feat: kindfi nft open zeppelin

[aguilar1x]

KindFi NFT Contract

A non-fungible token (NFT) contract for the KindFi platform's reputation and incentivization system. Built on OpenZeppelin Stellar Contracts v0.6.0 for Soroban.

• Closes Implement OpenZeppelin-Based KindFi NFT Contract #763

Key Features

• Sequential IDs: Minting with sequential token IDs starting from 0
• On-chain metadata: Custom metadata stored directly on the blockchain
• Role-based access control: Separate roles for minting, burning, and metadata management
• Standard NFT functionality: Transfers, approvals, balance queries
• Automatic TTL extension: Persistent storage with automatic TTL management (30 days)

Architecture

src/
├── lib.rs       # Main contract and implemented traits
├── mint.rs      # Minting logic with sequential IDs
├── burn.rs      # Burning logic with metadata cleanup
├── metadata.rs  # Metadata storage and retrieval
├── events.rs    # Contract event definitions
├── types.rs     # Data types (NFTMetadata, StorageKey)
└── errors.rs    # Custom error codes

Summary by CodeRabbit

• New Features
  • Added nft-kindfi: full NFT contract with sequential minting, burn support, per-token metadata with TTL, events, standard transfer/approval surface, total-supply and metadata helpers, and role-based access control with admin transfer flow.
• Bug Fixes
  • Introduced explicit contract error codes for clearer failure responses (distinct numeric codes).
• Documentation
  • Added comprehensive README for the new NFT contract.
• Chores
  • Updated workspace manifests, dependencies and toolchain; removed prior wasm build config and reorganized workspace entries.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
kindfi	Ready	Preview, Comment	Jan 23, 2026 11:36pm

[coderabbitai]

Walkthrough

Adds a new KindFi NFT Soroban contract crate (nft-kindfi) with metadata, minting, burning, TTL-managed storage, role-based access control, events, and workspace manifest/toolchain updates; also removes wasm32-specific cargo flags and updates soroban/stellar dependencies.

Changes

Cohort / File(s)	Summary
Workspace Configuration apps/contract/Cargo.toml, apps/contract/.cargo/config.toml, apps/contract/rust-toolchain.toml	Reworked workspace members (enabled contracts/nft-kindfi, removed/commented legacy entries), added workspace package metadata, upgraded soroban-sdk and Stellar crates to v0.6.x, removed wasm32-specific rustflags, and added a rust-toolchain config.
New Crate Manifest apps/contract/contracts/nft-kindfi/Cargo.toml	New crate manifest for nft-kindfi (cdylib) with workspace-based deps and dev-deps.
Core Contract apps/contract/contracts/nft-kindfi/src/lib.rs	New KindfiNFT implementation: constructor, mint/update/get metadata, total_supply, NonFungibleToken & NonFungibleBurnable implementations, AccessControl surface, TTL helpers, role identifiers, admin transfer flows, and TTL extension on state changes.
Types / Storage Keys apps/contract/contracts/nft-kindfi/src/types.rs	New NFTMetadata contracttype and StorageKey enum (TokenCounter, TokenMetadata(u32)).
Minting apps/contract/contracts/nft-kindfi/src/mint.rs	Sequential token counter with overflow protection, get_token_counter, mint_with_metadata stores metadata and emits MintedEventData.
Burning apps/contract/contracts/nft-kindfi/src/burn.rs	burn and burn_from delegating to Base burn, removing metadata, and emitting BurnedEventData.
Metadata Storage apps/contract/contracts/nft-kindfi/src/metadata.rs	set_metadata, get_metadata, remove_metadata with TTL extension on reads/writes and publishing metadata events.
Events apps/contract/contracts/nft-kindfi/src/events.rs	Event structs: MintedEventData, BurnedEventData, MetadataSetEventData, MetadataUpdatedEventData (contract events/topics).
Errors apps/contract/contracts/nft-kindfi/src/errors.rs	New contract Error enum with explicit codes 300–305 (AlreadyInitialized, TokenIdOverflow, MetadataNotFound, TokenNotFound, Unauthorized, InvalidMetadata).
Docs apps/contract/contracts/nft-kindfi/README.md	Added README documenting contract architecture, roles, API, events, errors, and build/test instructions.

