refactor: extract free functions for enum and numeric oracle event operations

[rorp]

Summary

This PR extracts the core oracle event creation and signing logic into standalone free functions, improving code reusability and testability while maintaining the existing Oracle API.

Major Changes

Function Extraction

• create_enum_event() - Standalone function for creating enum event announcements
• sign_enum_event() - Standalone function for signing enum event outcomes
• create_numeric_event() - Standalone function for creating numeric event announcements
• sign_numeric_event() - Standalone function for signing numeric event outcomes with clamping logic
• Helper functions: get_min_value(), get_max_value(), derive_signing_key()

Architectural Benefits

• Code Reusability: Core DLC logic can be used independently of the Oracle struct
• Testability: Free functions are easier to unit test in isolation
• Separation of Concerns: DLC oracle logic separated from storage/persistence concerns
• API Flexibility: Users can choose between high-level Oracle methods or low-level functions

Implementation Details

• Oracle methods now delegate to the extracted free functions
• Maintains backward compatibility - all existing Oracle API remains unchanged
• Enhanced error handling with proper validation in free functions
• Comprehensive input validation for edge cases (empty strings, invalid ranges, etc.)

Minor Improvements

• Documentation: Added comprehensive Rust docs for all public functions
• Unit Tests: Added focused tests for free functions
• DLC Spec References: Linked to relevant DLC specification sections

Impact

• No Breaking Changes: All existing code continues to work unchanged
• Enhanced Flexibility: Developers can now use either high-level or low-level APIs
• Better Testing: Isolated unit tests for core cryptographic operations
• Improved Maintainability: Clear separation between DLC logic and infrastructure

Testing

• All existing tests pass without modification
• New unit tests cover free functions and edge cases
• Clamping behavior thoroughly tested for both signed and unsigned numeric events
• This refactor significantly improves the codebase architecture while maintaining full backward compatibility, making the oracle system more modular and testable.

[kwsantiago]

Take a look at #104 in case there's anything you can grab from there. I can close 104, pending @bennyhodl

[kwsantiago]

Good code quality, excellent tests, solid documentation. Left some comments for silent behavior change from errors to clamping.

[kwsantiago]

Base 2 is hardcoded but the function accepts a base parameter.

Either remove the parameter or support other bases.

[rorp]

I'm planning to add support for other bases in a separate PR.

[kwsantiago]

Why 63?

This should be a constant with an explanation of why this number was chosen.

[rorp]

Because we use i64 as outcome type which uses 63 bits for the value and 1 bit for the sign. Probably it makes sense to use BigInt and BigUint here. But again, this should be done in a separate PR.

[kwsantiago]

The old code used an iterator while the new code is collecting all nonce keys which could lead to a small performance regression for large nonce sets.

[rorp]

I don't think we need an iterator to collect 1 nonce.

[bennyhodl]

We should at least check that we have a nonce. Validating the announcement will check that we have 1 nonce.

[rorp]

In fact we don't need this line at all. It was added to check if rust-dlc signing algorithm worked as expected. And it did.

[rorp]

Moved these checks to the unit tests.

[kwsantiago]

This check seems defensive but the free function doesn't do it. There is inconsistent validation between Oracle methods and free functions.

[rorp]

Of course the free function doesn't do it. The compiler checks it. This was not an inconsistency, but a bug in kormir, which could lead to unexpected panics.

[kwsantiago]

Nit: consider a builder pattern or config struct instead of suppressing the lint.

[rorp]

Good idea for a separate PR.

[rorp]

Take a look at #104 in case there's anything you can grab from there. I can close 104, pending @bennyhodl

This PR and #104 are orthogonal.

#104 creates CLI commands that allow users to connect to a Kormir server instance in order for the server to create announcements and attestations.

This PR extracts the core logic of creating announcements and attestations so it can be used in other orcale apps. Imagine a weather web-site, that posts announcements on Twitter; attests them with the data from their internal database and again posts attestations on Twitter; and uses their custom private key setup without exposing sign- endpoints. This PR makes it easier for them to build this kind of app.

[bennyhodl]

thanks 🤙🏼

small nits

[bennyhodl]

We should at least check that we have a nonce. Validating the announcement will check that we have 1 nonce.

[bennyhodl]

InvalidAnnouncement might be the wrong error here. The signature can still be valid for that public key

[rorp]

We don't want to attest someone else's announcements. This check validates if it's the case.

[kwsantiago]

The old code verified that the nonce in the signature matched the announcement's nonce.

Should we add a runtime check to ensure the caller passed the correct nonce key matching the announcement?

[rorp]

Good catch! I added an explicit check for the nonces and nonce keys.

[kwsantiago]

Shouldn't clamp_outcome be exposed as an optional param instead of hard-coding to false? If it's always set to false then the Oracle struct can never use clamping.

[rorp]

It shouldn't be there in the first place. The oracle must be spec compliant. Reverted it to the initial commit.

[kwsantiago]

Since InvalidArgument was removed, this is a breaking change for anyone using Error::InvalidArgument

May want to add in changelog. The new errors you added are better though.

[rorp]

Reverted it and made it deprecated. Will be removed in the next minor release.