STAS 3.0 v0.1 §9 build-time enforcement helpers.

These predicates run BEFORE signing, on the resolved input + destination set assembled by a factory. They catch spec violations at construction time so that we never produce a transaction whose engine would reject it on broadcast.

Coverage

• freeze/2 — §9.2 Freeze / Unfreeze:

  • exactly one STAS output,
  • non-var2 fields byte-identical to the input,
  • FREEZABLE flag bit set in the input's flags.

• confiscation/1 — §9.3 Confiscation:

  • CONFISCATABLE flag bit set in the input's flags.

• swap_cancel/2 — §9.4 Swap cancellation:

  • input must carry a swap descriptor (action 0x01),
  • exactly one STAS output,
  • output's owner equals the input's var2.receiveAddr.

Each function returns :ok on success or {:error, atom_or_tuple} on failure. Error atoms are the ones documented in the brief:

• :freeze_output_count, :freeze_field_drift, :freeze_flag_not_set
• :confiscate_flag_not_set
• :swap_cancel_missing_descriptor, :swap_cancel_output_count, :swap_cancel_owner_mismatch

Per spec §9.6, these checks are applied independently — the calling factory chooses which to invoke based on its own intent. The §9.6 precedence rule (Confiscation > Freeze > Swap > Regular) is informative for engines that must classify a spend post-hoc; in this SDK the factory is authoritative.