Sequence Diagram(s)

sequenceDiagram
    participant Caller as Caller
    participant Kindfi as KindfiNFT
    participant AC as AccessControl
    participant Storage as Storage
    participant Events as Events

    Caller->>Kindfi: mint_with_metadata(caller, to, metadata)
    Kindfi->>AC: has_role(caller, minter)
    AC-->>Kindfi: ok
    Kindfi->>Storage: get_token_counter()
    Storage-->>Kindfi: current_id
    Kindfi->>Storage: Base::mint(to, new_id)
    Kindfi->>Storage: set_metadata(new_id, metadata)
    Kindfi->>Events: emit(MINTED, {token_id,to,metadata})
    Events-->>Caller: event_published
    Kindfi->>Storage: extend_ttl()
    Kindfi-->>Caller: token_id

Loading

sequenceDiagram
    participant Caller as Caller
    participant Kindfi as KindfiNFT
    participant AC as AccessControl
    participant Storage as Storage
    participant Events as Events

    Caller->>Kindfi: update_metadata(caller, token_id, new_metadata)
    Kindfi->>AC: has_role(caller, metadata_manager)
    AC-->>Kindfi: ok
    Kindfi->>Storage: owner_of(token_id)
    Storage-->>Kindfi: owner_address
    Kindfi->>Storage: set_metadata(token_id, new_metadata)
    Kindfi->>Events: emit(METADATA_UPDATED, {token_id,new_metadata})
    Events-->>Caller: event_published
    Kindfi->>Storage: extend_ttl()
    Kindfi-->>Caller: ok

Loading

sequenceDiagram
    participant Caller as Caller
    participant Kindfi as KindfiNFT
    participant AC as AccessControl
    participant Storage as Storage
    participant Events as Events

    Caller->>Kindfi: burn(caller_from, token_id)
    Kindfi->>AC: has_role(caller, burner)
    AC-->>Kindfi: ok
    Kindfi->>Storage: Base::burn(from, token_id)
    Kindfi->>Storage: remove_metadata(token_id)
    Kindfi->>Events: emit(BURNED, {token_id,from})
    Events-->>Caller: event_published
    Kindfi->>Storage: extend_ttl()
    Kindfi-->>Caller: ok

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related issues

• Implement OpenZeppelin-Based KindFi NFT Contract #763 — Implements the OpenZeppelin-based KindFi NFT contract components described in this issue (nft-kindfi, metadata, mint/burn, AccessControl, events).

Possibly related PRs

• Feat/nft kindfi open zeppelin #591 — Adds/modifies the same nft-kindfi contract files (mint, burn, metadata, types, lib).
• chore: august release 1 | Reorg configs, update TS/ESLint, UI keys/a11y, contract ledger schema #631 — Adjusts the apps/contract workspace manifest to enable nft-kindfi and updates dependencies.
• feat(nft): implement access control with OpenZeppelin integration #491 — Implements role-based access control patterns and utilities used by this contract.

Suggested reviewers

• Bran18
• AndlerRL

Poem

🌱 New KindFi tokens spring to light,
Counters march and metadata's right,
Roles guard mints and burnings fair,
Events whisper state out in the air,
On-chain stories stored with TTL care.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: kindfi nft open zeppelin' directly describes the main addition: a new KindFi NFT contract implementation leveraging OpenZeppelin standards and patterns.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/contract/Cargo.toml (1)

21-33: Dependencies are properly pinned to a specific release tag.

Using tag = "v0.3.0" for the OpenZeppelin stellar-contracts dependencies ensures reproducible builds. Consider updating the dependencies to v0.6.0 (the current latest release) and documenting the upgrade process to keep pace with security updates and new features. If staying on v0.3.0 is intentional, document the rationale for this decision.

