feat: added gho direct minter

.env.template

@@ -29,3 +29,8 @@ TEST_ACCOUNT_2_PRIVATE_KEY=[YOUR PROFILE ACCOUNT PRIVATE KEY]
 TEST_ACCOUNT_3_PRIVATE_KEY=[YOUR PROFILE ACCOUNT PRIVATE KEY]
 TEST_ACCOUNT_4_PRIVATE_KEY=[YOUR PROFILE ACCOUNT PRIVATE KEY]
 TEST_ACCOUNT_5_PRIVATE_KEY=[YOUR PROFILE ACCOUNT PRIVATE KEY]
+
+# gho profiles private keys
+GHO_PRIVATE_KEY=[YOUR PROFILE ACCOUNT PRIVATE KEY]
+GHO_CONFIG_PRIVATE_KEY=[YOUR PROFILE ACCOUNT PRIVATE KEY]
+GHO_ACL_PRIVATE_KEY=[YOUR PROFILE ACCOUNT PRIVATE KEY]

.github/workflows/doc.yml

@@ -27,6 +27,9 @@ env:
   AAVE_DATA_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_PRIVATE_KEY }}
   AAVE_DATA_FEEDS_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_FEEDS_PRIVATE_KEY }}
   AAVE_PLATFORM_PRIVATE_KEY: ${{ secrets.GH_AAVE_PLATFORM_PRIVATE_KEY }}
+  GHO_PRIVATE_KEY: ${{ secrets.GH_GHO_PRIVATE_KEY }}
+  GHO_CONFIG_PRIVATE_KEY: ${{ secrets.GH_GHO_CONFIG_PRIVATE_KEY }}
+  GHO_ACL_PRIVATE_KEY: ${{ secrets.GH_GHO_ACL_PRIVATE_KEY }}
 
 jobs:
   build-docs:
@@ -35,6 +38,19 @@ jobs:
     timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
+
+      - uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_ACTIONS_APP_ID }}
+          private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "aptos-aave-gho"
+
+      - name: Auth for private HTTPS git deps
+        run: |
+          git config --global url."https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/".insteadOf "https://github.com/"
+
       - name: Install Aptos CLI
         uses: ./.github/actions/install-aptos-cli
         with:

.github/workflows/examples.yml

@@ -24,6 +24,18 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_ACTIONS_APP_ID }}
+          private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "aptos-aave-gho"
+
+      - name: Auth for private HTTPS git deps
+        run: |
+          git config --global url."https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/".insteadOf "https://github.com/"
+
       - name: Install Aptos CLI
         uses: ./.github/actions/install-aptos-cli
         with:

.github/workflows/move-audit.yml

@@ -26,6 +26,9 @@ env:
   AAVE_DATA_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_PRIVATE_KEY }}
   AAVE_DATA_FEEDS_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_FEEDS_PRIVATE_KEY }}
   AAVE_PLATFORM_PRIVATE_KEY: ${{ secrets.GH_AAVE_PLATFORM_PRIVATE_KEY }}
+  GHO_PRIVATE_KEY: ${{ secrets.GH_GHO_PRIVATE_KEY }}
+  GHO_CONFIG_PRIVATE_KEY: ${{ secrets.GH_GHO_CONFIG_PRIVATE_KEY }}
+  GHO_ACL_PRIVATE_KEY: ${{ secrets.GH_GHO_ACL_PRIVATE_KEY }}
 
 jobs:
   unit-tests:
@@ -36,6 +39,15 @@ jobs:
       DEFAULT_FUNDER_PRIVATE_KEY: ${{ secrets.GH_DEFAULT_FUNDER_PRIVATE_KEY }}
     steps:
       - uses: actions/checkout@v4
+
+      - uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_ACTIONS_APP_ID }}
+          private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "aptos-aave-gho"
+
       - name: Install latest Aptos CLI
         run: |
           curl -fsSL "https://aptos.dev/scripts/install_cli.py" | python3

