Release/v26#445
Merged
Merged
Conversation
This pull request updates dependencies in the `go.mod` file to keep the project up to date and clarify dependency usage. Dependency updates: * Upgraded `github.com/cometbft/cometbft` from version `v0.38.19` to `v0.38.21` to include the latest bug fixes and improvements. Dependency management: * Changed `github.com/gogo/protobuf v1.3.3` from an indirect to a direct dependency, ensuring it is explicitly tracked and maintained. --------- Co-authored-by: Kostas Demiris <kostasdemiris@gmail.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This release introduces two new blockchain modules (DKIM and ZK) for email authentication with zero-knowledge proofs, along with critical security fixes and testing infrastructure improvements.
Changes:
- Added DKIM module for on-chain email authentication via DomainKeys Identified Mail
- Added ZK module for zero-knowledge proof verification key management
- Fixed CosmWasm query thread safety race conditions
- Enhanced input validation and removed v25 upgrade tooling
Reviewed changes
Copilot reviewed 81 out of 176 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| x/dkim/autocli.go | CLI configuration for DKIM query and transaction commands |
| x/dkim/README.md | Documentation for DKIM module features and usage |
| wasmbindings/stargate_whitelist.go | Thread-safety fix using factory functions for proto messages |
| wasmbindings/query_plugin.go | Updated comments and removed Reset() call for thread safety |
| proto/xion/zk/v1/tx.proto | Protocol buffer definitions for ZK module transactions |
| proto/xion/zk/v1/query.proto | Protocol buffer definitions for ZK module queries |
| proto/xion/zk/v1/params.proto | ZK module parameter definitions |
| proto/xion/zk/v1/genesis.proto | ZK module genesis state definition |
| proto/xion/dkim/v1/tx.proto | Protocol buffer definitions for DKIM transactions |
| proto/xion/dkim/v1/state.proto | DKIM state and data structures |
| proto/xion/dkim/v1/query.proto | Protocol buffer definitions for DKIM queries |
| proto/xion/dkim/v1/genesis.proto | DKIM genesis state definition |
| go.mod | Updated dependencies including cometbft and added ZK libraries |
| e2e_tests/zk/zkemail_test.go | End-to-end test for ZKEmail authenticator |
| e2e_tests/zk/params_vkey_test.go | Tests for ZK module parameters and vKey uploads |
| e2e_tests/xion/minimum_fee_test.go | Moved IBC test to separate file to avoid conflicts |
| e2e_tests/testlib/utils.go | Added chain-id flag and updated upgrade test to use validators |
| e2e_tests/testlib/setup.go | Updated default docker images and added bech32 prefix initialization |
| e2e_tests/testlib/proposal_utils.go | New utilities for governance proposal management |
| e2e_tests/testlib/git_release.go | Enhanced to handle SSH URLs and provide latest release image components |
| e2e_tests/testlib/dkim_assertions.go | Reusable DKIM module test assertions |
| e2e_tests/testdata/keys/*.json | ZK proof test data for email authentication |
| e2e_tests/indexer/*.go | Updated indexer tests with enhanced feegrant coverage |
| e2e_tests/ibc/*.go | Renamed package and updated for consistency |
| e2e_tests/go.mod | Updated dependencies to match main module |
| e2e_tests/dkim/README.md | Comprehensive DKIM module test documentation |
| e2e_tests/configuredChains.yaml | Updated to latest release image versions |
| e2e_tests/app/upgrade_test.go | Enhanced upgrade tests with post-upgrade feature validation |
| e2e_tests/app/genesis_export_import_test.go | Fixed package name |
| e2e_tests/abstract-account/webauthn_test.go | Fixed package name |
| cmd/xiond/root.go | Removed v25 upgrade CLI commands |
| client/docs/static/*.json | Updated API version to v26.0.0 |
| client/docs/config.yaml | Updated API version to v26.0.0 |
| app/v25_upgrade/*.go | Removed v25 upgrade tooling and documentation |
| app/upgrades.go | Added v26 upgrade handler with DKIM and ZK module initialization |
| app/app.go | Integrated DKIM and ZK modules into application |
| api/xion/zk/v1/tx_grpc.pb.go | Generated gRPC code for ZK transactions |
| api/xion/dkim/v1/*.pb.go | Generated gRPC code for DKIM module |
| .github/workflows/*.yaml | Reorganized E2E tests and updated release workflows |
| .coveragerc | Increased coverage threshold and removed v25 upgrade exclusions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+53
to
+54
| Short: "Remove a new DKIM public key", | ||
| Long: "Remove a new DKIM public key", |
There was a problem hiding this comment.
