;; ClearSight - Supply Chain Transparency Contract
;; Enhanced with RBAC, Audit Trail, Advanced Status Management, and Input Validation
;; title: source
;; version:
;; summary:
;; description:
;; Constants for validation
(define-constant MAX-PRODUCT-ID-LENGTH u36)
(define-constant MAX-LOCATION-LENGTH u50)
(define-constant MAX-REASON-LENGTH u50)
;; traits
;;
;; Enhanced status constants
(define-constant STATUS-REGISTERED "registered")
(define-constant STATUS-IN-TRANSIT "in-transit")
(define-constant STATUS-DELIVERED "delivered")
(define-constant STATUS-TRANSFERRED "transferred")
(define-constant STATUS-VERIFIED "verified")
(define-constant STATUS-RETURNED "returned")
(define-constant STATUS-REJECTED "rejected")
;; token definitions
;;
;; Action constants (all 12 chars or less)
(define-constant ACTION-UPDATE "status-upd")
(define-constant ACTION-REGISTER "register")
(define-constant ACTION-TRANSFER "transfer")
;; constants
;;
;; Error codes
(define-constant ERR-NOT-AUTHORIZED (err u100))
(define-constant ERR-PRODUCT-EXISTS (err u101))
(define-constant ERR-PRODUCT-NOT-FOUND (err u102))
(define-constant ERR-INVALID-STATUS (err u103))
(define-constant ERR-INVALID-PRODUCT-ID (err u104))
(define-constant ERR-INVALID-LOCATION (err u105))
(define-constant ERR-INVALID-OWNER (err u106))
(define-constant ERR-ROLE-EXISTS (err u107))
(define-constant ERR-INVALID-ROLE (err u108))
(define-constant ERR-INVALID-STATUS-TRANSITION (err u109))
(define-constant ERR-INVALID-REASON (err u110))
;; data vars
;;
;; Define roles
(define-constant ROLE-ADMIN u1)
(define-constant ROLE-MANUFACTURER u2)
(define-constant ROLE-DISTRIBUTOR u3)
(define-constant ROLE-RETAILER u4)
;; data maps
;;
;; Define data variables
(define-data-var contract-owner principal tx-sender)
;; public functions
;;
;; Role management
(define-map user-roles
{ user: principal }
{ role: uint }
)
;; read only functions
;;
;; Enhanced products map with status tracking
(define-map products
{ product-id: (string-ascii 36) }
{
manufacturer: principal,
timestamp: uint,
current-owner: principal,
current-status: (string-ascii 12),
verified: bool,
status-update-count: uint
}
)
;; private functions
;;
;; Status history map
(define-map status-history
{
product-id: (string-ascii 36),
update-number: uint
}
{
status: (string-ascii 12),
timestamp: uint,
changed-by: principal,
reason: (string-ascii 50),
location: (string-ascii 50)
}
)
;; Product history
(define-map product-history
{
product-id: (string-ascii 36),
timestamp: uint
}
{
owner: principal,
action: (string-ascii 12),
location: (string-ascii 50),
previous-owner: (optional principal)
}
)
;; Audit trail
(define-map audit-log
{
transaction-id: uint,
timestamp: uint
}
{
actor: principal,
action: (string-ascii 12),
product-id: (string-ascii 36),
details: (string-ascii 50)
}
)
(define-data-var audit-counter uint u0)
;; Enhanced validation functions
(define-private (is-valid-product-id (product-id (string-ascii 36)))
(and
(>= (len product-id) u1)
(<= (len product-id) MAX-PRODUCT-ID-LENGTH)
(not (is-eq product-id ""))
(not (is-eq product-id " "))
true
)
)
(define-private (is-valid-location (location (string-ascii 50)))
(and
(>= (len location) u1)
(<= (len location) MAX-LOCATION-LENGTH)
(not (is-eq location ""))
(not (is-eq location " "))
true
)
)
(define-private (is-valid-reason (reason (string-ascii 50)))
(and
(>= (len reason) u1)
(<= (len reason) MAX-REASON-LENGTH)
(not (is-eq reason ""))
(not (is-eq reason " "))
true
)
)
;; Status validation functions
(define-private (is-valid-status (status (string-ascii 12)))
(or
(is-eq status STATUS-REGISTERED)
(is-eq status STATUS-IN-TRANSIT)
(is-eq status STATUS-DELIVERED)
(is-eq status STATUS-TRANSFERRED)
(is-eq status STATUS-VERIFIED)
(is-eq status STATUS-RETURNED)
(is-eq status STATUS-REJECTED)
)
)
(define-private (is-valid-status-transition (current-status (string-ascii 12)) (new-status (string-ascii 12)))
(or
(and (is-eq current-status STATUS-REGISTERED)
(or (is-eq new-status STATUS-IN-TRANSIT)
(is-eq new-status STATUS-TRANSFERRED)))
(and (is-eq current-status STATUS-IN-TRANSIT)
(or (is-eq new-status STATUS-DELIVERED)
(is-eq new-status STATUS-RETURNED)))
(and (is-eq current-status STATUS-DELIVERED)