🤖 Fix all issues with AI agents

In `@apps/contract/contracts/nft-kindfi/src/lib.rs`:
- Around line 215-227: Add TTL-extension to the approval mutators: after calling
Self::ContractType::approve(...) in fn approve and after
Self::ContractType::approve_for_all(...) in fn approve_for_all, invoke the same
instance-TTL extension helper used by other mutations (e.g.
Self::extend_instance_ttl(e, live_until_ledger) or the project's equivalent) to
update the instance TTL using the live_until_ledger value so approvals mirror
transfer()/burn() behavior.
- Around line 69-93: The constructor currently sets the admin without verifying
that the provided Address consents; add a call to require_auth() on the incoming
admin Address in the __constructor function (after the existing
already-initialized check and before set_admin) so the provided admin must
authorize the initialization (i.e., call admin.require_auth() in __constructor
before invoking set_admin and Base::set_metadata while preserving the existing
AlreadyInitialized guard and TTL extension).

In `@apps/contract/contracts/nft-kindfi/src/metadata.rs`:
- Around line 22-33: Replace the explicit is_some() check in get_metadata with
an if let to unwrap the Option and extend TTL in one step: after retrieving
metadata via e.storage().persistent().get(&StorageKey::TokenMetadata(token_id))
use if let Some(ref m) = metadata {
e.storage().persistent().extend_ttl(&StorageKey::TokenMetadata(token_id),
METADATA_TTL_THRESHOLD, METADATA_TTL_AMOUNT); } and then return metadata; this
simplifies the flow while keeping the TTL extension logic (refer to function
get_metadata, StorageKey::TokenMetadata, METADATA_TTL_THRESHOLD,
METADATA_TTL_AMOUNT, and extend_ttl).
- Around line 11-18: The set_metadata function currently stores NFTMetadata
without validation; update set_metadata(&Env, token_id: u32, metadata:
&NFTMetadata) to perform validation of required fields on NFTMetadata (e.g.,
ensure name and image_uri are non-empty and any other invariants), and change
its signature to return Result<(), Error> (using the existing
Error::InvalidMetadata) so it returns Err(Error::InvalidMetadata) when
validation fails; only call e.storage().persistent().set(...) and
extend_ttl(...) (StorageKey::TokenMetadata, METADATA_TTL_THRESHOLD,
METADATA_TTL_AMOUNT) after validation passes.

In `@apps/contract/contracts/nft-kindfi/src/types.rs`:
- Around line 5-18: The comment requests adding the Debug derive to the
StorageKey type to make debugging easier; update the StorageKey struct
declaration to include #[derive(Debug, Clone, Eq, PartialEq)] (or add Debug to
its existing derive list) so it implements Debug alongside its current
derives—locate the StorageKey struct in the file (symbol: StorageKey) and add
Debug to the derive attributes, keeping other derives intact.

[coderabbitai]

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In `@apps/contract/contracts/nft-kindfi/README.md`:
- Around line 45-50: The README currently shows the example base_uri as a bare
URL which triggers linting and renders poorly; update the `base_uri` example so
the URL is a proper Markdown link or autolink (e.g., replace the plain
"https://api.kindfi.org/nft/" with a Markdown link or
<https://api.kindfi.org/nft/>) in the README entry for `base_uri` to remove the
bare-URL warning and improve rendering.
- Around line 15-24: Update the README.md tree code block to use a labeled
"text" fenced block so it renders without fenced-code lint warnings;
specifically replace the unlabeled triple-backtick block that lists src/ and the
file tree with a ```text fenced block (i.e., change the opening ``` to ```text)
around the existing tree so the architecture diagram is treated as text.

In `@apps/contract/contracts/nft-kindfi/src/lib.rs`:
- Around line 128-149: Replace the manual role check in update_metadata with the
project’s role macro (e.g., #[only_role] or #[has_role]) to match
mint_with_metadata and burn functions: remove the explicit
Symbol::new/METADATA_MANAGER_ROLE + storage_has_role check and rely on the macro
to enforce the METADATA_MANAGER_ROLE before caller.require_auth, keeping the
subsequent Base::owner_of(token_id) existence check, metadata::set_metadata
call, MetadataUpdatedEventData.publish, and Self::extend_instance_ttl intact;
ensure the chosen macro resolves long role names via Symbol::new internally so
the full METADATA_MANAGER_ROLE constant continues to work.

