How do KIP17 covenants enforce rules on Kaspa spending transactions?
KIP17 covenants work by letting a script verify the full structure of the transaction that spends a coin. The spender provides the previous transaction as witness data; the script then uses opcodes to hash that data and confirm the hash matches the input outpoint in the current transaction, proving the provided bytes are authentic. From there, the script can check whatever it needs about the transaction's structure. This matters because it means Kaspa scripts can now enforce arbitrary rules — such as restricting where funds may go or requiring specific outputs — rather than only verifying a signature.