Corrected description from "Remove a new DKIM public key" to "Remove a DKIM public key" - the word "new" is incorrect since we're removing an existing key.
Suggested change
| Short: "Remove a new DKIM public key", | |
| Long: "Remove a new DKIM public key", | |
| Short: "Remove a DKIM public key", | |
| Long: "Remove a DKIM public key", |
|
|
||
| ### 1. Dkim record generation | ||
|
|
||
| The module includes functionality to generate a dkim record for a given domain and selector.Refer to the example usage section for more details. |
There was a problem hiding this comment.
Missing space after period. Should be "selector. Refer" instead of "selector.Refer".
Suggested change
| The module includes functionality to generate a dkim record for a given domain and selector.Refer to the example usage section for more details. | |
| The module includes functionality to generate a dkim record for a given domain and selector. Refer to the example usage section for more details. |
| } | ||
|
|
||
| func RegisterMsgServer(s grpc.ServiceRegistrar, srv MsgServer) { | ||
| // If the following call pancis, it indicates UnimplementedMsgServer was |
There was a problem hiding this comment.
Corrected spelling of 'pancis' to 'panics'.
Suggested change
| // If the following call pancis, it indicates UnimplementedMsgServer was | |
| // If the following call panics, it indicates UnimplementedMsgServer was |
| } | ||
|
|
||
| func RegisterMsgServer(s grpc.ServiceRegistrar, srv MsgServer) { | ||
| // If the following call pancis, it indicates UnimplementedMsgServer was |
There was a problem hiding this comment.
Corrected spelling of 'pancis' to 'panics'.
Suggested change
| // If the following call pancis, it indicates UnimplementedMsgServer was | |
| // If the following call panics, it indicates UnimplementedMsgServer was |
| } | ||
|
|
||
| func RegisterQueryServer(s grpc.ServiceRegistrar, srv QueryServer) { | ||
| // If the following call pancis, it indicates UnimplementedQueryServer was |
There was a problem hiding this comment.
Corrected spelling of 'pancis' to 'panics'.
Suggested change
| // If the following call pancis, it indicates UnimplementedQueryServer was | |
| // If the following call panics, it indicates UnimplementedQueryServer was |
This Cosmos SDK module mimics DKIM (DomainKeys Identified Mail) functionality by securely storing information found in email headers, specifically DKIM public keys and hashes associated with specific domains. This allows verification of email authenticity on the blockchain. The module also implements a method to calculate Poseidon hashes of public keys, providing a secure and efficient way to verify the authenticity of a public key that signed an email. --------- Signed-off-by: Kehinde Faleye <Kenny.fale.kf@gmail.com> Co-authored-by: Ash <96692350+ash-burnt@users.noreply.github.com> Co-authored-by: 2xburnt <169301814+2xburnt@users.noreply.github.com> Co-authored-by: Ash <ash@burnt.com> Co-authored-by: Eduardo Diaz <eduardo.j.diaz.rodriguez@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Kushal7788 <kushshah777888@gmail.com> Co-authored-by: Kushal <41788348+Kushal7788@users.noreply.github.com> Co-authored-by: Eduardo Díaz <edjroz@users.noreply.github.com>
This PR adds in max key size config params to the dkim and zk modules to disincentivize spamming of key uploads. --------- Co-authored-by: jburnt <j@burnt.com>
This pull request refactors the end-to-end (E2E) test suite to improve test organization, coverage, and maintainability. It restructures the test matrix in the GitHub Actions workflow to simplify configuration, raises the code coverage threshold, and introduces new and updated tests for IBC functionality and DKIM key validation. Several test files have been renamed and moved to better reflect their module boundaries. **Test Suite Restructuring and Workflow Improvements** - Consolidated the E2E test matrix in `.github/workflows/e2e-tests.yaml` by grouping tests by module and type, replacing the large flat list with a more maintainable structure. This change also updates the test runner to pass both test type and directory, improving flexibility for future additions. - Updated Docker image tagging and usage in the workflow to support upgrade tests, ensuring the correct local image is used during test execution. **Coverage and Quality** - Increased the code coverage threshold from 70% to 80% in `.coveragerc` to enforce higher test coverage standards. **IBC Module Test Enhancements** - Moved XionMinFeeIBC test to `ibc_min_fee_test.go` - Improved and renamed the IBC timeout test (`ibc_timeout_test.go`), including better handling of relayer state, more robust timeout scenarios, and clearer refund logic. The test now covers both height and timestamp-based timeouts and includes detailed comments and checks for correct token refunding. [[1]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL1-L8) [[2]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL30-R29) [[3]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cR107-R117) [[4]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL136-R175) [[5]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL163-R202) **DKIM Module Test Improvements** - Refactored the DKIM test to correctly calculate the decoded size of base64 public keys for size validation, ensuring the test matches the actual parameter logic and preventing false positives/negatives. [[1]](diffhunk://#diff-075f1fabaf297ea005b8651973536c29df694ecc8d4ab4e04be8338a2baeeaffL1-R1) [[2]](diffhunk://#diff-075f1fabaf297ea005b8651973536c29df694ecc8d4ab4e04be8338a2baeeaffL87-R96) **Test File Organization** - Renamed and moved several test files to reflect their module boundaries, improving clarity and future maintainability (e.g., moving `webauthn_test.go` and `genesis_export_import_test.go` to their respective modules). [[1]](diffhunk://#diff-c4fe28d64d77cbd5078203772530d62aad17a712c73400df09382ed593d32084L1-R1) [[2]](diffhunk://#diff-c3359fe8661dbda6f8e26caa721c03b2594b4ac7121e426f186b6f9dc76442f9L1-R1) This refactor improves the reliability, maintainability, and coverage of the E2E test suite, while also making the CI workflow easier to extend and understand.