In `@apps/contract/contracts/nft-kindfi/src/mint.rs`:
- Around line 32-50: The mint_with_metadata function is currently public
allowing external callers to bypass lib.rs access control; change its signature
from pub fn mint_with_metadata(...) to pub(crate) fn mint_with_metadata(...) and
do the same for get_token_counter (make it pub(crate) if only used internally
and exposed via total_supply()), then update any internal call sites (e.g.,
where lib’s total_supply or mint flow calls these functions) to ensure
visibility still permits compilation and that the external API surface only
exposes the intended functions.

♻️ Duplicate comments (1)

apps/contract/contracts/nft-kindfi/src/lib.rs (1)

79-93: Consider adding admin.require_auth() in the constructor.

The initialization logic is solid with proper already-initialized guard and TTL extension. However, as noted in a previous review, adding admin.require_auth() would enhance security by ensuring the admin address explicitly consents to being assigned that role—particularly important if the deployer and admin differ.

Based on learnings, parameter validation should verify that the admin address is valid and has authorized this assignment.

🔐 Suggested enhancement

     // Check if already initialized by checking if admin is set
     if storage_get_admin(e).is_some() {
         panic_with_error!(e, Error::AlreadyInitialized);
     }

+    // Ensure admin consents to the role assignment
+    admin.require_auth();
+
     // Set the admin for access control
     set_admin(e, &admin);

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@apps/contract/contracts/nft-kindfi/src/lib.rs`:
- Around line 118-148: update_metadata currently calls metadata::set_metadata
which both writes storage and emits a MetadataSetEventData, then update_metadata
emits MetadataUpdatedEventData resulting in double events; add a helper in
metadata.rs (e.g., write_metadata_no_event or set_metadata_internal) that only
writes the metadata + TTL to storage without publishing events, refactor
existing metadata::set_metadata to call that helper then publish the original
MetadataSetEventData, and change update_metadata to call the new helper
(write_metadata_no_event/set_metadata_internal) and then publish only
MetadataUpdatedEventData so a single semantic event is emitted for this action.

In `@apps/contract/contracts/nft-kindfi/src/metadata.rs`:
- Around line 11-27: The validation currently panics via assert! in
require_valid_metadata; change it to return a typed contract error (e.g.,
Result<(), Error>) and replace the assert! checks with returning
Err(Error::InvalidMetadata) (optionally include a small reason or field tag),
add an InvalidMetadata variant to the contract Error enum if missing, and update
callers like set_metadata to propagate/handle the Result (return early on Err)
instead of relying on panics so clients receive a consistent
Error::InvalidMetadata response.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Consider avoiding double event emission on metadata updates.

Right now update_metadata triggers MetadataSetEventData (via set_metadata) and then MetadataUpdatedEventData. That can confuse indexers that expect one semantic event per action. We could enhance this by separating “store metadata” from “emit set event.”

♻️ Proposed change

-        // Update metadata
-        metadata::set_metadata(e, token_id, &nft_metadata);
+        // Update metadata (store only)
+        metadata::store_metadata(e, token_id, &nft_metadata);

To support this, add a helper in metadata.rs that writes + TTL without emitting events, and keep set_metadata as the event-emitting wrapper.

📌 Supporting change (metadata.rs)

+pub fn store_metadata(e: &Env, token_id: u32, metadata: &NFTMetadata) {
+    require_valid_metadata(e, metadata);
+    let key = StorageKey::TokenMetadata(token_id);
+    e.storage().persistent().set(&key, metadata);
+    e.storage()
+        .persistent()
+        .extend_ttl(&key, METADATA_TTL_THRESHOLD, METADATA_TTL_AMOUNT);
+}
+
 pub fn set_metadata(e: &Env, token_id: u32, metadata: &NFTMetadata) {
-    require_valid_metadata(e, metadata);
-    let key = StorageKey::TokenMetadata(token_id);
-    e.storage().persistent().set(&key, metadata);
-    e.storage()
-        .persistent()
-        .extend_ttl(&key, METADATA_TTL_THRESHOLD, METADATA_TTL_AMOUNT);
+    store_metadata(e, token_id, metadata);
     MetadataSetEventData {
         token_id,
         metadata: metadata.clone(),
     }.publish(e);
 }

