upgrade.md) | Challenge-response protocol → `GenUpgradeProof` (SHA256 + per-token signing) → `CheckUpgradeProof` → `ProcessTokensUpgradeRequest` → `IssueService` upgrade branch |
+| 7 | **Identity Resolution** | [07_identity_resolution.md](07_identity_resolution.md) | `WalletManager` → `IdentityProvider` → long-term vs anonymous wallets → `RecipientDataCache` with background pseudonym generation → Idemix pseudonym flow |
+| 8 | **Finality & DB Updates** | [08_finality_db_updates.md](08_finality_db_updates.md) | `OrderingView` broadcast → `FinalityView` polling → `finality.Listener.OnStatus()` → hash verification → `tokens.Append()` UTXO updates → `TTXDB.SetStatus()` notification → responder side |
+
+---
+
+## How to Use These Traces
+
+- **Debugging**: Start with the workflow that matches the failing operation. Follow the function chain to identify where the error originates.
+- **Code Review**: Use the mermaid sequence diagrams for a high-level overview, then drill into specific stages.
+- **New Feature Planning**: Check the "Improvement Opportunities" section in each trace for known gaps.
+- **Driver Comparison**: Each trace highlights where FabToken and ZKAT-DLOG diverge — useful for understanding the driver abstraction.
+
+## Cross-Cutting Concerns
+
+| Concern | Where to Look |
+|---------|---------------|
+| **Metrics** (Prometheus) | Traces 1, 2, 8 — `OrderingDuration`, `OnStatusDuration`, `ConfirmedTransactions` |
+| **Tracing** (OpenTelemetry) | Trace 8 — spans in `OnStatus`, `Append` |
+| **Error Handling** | Every trace includes dedicated "Error Paths" sections |
+| **Concurrency** | Traces 2 (selector locking), 7 (pseudonym cache), 8 (finality polling + DB notifications) |
+| **ZK Cryptography** | Traces 1 (issue proofs), 2 (transfer proofs), 5 (audit inspection) |
+| **Identity/Privacy** | Traces 5 (Idemix audit), 7 (anonymous wallets, pseudonyms) |