.github/workflows/move-v2.yml

@@ -26,6 +26,9 @@ env:
   AAVE_DATA_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_PRIVATE_KEY }}
   AAVE_DATA_FEEDS_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_FEEDS_PRIVATE_KEY }}
   AAVE_PLATFORM_PRIVATE_KEY: ${{ secrets.GH_AAVE_PLATFORM_PRIVATE_KEY }}
+  GHO_PRIVATE_KEY: ${{ secrets.GH_GHO_PRIVATE_KEY }}
+  GHO_CONFIG_PRIVATE_KEY: ${{ secrets.GH_GHO_CONFIG_PRIVATE_KEY }}
+  GHO_ACL_PRIVATE_KEY: ${{ secrets.GH_GHO_ACL_PRIVATE_KEY }}
 
 jobs:
   unit-tests:
@@ -36,6 +39,15 @@ jobs:
       DEFAULT_FUNDER_PRIVATE_KEY: ${{ secrets.GH_DEFAULT_FUNDER_PRIVATE_KEY }}
     steps:
       - uses: actions/checkout@v4
+
+      - uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_ACTIONS_APP_ID }}
+          private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "aptos-aave-gho"
+
       - name: Install latest Aptos CLI
         run: |
           curl -fsSL "https://aptos.dev/scripts/install_cli.py" | python3

.github/workflows/testnet-deployment.yml

@@ -57,6 +57,18 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_ACTIONS_APP_ID }}
+          private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "aptos-aave-gho"
+
+      - name: Auth for private HTTPS git deps
+        run: |
+          git config --global url."https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/".insteadOf "https://github.com/"
+
       - uses: dtolnay/rust-toolchain@stable
 
       - name: Install dependencies

.github/workflows/typescript-integration-tests.yml

@@ -27,6 +27,9 @@ env:
   AAVE_DATA_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_PRIVATE_KEY }}
   AAVE_DATA_FEEDS_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_FEEDS_PRIVATE_KEY }}
   AAVE_PLATFORM_PRIVATE_KEY: ${{ secrets.GH_AAVE_PLATFORM_PRIVATE_KEY }}
+  GHO_PRIVATE_KEY: ${{ secrets.GH_GHO_PRIVATE_KEY }}
+  GHO_CONFIG_PRIVATE_KEY: ${{ secrets.GH_GHO_CONFIG_PRIVATE_KEY }}
+  GHO_ACL_PRIVATE_KEY: ${{ secrets.GH_GHO_ACL_PRIVATE_KEY }}
 
   # test profiles
   TEST_ACCOUNT_0_PRIVATE_KEY: ${{ secrets.GH_TEST_ACCOUNT_0_PRIVATE_KEY }}
@@ -47,6 +50,18 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_ACTIONS_APP_ID }}
+          private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "aptos-aave-gho"
+
+      - name: Auth for private HTTPS git deps
+        run: |
+          git config --global url."https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/".insteadOf "https://github.com/"
+
       - name: Install dependencies
         run: |
           sudo apt-get update -y

.github/workflows/unit_tests.yml

@@ -27,6 +27,9 @@ env:
   AAVE_DATA_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_PRIVATE_KEY }}
   AAVE_DATA_FEEDS_PRIVATE_KEY: ${{ secrets.GH_AAVE_DATA_FEEDS_PRIVATE_KEY }}
   AAVE_PLATFORM_PRIVATE_KEY: ${{ secrets.GH_AAVE_PLATFORM_PRIVATE_KEY }}
+  GHO_PRIVATE_KEY: ${{ secrets.GH_GHO_PRIVATE_KEY }}
+  GHO_CONFIG_PRIVATE_KEY: ${{ secrets.GH_GHO_CONFIG_PRIVATE_KEY }}
+  GHO_ACL_PRIVATE_KEY: ${{ secrets.GH_GHO_ACL_PRIVATE_KEY }}
 
 jobs:
   unit-tests:
@@ -38,6 +41,18 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_ACTIONS_APP_ID }}
+          private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "aptos-aave-gho"
+
+      - name: Auth for private HTTPS git deps
+        run: |
+          git config --global url."https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/".insteadOf "https://github.com/"
+
       - name: Install Aptos CLI
         uses: ./.github/actions/install-aptos-cli
         with:

.pre-commit-config.yaml

@@ -53,6 +53,9 @@ repos:
         args:
           - --baseline
           - .secrets.baseline
+          - --exclude-lines
+          - '\bgho_[a-z_]+\b'
+          - 'get_e[a-z_]+\b'
         exclude: |
           (?x)^(
             \.secrets\.baseline|
@@ -73,7 +76,10 @@ repos:
             \.git/.*|
             coverage/.*|
             build/.*|
-            dist/.*
+            dist/.*|
+            .*\.move$|
+            docker-compose.*\.yml$|
+            docker-compose.*\.yaml$
           )$
 
