Add burn metadata semantics

[punk6529]

Summary

• add retained burned-token audit state and a protocol TokenBurned event while preserving ERC-721 post-burn ownership/tokenURI semantics
• record valid VRF/arRNG post-burn randomness as audit-only state, including after freeze, without ERC-4906 metadata updates or live metadata/freeze-manifest changes
• make burned token IDs terminal to prevent stale burn-audit state after remint attempts
• add focused burn/randomizer/freeze tests plus metadata, ADR, status, roadmap, and autonomous-run traceability

Closes #50.

Validation

• forge test --match-contract StreamCoreBurnTest -vvv (4 passed)
• forge test --match-contract "Stream(RandomizerLifecycle|RandomizerRetry|MetadataEvents|MetadataFreeze|MetadataGolden|CoreBurn)Test" -vvv (55 passed)
• make check
• powershell -ExecutionPolicy Bypass -File scripts\check.ps1
• forge fmt --check smart-contracts\StreamCore.sol smart-contracts\IStreamCore.sol smart-contracts\StreamRandomizerLifecycle.sol smart-contracts\RandomizerVRF.sol smart-contracts\RandomizerRNG.sol test\mocks\MockRandomizerCore.sol test\StreamCoreBurn.t.sol
• git diff --check
• heading and traceability scans across touched docs/contracts/tests
• Slither comparison: 718 total findings, high/medium unchanged at 4/19

Summary by CodeRabbit

• New Features

  • Burn emits a protocol TokenBurned event, retains audit state, prevents reminting, and excludes burned tokens from live supply
  • Post-burn randomness is recorded as audit-only (BurnedTokenRandomnessRecorded) without restoring ownership or updating live metadata
  • Public queries to check burn status and retrieve burned-audit state

• Documentation

  • Updated ADRs, metadata, roadmap, status, and ops docs to reflect burn semantics

• Tests

  • Added end-to-end coverage for burn flows and post-burn randomness handling

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[punk6529]

@coderabbitai review

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2420f1ed-d77f-490d-9d7f-aa81fb9306fc

📥 Commits

Reviewing files that changed from the base of the PR and between d3ada34 and 37c361a.

📒 Files selected for processing (8)

• docs/adr/0006-metadata-freeze.md
• docs/metadata.md
• docs/status.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• smart-contracts/StreamCore.sol
• test/README.md
• test/StreamCoreBurn.t.sol

✅ Files skipped from review due to trivial changes (3)

• test/README.md
• docs/status.md
• ops/ROADMAP.md

🚧 Files skipped from review as they are similar to previous changes (5)

• docs/adr/0006-metadata-freeze.md
• ops/AUTONOMOUS_RUN.md
• smart-contracts/StreamCore.sol
• test/StreamCoreBurn.t.sol
• docs/metadata.md

---

📝 Walkthrough

Walkthrough

This PR implements burned-token audit retention and audit-only post-burn randomness recording: contracts persist burn audit state and expose isTokenBurned, randomizer adapters emit BurnedTokenRandomnessRecorded after successful post-burn hash writes, tests validate burn/remint and post-burn fulfillments, and docs/ops/roadmap/status are updated to match the behavior.