🤖 Prompt for AI Agents

In `@apps/contract/contracts/nft-kindfi/src/lib.rs` around lines 118 - 148,
update_metadata currently calls metadata::set_metadata which both writes storage
and emits a MetadataSetEventData, then update_metadata emits
MetadataUpdatedEventData resulting in double events; add a helper in metadata.rs
(e.g., write_metadata_no_event or set_metadata_internal) that only writes the
metadata + TTL to storage without publishing events, refactor existing
metadata::set_metadata to call that helper then publish the original
MetadataSetEventData, and change update_metadata to call the new helper
(write_metadata_no_event/set_metadata_internal) and then publish only
MetadataUpdatedEventData so a single semantic event is emitted for this action.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find apps/contract/contracts/nft-kindfi -type f -name "*.rs" | head -20

Repository: kindfi-org/kindfi

Length of output: 397

---

🏁 Script executed:

cat apps/contract/contracts/nft-kindfi/src/metadata.rs

Repository: kindfi-org/kindfi

Length of output: 1898

---

🏁 Script executed:

find apps/contract/contracts/nft-kindfi -type f -name "*error*" -o -name "*lib.rs"

Repository: kindfi-org/kindfi

Length of output: 155

---

🏁 Script executed:

cat apps/contract/contracts/nft-kindfi/src/errors.rs

Repository: kindfi-org/kindfi

Length of output: 743

---

🏁 Script executed:

cat apps/contract/contracts/nft-kindfi/src/lib.rs

Repository: kindfi-org/kindfi

Length of output: 11751

---

🏁 Script executed:

rg "require_valid_metadata" apps/contract/contracts/nft-kindfi/src/

Repository: kindfi-org/kindfi

Length of output: 252

---

🏁 Script executed:

rg "panic_with_error" apps/contract/contracts/nft-kindfi/src/ -A 1 -B 1 | head -40

Repository: kindfi-org/kindfi

Length of output: 1299

---

Consider using contract error codes for metadata validation.

Nice to see validation added. We could enhance this by emitting a typed contract error (e.g., Error::InvalidMetadata) instead of string-based assert!, which is easier for clients to handle consistently.

♻️ Proposed change

-use soroban_sdk::Env;
+use soroban_sdk::{panic_with_error, Env};

+use crate::errors::Error;
 use crate::events::MetadataSetEventData;
 use crate::types::{NFTMetadata, StorageKey};

 /// Validates that the metadata fields meet minimum requirements.
 /// Panics if validation fails.
-fn require_valid_metadata(metadata: &NFTMetadata) {
-    assert!(metadata.name.len() > 0, "name cannot be empty");
-    assert!(metadata.image_uri.len() > 0, "image_uri cannot be empty");
+fn require_valid_metadata(e: &Env, metadata: &NFTMetadata) {
+    if metadata.name.is_empty() || metadata.image_uri.is_empty() {
+        panic_with_error!(e, Error::InvalidMetadata);
+    }
 }

 pub fn set_metadata(e: &Env, token_id: u32, metadata: &NFTMetadata) {
-    require_valid_metadata(metadata);
+    require_valid_metadata(e, metadata);
     let key = StorageKey::TokenMetadata(token_id);

🤖 Prompt for AI Agents

In `@apps/contract/contracts/nft-kindfi/src/metadata.rs` around lines 11 - 27, The
validation currently panics via assert! in require_valid_metadata; change it to
return a typed contract error (e.g., Result<(), Error>) and replace the assert!
checks with returning Err(Error::InvalidMetadata) (optionally include a small
reason or field tag), add an InvalidMetadata variant to the contract Error enum
if missing, and update callers like set_metadata to propagate/handle the Result
(return early on Err) instead of relying on panics so clients receive a
consistent Error::InvalidMetadata response.

[Bran18]

LGTM, nice job setting up the contract, and thanks for the other improvements you did. Really nice job