(or (is-eq new-status STATUS-VERIFIED)
(is-eq new-status STATUS-REJECTED)))
(and (is-eq current-status STATUS-TRANSFERRED)
(is-eq new-status STATUS-VERIFIED))
)
)
;; Fixed authorization function with consistent return type
(define-private (check-authorization (user principal) (required-role uint))
(match (map-get? user-roles { user: user })
role-data (if (is-eq (get role role-data) required-role)
(ok true)
ERR-NOT-AUTHORIZED)
ERR-NOT-AUTHORIZED
)
)
(define-private (create-audit-log
(actor principal)
(action (string-ascii 12))
(product-id (string-ascii 36))
(details (string-ascii 50)))
(begin
(asserts! (is-valid-product-id product-id) ERR-INVALID-PRODUCT-ID)
(let ((current-counter (var-get audit-counter)))
(map-set audit-log
{
transaction-id: current-counter,
timestamp: stacks-block-height
}
{
actor: actor,
action: action,
product-id: product-id,
details: details
}
)
(var-set audit-counter (+ current-counter u1))
(ok true))
)
)
;; Updated product management functions
(define-public (update-product-status
(product-id (string-ascii 36))
(new-status (string-ascii 12))
(reason (string-ascii 50))
(location (string-ascii 50)))
(begin
;; Authorization check
(try! (check-authorization tx-sender ROLE-MANUFACTURER))
;; Input validation
(asserts! (is-valid-product-id product-id) ERR-INVALID-PRODUCT-ID)
(asserts! (is-valid-status new-status) ERR-INVALID-STATUS)
(asserts! (is-valid-reason reason) ERR-INVALID-REASON)
(asserts! (is-valid-location location) ERR-INVALID-LOCATION)
(let ((product (unwrap! (map-get? products { product-id: product-id }) ERR-PRODUCT-NOT-FOUND)))
;; Status transition validation
(asserts! (is-valid-status-transition (get current-status product) new-status)
ERR-INVALID-STATUS-TRANSITION)
;; Update product status
(map-set products
{ product-id: product-id }
(merge product {
current-status: new-status,
status-update-count: (+ (get status-update-count product) u1)
})
)
;; Record in status history
(map-set status-history
{
product-id: product-id,
update-number: (get status-update-count product)
}
{
status: new-status,
timestamp: stacks-block-height,
changed-by: tx-sender,
reason: reason,
location: location
}
)
;; Create audit log entry
(try! (create-audit-log tx-sender ACTION-UPDATE product-id
(concat "Status: " new-status)))
(ok true)
)
)
)
(define-public (register-product
(product-id (string-ascii 36))
(location (string-ascii 50)))
(begin
;; Authorization check
(try! (check-authorization tx-sender ROLE-MANUFACTURER))
;; Input validation
(asserts! (is-valid-product-id product-id) ERR-INVALID-PRODUCT-ID)
(asserts! (is-valid-location location) ERR-INVALID-LOCATION)
;; Check if product already exists
(asserts! (is-none (map-get? products { product-id: product-id })) ERR-PRODUCT-EXISTS)
;; Register new product
(map-set products
{ product-id: product-id }
{
manufacturer: tx-sender,
timestamp: stacks-block-height,
current-owner: tx-sender,
current-status: STATUS-REGISTERED,
verified: true,
status-update-count: u1
}
)
;; Initial status history entry
(map-set status-history
{ product-id: product-id, update-number: u0 }
{
status: STATUS-REGISTERED,
timestamp: stacks-block-height,
changed-by: tx-sender,
reason: "Initial registration",
location: location
}
)
;; Create audit log entry
(try! (create-audit-log tx-sender ACTION-REGISTER product-id "Product registered"))
(ok true)
)
)
;; Read-only functions
(define-read-only (get-status-history (product-id (string-ascii 36)) (update-number uint))
(begin
(asserts! (is-valid-product-id product-id) ERR-INVALID-PRODUCT-ID)
(ok (map-get? status-history { product-id: product-id, update-number: update-number }))
)
)
(define-read-only (get-product-details (product-id (string-ascii 36)))
(begin
(asserts! (is-valid-product-id product-id) ERR-INVALID-PRODUCT-ID)
(ok (map-get? products { product-id: product-id }))
)
)
;; Role management function
(define-public (assign-role (user principal) (role uint))
(begin
;; Authorization check
(try! (check-authorization tx-sender ROLE-ADMIN))
;; Validate role
(asserts! (or (is-eq role ROLE-MANUFACTURER)
(is-eq role ROLE-DISTRIBUTOR)
(is-eq role ROLE-RETAILER))
ERR-INVALID-ROLE)
;; Assign role
(map-set user-roles
{ user: user }
{ role: role }
)
(ok true)
)
)