pub fn mint_execution_nonce(
kernel_keypair: &Keypair,
binding: NonceBinding,
config: &ExecutionNonceConfig,
now: i64,
) -> Result<SignedExecutionNonce, KernelError>Expand description
Mint a fresh signed execution nonce.
The kernel calls this on every Verdict::Allow so tool servers can
verify that a call was authorized by the kernel at a known, recent
time. The returned nonce is signed by kernel_keypair; downstream
verifiers check the signature with the kernel’s public key.