   # Note: TruffleHog runs in CI/CD pipeline via GitHub Actions

.secrets.baseline

@@ -124,6 +124,12 @@
     },
     {
       "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_line",
+      "pattern": [
+        "\\bgho_[a-z_]+\\b"
+      ]
     }
   ],
   "results": {
@@ -133,7 +139,7 @@
         "filename": "aave-core/aave-config/sources/error_config.move",
         "hashed_secret": "ba29d6bfac4cd7b866a3d05103c38031a921ba88",
         "is_verified": false,
-        "line_number": 1160
+        "line_number": 1176
       }
     ],
     "aave-core/aave-config/tests/error_tests.move": [
@@ -145,22 +151,6 @@
         "line_number": 112
       }
     ],
-    "aave-core/chainlink-data-feeds/Move.toml": [
-      {
-        "type": "Hex High Entropy String",
-        "filename": "aave-core/chainlink-data-feeds/Move.toml",
-        "hashed_secret": "624a21385c45fc68021078b856bdb7ef77f792e7",
-        "is_verified": false,
-        "line_number": 7
-      },
-      {
-        "type": "Hex High Entropy String",
-        "filename": "aave-core/chainlink-data-feeds/Move.toml",
-        "hashed_secret": "5836c8421a57080f8fed06b76343a66ba79eb007",
-        "is_verified": false,
-        "line_number": 9
-      }
-    ],
     "aave-core/chainlink-platform/Move.toml": [
       {
         "type": "Hex High Entropy String",
@@ -11151,5 +11141,5 @@
       }
     ]
   },
-  "generated_at": "2025-08-22T08:39:13Z"
+  "generated_at": "2025-09-04T14:21:40Z"
 }

Makefile

@@ -13,7 +13,10 @@ AAVE_BASE_PROFILES_KEY_MAP = aave_acl=$(AAVE_ACL_PRIVATE_KEY) \
                  aave_pool=$(AAVE_POOL_PRIVATE_KEY) \
                  aave_large_packages=$(AAVE_LARGE_PACKAGES_PRIVATE_KEY) \
 				 aave_mock_underlyings=$(AAVE_MOCK_UNDERLYING_TOKENS_PRIVATE_KEY) \
-                 aave_data=$(AAVE_DATA_PRIVATE_KEY)
+                 aave_data=$(AAVE_DATA_PRIVATE_KEY) \
+				 gho=$(GHO_PRIVATE_KEY) \
+				 gho_config=$(GHO_CONFIG_PRIVATE_KEY) \
+				 gho_acl=$(GHO_ACL_PRIVATE_KEY)
 
 ifeq ($(APTOS_NETWORK), local)
   AAVE_PROFILES_KEY_MAP = $(AAVE_BASE_PROFILES_KEY_MAP) data_feeds=$(AAVE_DATA_FEEDS_PRIVATE_KEY) platform=$(AAVE_PLATFORM_PRIVATE_KEY)
@@ -694,7 +697,6 @@ compile-pool:
 	cd aave-core && aptos move compile \
 	--included-artifacts $(ARTIFACTS_LEVEL) \
 	--save-metadata \
-	--skip-fetch-latest-git-deps \
 	--language-version "$(MOVE_VERSION)" \
 	--compiler-version "$(COMPILER_VERSION)" \
 	--named-addresses "${AAVE_NAMED_ADDRESSES}"

aave-core/Move.toml

@@ -6,6 +6,9 @@ authors = []
 
 [addresses]
 aave_pool = '_'
+gho = "_"
+gho_config = "_"
+gho_acl = "_"
 
 [dev-addresses]
 
@@ -15,6 +18,7 @@ AaveAcl = { local = "./aave-acl" }
 AaveConfig = { local = "./aave-config" }
 AaveMath = { local = "./aave-math" }
 AaveOracle = { local = "./aave-oracle" }
+Gho_Token = { git = "https://github.com/aave/aptos-aave-gho", subdir = "Gho", rev = "main" }
 
