feat: add mint-script crate

.claude/settings.local.json

@@ -0,0 +1,63 @@
+{
+  "permissions": {
+    "allow": [
+      "Skill(code-review:code-review)",
+      "WebFetch(domain:github.com)",
+      "WebFetch(domain:patch-diff.githubusercontent.com)",
+      "Bash(curl:*)",
+      "Bash(git show-branch:*)",
+      "Bash(git log:*)",
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "WebFetch(domain:api.github.com)",
+      "Bash(cargo build:*)",
+      "Bash(cargo clippy:*)",
+      "Bash(~/Personal/get-project-identity.sh)",
+      "Bash(cargo doc:*)",
+      "Bash(find:*)",
+      "Bash(make lint:*)",
+      "Bash(cargo check:*)",
+      "Bash(make test:*)",
+      "Bash(cargo test:*)",
+      "Bash(gh pr list:*)",
+      "Bash(gh pr view:*)",
+      "Bash(gh api:*)",
+      "Bash(/Users/tomas/Lambda/miden-faucet/target/release/miden-faucet:*)",
+      "Bash(git fetch:*)",
+      "Bash(git checkout:*)",
+      "Bash(xargs curl -s)",
+      "Bash(gh pr checks:*)",
+      "Bash(cargo tree:*)",
+      "Bash(/tmp/entrypoint_analysis.txt << 'EOF'\nENTRYPOINT SCRIPT ANALYSIS:\n\nThe script does:\n1. Line 20: WORK_DIR=\"${STORE_DIR}\" - sets work dir based on store path\n2. Line 43: cd \"${WORK_DIR}\" || exit 1 - changes to that directory for init\n3. Line 49: cd \"${WORK_DIR}\" || exit 1 - changes to that directory for the command\n\nKEY ISSUE:\nWhen a user passes relative paths in command arguments \\(like \"$@\" on line 50\\),\nthose relative paths will be interpreted relative to WORK_DIR, NOT the original\nworking directory.\n\nEXAMPLE SCENARIO:\n- Container started from /data directory\n- User runs: docker run ... miden-faucet init --import ./account.mac\n- STORE_DIR becomes /data \\(from MIDEN_FAUCET_STORE env var\\)\n- Script does cd \"${STORE_DIR}\" = cd /data\n- Then runs: miden-faucet init --import ./account.mac\n- Now ./account.mac is interpreted as /data/./account.mac \\(OK if account is there\\)\n- But if account is in /data/../somewhere/account.mac, it will fail\n\nBROADER ISSUE:\nThe script changes working directory before executing user commands.\nThis means user-provided relative paths will be interpreted relative to STORE_DIR,\nnot relative to the original working directory or container entrypoint directory.\n\nThis affects:\n- Line 38: MIDEN_FAUCET_IMPORT_ACCOUNT_PATH \\(passed to init command\\)\n- Line 50: Any argument passed to miden-faucet command \\(the \"$@\"\\)\n\nFor INIT specifically:\n- Line 43: The cd is fine here because --import path needs to be relative\n  to where keystore will be created anyway\n\nFor the final command execution:\n- Line 49-50: Any relative paths in \"$@\" will be relative to WORK_DIR\nEOF)",
+      "Bash(git ls-tree:*)",
+      "WebFetch(domain:docs.rs)",
+      "Bash(/tmp/detailed_analysis.txt << 'EOF'\nDETAILED ISSUE ASSESSMENT:\n\nFrom the entrypoint.sh code \\(lines 33-50\\):\n\nLine 33-38: For MIDEN_FAUCET_IMPORT_ACCOUNT_PATH:\n    - This env var is only used during auto-init \\(if store file doesn't exist\\)\n    - It's passed to \"miden-faucet init --import ${MIDEN_FAUCET_IMPORT_ACCOUNT_PATH}\"\n    - The cd happens BEFORE this init command \\(line 43\\)\n    - So the relative path interpretation IS affected by the cd\n\nLine 49-50: For the main command execution:\n    - exec miden-faucet \"$@\"\n    - This happens after cd \"${WORK_DIR}\"\n    - So any relative paths in the user's command arguments will be relative to WORK_DIR\n\nREAL-WORLD IMPACT:\n\nCase 1: User passes relative path via env var during init\n- Export: MIDEN_FAUCET_IMPORT_ACCOUNT_PATH=account.mac\n- Script does cd to STORE_DIR\n- Then tries to read account.mac from STORE_DIR directory\n- This would fail if account.mac is not in the STORE_DIR\n\nCase 2: User manually calls init with --import\n- docker run ... miden-faucet init --import ./account.mac\n- Script changes to WORK_DIR\n- Command looks for ./account.mac relative to WORK_DIR, not /\n\nCase 3: Other commands \\(not init\\)\n- The entrypoint defaults to \"start\" \\(line 11\\)\n- The start command doesn't typically take file paths as arguments\n- So this is less likely to cause issues in practice\n\nSEVERITY ASSESSMENT:\n- The issue is REAL but context-dependent\n- It affects --import path handling during init\n- It could affect other subcommands if they take relative file paths\n- The script doesn't document this behavior\n- Users might reasonably expect relative paths to be relative to their working dir\n\nHOWEVER:\n- For the \"start\" command \\(default\\), relative paths aren't typically used\n- For the \"init\" command, the current behavior might be intentional\n  \\(to keep keystore and account in same directory\\)\n- The issue would manifest when mounting volumes with relative paths\n  or when account files are in different locations than STORE_DIR\nEOF)",
+      "Bash(/tmp/final_assessment.txt << 'EOF'\nFINAL ASSESSMENT OF THE ISSUE:\n\nThe code comment says: \"Run init from store directory \\(where keystore will be created\\)\"\n\nThis indicates the cd is INTENTIONAL - the design is to:\n1. Change to the store directory\n2. Run init from there \\(so keystore gets created in the right place\\)\n3. Keep the same working directory for the final command execution\n\nPROBLEM IDENTIFICATION:\n\nThe issue raised is valid from one perspective:\n- When users pass relative paths in arguments \\(like --import ./account.mac\\),\n  those paths are now interpreted relative to STORE_DIR instead of the \n  original container working directory\n\nHowever, this might be intentional design because:\n1. The keystore is created relative to the current working directory\n2. Keeping files in the same directory \\(store + keystore\\) is sensible\n3. The comment explicitly documents this behavior\n\nPRACTICAL IMPACT:\n\nThe real issue surfaces when:\n- A user mounts a volume with account files\n- They pass relative paths expecting them to be relative to the mounted volume root\n- But the script changes to STORE_DIR first\n- So relative paths get interpreted relative to STORE_DIR instead\n\nExample:\n- Volume mounted at /mnt/config\n- MIDEN_FAUCET_STORE=/mnt/config/store.db\n- MIDEN_FAUCET_IMPORT_ACCOUNT_PATH=./account.mac \\(intended to be /mnt/config/account.mac\\)\n- Script does cd /mnt/config \\(STORE_DIR is parent directory of store.db\\)\n- Then runs miden-faucet init --import ./account.mac\n- This looks for /mnt/config/./account.mac \\(which works!\\)\n\nActually, re-reading the code:\n- Line 20: WORK_DIR=\"${STORE_DIR}\" where STORE_DIR=\"$\\(dirname \"${MIDEN_FAUCET_STORE}\"\\)\"\n- So WORK_DIR is the PARENT directory of the store file\n- This means relative paths are relative to the store's parent directory\n\nVERDICT:\n- The issue is VALID but narrow in scope\n- It affects cases where users expect relative paths to be relative to container root\n- But the design \\(running from store directory\\) is documented\n- This is more of a design question than a bug\n- Impact is limited because the default \"start\" command rarely uses file paths\n- For \"init\", the behavior might actually be desired \\(keeping files together\\)\n\nREALISTIC SCENARIOS WHERE THIS BREAKS:\n1. User runs: docker run -v /my/account:/mnt/account miden-faucet init --import /mnt/account/account.mac\n   - This works fine \\(absolute path\\)\n2. User runs: docker run -v /my/account:/mnt/account miden-faucet init --import ./account.mac\n   - This fails because ./ is relative to STORE_DIR, not /mnt/account\n   - User would need to know the relationship between STORE_DIR and mounted volume\n\nThe issue is real but requires specific circumstances to manifest.\nEOF)",
+      "Bash(ls:*)",
+      "Bash(test:*)",
+      "Bash(gh issue view:*)",
+      "WebSearch",
+      "Bash(git ls-remote:*)",
+      "Bash(rm:*)",
+      "Bash(grep:*)",
+      "Bash(cargo search:*)",
+      "Bash(cargo info:*)",
+      "Bash(for d in /Users/tomas/Lambda/miden-faucet/target/debug/build/miden-client-*/out/)",
+      "Bash(do echo \"=== $d ===\")",
+      "Read(//Users/tomas/Lambda/miden-faucet/**)",
+      "Bash(done)",
+      "Bash(make check:*)",
+      "Bash(git:*)",
+      "Bash(gh pr:*)",
+      "Bash(2)",
+      "Read(//Users/tomas/.cargo/git/checkouts/**)",
+      "Bash(cargo nextest:*)",
+      "Bash(cargo clean:*)",
+      "Bash(cargo update:*)",
+      "Bash(sort -t/ -k3 -V)",
+      "Bash(gh run:*)",
+      "Bash(make tests:*)",
+      "Bash(cargo metadata:*)",
+      "Bash(python3 -c \" import json, sys meta = json.load\\(sys.stdin\\) for pkg in meta['packages']: if 'miden-node-proto' in pkg['name']: print\\(pkg['name'], pkg['version'], pkg['manifest_path']\\) \")"
+    ]
+  }
+}

CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 0.15.0 (TBD)
+
+- Reimplemented the transaction script in Rust using the miden-compiler ([#204](https://github.com/0xMiden/faucet/pull/204)).
+- Added `note_transport_url` field to the `/get_metadata` endpoint response ([#243](https://github.com/0xMiden/faucet/pull/243)).
+
+## 0.14.3 (2026-04-29)
+
+- Updated miden-client dependency to v0.14.5 ([#244](https://github.com/0xMiden/faucet/pull/244)).
+- Improved mint failure observability: each step inside `submit_new_transaction` now records its own error, `apply_transaction` is instrumented as a sibling span, and `RpcError` propagations record structured `grpc.endpoint`/`grpc.code`/`grpc.endpoint_error` fields on the parent span ([#245](https://github.com/0xMiden/faucet/pull/245)).
+
+## 0.14.2 (2026-04-21)
+
+- Fixed faucet state sync to request storage map details for tracked public accounts ([#241](https://github.com/0xMiden/faucet/pull/241)).
+
+## 0.14.1 (2026-04-16)
+
+- Updated miden-client dependency to v0.14.3 ([#239](https://github.com/0xMiden/faucet/pull/239)).
+
 ## 0.14.0 (2026-04-08)
 
 - [BREAKING] Removed `--api-key` param from the `start` command, API keys are now persisted in the store and automatically loaded on startup.  ([#225](https://github.com/0xMiden/miden-faucet/pull/225)).