Changes

Burn metadata semantics implementation

Layer / File(s)	Summary
StreamCore storage, burn flow, accessors smart-contracts/StreamCore.sol	Adds BurnedTokenAudit storage and burnedTokenAuditRecords, TokenBurned event, burn() records owner/operator/block/time and clears live metadata, mint() rejects remint of burned IDs, setTokenHash() routes final hash to live metadata or burned audit record, adds isTokenBurned()/burnedTokenAuditState().
Randomizer lifecycle events smart-contracts/StreamRandomizerLifecycle.sol	Adds BurnedTokenRandomnessRecorded event and internal _confirmBurnedTokenRandomnessRecorded(requestId) that emits audit-only randomness confirmations for fulfilled requests without mutating request state.
VRF/RNG adapter wiring smart-contracts/RandomizerVRF.sol, smart-contracts/RandomizerRNG.sol	After successful setTokenHash(...) writes, both adapters check isTokenBurned(tokenId) and call lifecycle confirmation to emit burned-token randomness audit events before continuing standard fulfillment/retry confirmation flows.
IStreamCore interface smart-contracts/IStreamCore.sol	Adds function isTokenBurned(uint256 tokenId) external view returns (bool);.
Tests and mocks test/mocks/MockRandomizerCore.sol, test/StreamCoreBurn.t.sol, test/README.md	Adds burnedTokens mapping and setTokenBurned/isTokenBurned to mock core; new StreamCoreBurnTest suite and mock coordinators/controllers validate burn events, query reverts after burn, remint prevention, and post-burn VRF/ARRNG fulfillments that record BurnedTokenRandomnessRecorded without metadata updates.
Docs, ADRs, blockers, status, roadmap, ops docs/adr/*, docs/metadata.md, docs/known-blockers.md, docs/status.md, ops/ROADMAP.md, ops/AUTONOMOUS_RUN.md	Clarifies ADR0005/0006 and metadata docs to state callback-after-burn is audit-only, documents burned-token behavior (no ownerOf/tokenURI, retained audit state, excluded from live supply), updates blockers/status/roadmap/ops and test baseline references accordingly.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related issues

• #50: Implements P1-META-005 burn metadata and supply semantics (audit-state retention, burn events, post-burn randomness audit behavior, and tests) which matches this PR's objectives.

Possibly related PRs

• 6529-Collections/6529Stream#82: Intersects on ERC-4906 MetadataUpdate emission; this PR suppresses metadata updates for burned tokens.
• 6529-Collections/6529Stream#70: Adds rawOutputHash persistence used by post-burn randomness audit events recorded here.
• 6529-Collections/6529Stream#84: Modifies freeze guards and metadata finalization that interact with setTokenHash branching added in this PR.

Poem

🐰 A token burned, its history kept tight,

Audit hashes glow in the night;
Randomness whispers, sealed and scored,
Ownership gone but records stored;
A rabbit hops—logs safe and bright.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add burn metadata semantics' clearly and concisely summarizes the main change: implementing burn metadata and supply semantics as per ADR 0006 and issue #50.
Linked Issues check	✅ Passed	The PR successfully implements all coding requirements from issue #50: ADR 0006 burn metadata policy with unavailable post-burn metadata, documented callback-after-burn randomness handling, TokenBurned event emission, comprehensive tests for burn/randomizer/freeze behaviors, and make check validation.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to burn metadata implementation: interface additions, audit state tracking, burn event emission, post-burn randomness recording, documentation updates, and comprehensive test coverage aligned with issue #50 requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/burn-metadata-semantics

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@smart-contracts/StreamCore.sol`:
- Around line 372-382: The burnedTokenAuditRecords.burned flag is left set when
a token ID is burned but the contract allows that same tokenId to be reminted,
causing isTokenBurned to remain true for a live token; update the minting paths
(e.g., mint, any wrapper that calls _mint or _safeMint) to check
burnedTokenAuditRecords[_tokenId].burned and revert if true
(require(!burnedTokenAuditRecords[_tokenId].burned, "token previously burned")),
or alternatively, if reminting is intended, reset the BurnedTokenAudit fields
for _tokenId on mint; ensure consistency with isTokenBurned and any burn-related
events by referencing burnedTokenAuditRecords, the BurnedTokenAudit struct, and
the mint/_mint/_safeMint functions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 21ee5310-ac4e-47aa-99ec-a918cff30d4d

📥 Commits

Reviewing files that changed from the base of the PR and between 49f9204 and d3ada34.

📒 Files selected for processing (15)

• docs/adr/0005-randomness.md
• docs/adr/0006-metadata-freeze.md
• docs/known-blockers.md
• docs/metadata.md
• docs/status.md
• ops/AUTONOMOUS_RUN.md
• ops/ROADMAP.md
• smart-contracts/IStreamCore.sol
• smart-contracts/RandomizerRNG.sol
• smart-contracts/RandomizerVRF.sol
• smart-contracts/StreamCore.sol
• smart-contracts/StreamRandomizerLifecycle.sol
• test/README.md
• test/StreamCoreBurn.t.sol
• test/mocks/MockRandomizerCore.sol

[punk6529]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.