 [dev-dependencies]
 AaveMockUnderlyings = { local = "./aave-mock-underlyings" }

aave-core/aave-acl/sources/acl_manage.move

@@ -53,6 +53,7 @@ module aave_acl::acl_manage {
     const EMISSION_ADMIN_ROLE: vector<u8> = b"EMISSION_ADMIN";
     const ADMIN_CONTROLLED_ECOSYSTEM_RESERVE_FUNDS_ADMIN_ROLE: vector<u8> = b"ADMIN_CONTROLLED_ECOSYSTEM_RESERVE_FUNDS_ADMIN";
     const REWARDS_CONTROLLER_ADMIN_ROLE: vector<u8> = b"REWARDS_CONTROLLER_ADMIN";
+    const GHO_GUARDIAN_ROLE: vector<u8> = b"GHO_GUARDIAN";
 
     // Structs
     #[event]
@@ -217,6 +218,14 @@ module aave_acl::acl_manage {
         has_role(get_rewards_controller_admin_role(), admin)
     }
 
+    #[view]
+    /// @notice Checks if the address is a GHO guardian role
+    /// @param admin Address to check
+    /// @return Boolean indicating if the address is a GHO guardina role
+    public fun is_gho_guardian(admin: address): bool acquires Roles {
+        has_role(get_gho_guardian_role(), admin)
+    }
+
     #[view]
     /// @notice Returns the pool admin role string
     /// @return Pool admin role as a String
@@ -280,6 +289,13 @@ module aave_acl::acl_manage {
         string::utf8(REWARDS_CONTROLLER_ADMIN_ROLE)
     }
 
+    #[view]
+    /// @notice Returns the gho guardina role string
+    /// @return GHO guardian role as a String
+    public fun get_gho_guardian_role(): String {
+        string::utf8(GHO_GUARDIAN_ROLE)
+    }
+
     // Public entry functions
     /// @notice Sets `admin_role` as ``role``'s admin role
     /// @param admin Signer with permissions to set role admin
@@ -504,6 +520,20 @@ module aave_acl::acl_manage {
         revoke_role(admin, get_rewards_controller_admin_role(), user);
     }
 
+    /// @notice Adds a gho guardian role to the specified address
+    /// @param admin Signer with permissions to grant roles
+    /// @param user Address to grant the gho guardian role to
+    public entry fun add_gho_guardian(admin: &signer, user: address) acquires Roles {
+        grant_role(admin, get_gho_guardian_role(), user);
+    }
+
+    /// @notice Removes the gho guardina role from the specified address
+    /// @param admin Signer with permissions to revoke roles
+    /// @param user Address to revoke the gho guardina role from
+    public entry fun remove_gho_guardian(admin: &signer, user: address) acquires Roles {
+        revoke_role(admin, get_gho_guardian_role(), user);
+    }
+
     // Private/Internal functions
     /// @dev Initializes the module and grants the default admin role to the admin signer
     /// @param admin Signer that will be granted the default admin role
@@ -677,4 +707,11 @@ module aave_acl::acl_manage {
     public fun get_rewards_controller_admin_role_for_testing(): String {
         string::utf8(REWARDS_CONTROLLER_ADMIN_ROLE)
     }
+
+    #[test_only]
+    /// @dev Returns the gho guardian role string for testing
+    /// @return Gho guardian role as a String
+    public fun get_gho_guardian_role_for_testing(): String {
+        string::utf8(GHO_GUARDIAN_ROLE)
+    }
 }

aave-core/aave-acl/tests/acl_manage_tests.move

@@ -33,6 +33,8 @@ module aave_acl::acl_manage_tests {
         get_rewards_controller_admin_role_for_testing,
         get_risk_admin_role,
         get_risk_admin_role_for_testing,
+        get_gho_guardian_role,
+        get_gho_guardian_role_for_testing,
         grant_role,
         has_role,
         is_admin_controlled_ecosystem_reserve_funds_admin,
@@ -97,6 +99,14 @@ module aave_acl::acl_manage_tests {
         assert!(get_risk_admin_role() == get_risk_admin_role_for_testing(), TEST_SUCCESS);
     }
 
+    #[test]
+    fun test_get_gho_guardian_role() {
+        assert!(
+            get_gho_guardian_role() == get_gho_guardian_role_for_testing(),
+            TEST_SUCCESS
+        );
+    }
+
     #[test]
     fun test_get_emergency_admin_role() {
         assert!(