This pull request introduces several improvements and bug fixes across the codebase, focusing on input validation, test coverage, and documentation. The most significant changes enhance security by tightening input size checks, improve cryptographic test reliability, and add important boundary tests for parameter validation. **Security and Validation Improvements:** * Added a size check for the `Credential` field in `WebAuthNVerifyAuthenticate` to prevent oversized input, mirroring the existing check for the `Data` field. * Updated the RSA key generation in tests to use a 2048-bit key instead of 1024-bit, improving cryptographic strength and aligning with best practices. **Parameter Validation and Testing:** * Enhanced the `validateTimeOffset` function to reject values that would overflow an `int64`, preventing potential issues in JWT clock calculations. * Added test cases for `validateTimeOffset` to ensure correct handling of `math.MaxInt64` and values exceeding it. * Added import of the `math` package in relevant files to support new validation logic and tests. [[1]](diffhunk://#diff-817ec834e82e884bf2afcd36ca5cb67c680d8d18b6ad90a98e44efafad1d50faR4-R5) [[2]](diffhunk://#diff-cb0b809ac4d8e2ee6df82c9cd7a2159e5d173d851abccbe914e610f160261f84R4) **Test Coverage:** * Expanded the `TestWebAuthNVerifyAuthenticate_SizeLimit` test to verify that oversized credentials are correctly rejected, complementing the existing test for oversized authentication data. **Documentation and Comments:** * Added clarifying comments to the declaration of `DefaultBypassMinFeeMsgTypes` and the `Send` method in the Xion module to explain their purpose and behavior. [[1]](diffhunk://#diff-2fc9560b815750c3d4495d0dff38492d5cde04353e7aa137a0ba2f462b05ce93R29) [[2]](diffhunk://#diff-b026d8897e6cc60e07d9c7e1ca5a374301fbb719566e546a86d9917c4f84b32bR36)
This pull request refactors the stargate query whitelist and proto message handling to ensure thread-safety during concurrent queries. The main change is switching from storing proto message instances to storing factory functions that generate fresh instances for each query, preventing race conditions and potential data corruption. **Thread-safety improvements:** * The `stargateWhitelist` now stores factory functions (`ProtoMessageFactory`) that return new `proto.Message` instances, instead of storing shared proto message objects. This guarantees that each query gets its own fresh instance, avoiding concurrent access issues. (`wasmbindings/stargate_whitelist.go`, [wasmbindings/stargate_whitelist.goL32-R34](diffhunk://#diff-72b26c7ee53066b7331247fa8293ce644977926bbb10610f8cf7c40f9981792fL32-R34)) * The `setWhitelistedQuery` function is updated to accept and store factory functions rather than proto message instances. All usages in the whitelist initialization are updated accordingly. (`wasmbindings/stargate_whitelist.go`, [wasmbindings/stargate_whitelist.goL43-R115](diffhunk://#diff-72b26c7ee53066b7331247fa8293ce644977926bbb10610f8cf7c40f9981792fL43-R115)) * The `GetWhitelistedQuery` function now calls the stored factory function to obtain a new proto message instance for each query, instead of returning a potentially shared object. (`wasmbindings/stargate_whitelist.go`, [wasmbindings/stargate_whitelist.goL43-R115](diffhunk://#diff-72b26c7ee53066b7331247fa8293ce644977926bbb10610f8cf7c40f9981792fL43-R115)) **Documentation and naming updates:** * Comments and documentation are updated throughout to clarify the new thread-safe approach and the use of factory functions. (`wasmbindings/stargate_whitelist.go`, [[1]](diffhunk://#diff-72b26c7ee53066b7331247fa8293ce644977926bbb10610f8cf7c40f9981792fL32-R34) [[2]](diffhunk://#diff-72b26c7ee53066b7331247fa8293ce644977926bbb10610f8cf7c40f9981792fL43-R115) * The function `ConvertProtoToJsonMarshal` is renamed to `ConvertProtoToJSONMarshal` for consistency, and its comment now notes the requirement for fresh proto instances for thread-safety. (`wasmbindings/query_plugin.go`, [wasmbindings/query_plugin.goL51-R54](diffhunk://#diff-ba07efb699e0f6bbb4fda8768cb31cf78f2ed3bf480d9e4ab996a907877f0594L51-R54)) **Code cleanup:** * The unnecessary call to `protoResponseType.Reset()` is removed from `ConvertProtoToJSONMarshal`, since each call now receives a fresh instance that is discarded after use. (`wasmbindings/query_plugin.go`, [wasmbindings/query_plugin.goL66-R67](diffhunk://#diff-ba07efb699e0f6bbb4fda8768cb31cf78f2ed3bf480d9e4ab996a907877f0594L66-R67))
- Restricted the other two to listen only on release
- New validation logic - Validates email subjects from zk-email proofs allowing [Reply Needed] tag with only allowed prefixes (Re:, Fwd:) - Rejects email subjects containing malicious patterns (from:, to:, cc:, newlines) to prevent header injection attacks from zk-email proofs - MIME decoding support - Handles RFC 2047 encoded email subjects (utf-8/base64) - Query server update - Extracts and validates email subject from ZK proof public inputs (indices 43-51) - New error code - ErrInvalidEmailSubject (1111) - Updated test data - New ZK proofs and verification keys for updated circuit This PR replaces [this](#444) This is required because of some unsigned commits present in the previous PR blocking merge --------- Signed-off-by: Kehinde Faleye <Kenny.fale.kf@gmail.com> Co-authored-by: jburnt <j@burnt.com> Co-authored-by: Kushal7788 <kushshah777888@gmail.com> Co-authored-by: TwiceBurnt <169301814+2xburnt@users.noreply.github.com> Co-authored-by: Kostas Demiris <kostasdemiris@gmail.com>
…uts from the proof (#455) - Email Host Range: Changed from [34:42] to [34:43] — now correctly includes 9 elements instead of 8 - Email Subject Range: Changed from [43:51] to [43:52] — similarly corrected to include the full range
This PR adds in a validation check during adding a new dkim pubkeys to prevent re-adding revoked pubkeys. This is done to prevent already invalid keys to be added back into the module under a separate domain and selector. This PR replaces [this PR](#447) by signing off on all commit made by me that were not signed and blocking merge --------- Signed-off-by: Kehinde Faleye <Kenny.fale.kf@gmail.com> Co-authored-by: TwiceBurnt <169301814+2xburnt@users.noreply.github.com> Co-authored-by: Kostas Demiris <kostasdemiris@gmail.com>
This PR gates vKey deletion to the authority that uploaded it --------- Signed-off-by: Kehinde Faleye <Kenny.fale.kf@gmail.com>
# Bug This PR fixes a bug identified that allows bypassing the gate to re-add revoked keys. The bypass is possible because of the plain string comparison of revoked keys and keys to be added. Since the plain string does not specify the encoding of the keys, and the module stores the revoked keys as the string of the PKCS#1 encoding, it is possible to encode the keys in different standards that produce different strings and the comparison with all revoked keys would be false allowing re-adding that key # Fix Now, we save both the PKIX and PKCS#1 string of the revoked pubkey and compare the key to be added with both strings. Since we only allow PKIX or PKCS#1 pubic keys, this prevents re-adding similar public key with different encodings --------- Signed-off-by: Kehinde Faleye <Kenny.fale.kf@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Security fixes for the DKIM module addressing issues identified in the security review. - Fix unsafe type assertions - Prevents potential chain halt from non-RSA keys (ECDSA, etc.) in PKCS8/PKIX format. Direct type assertions now use safe ok checks and return proper errors instead of panicking. - Add pagination limit cap - Caps DkimPubKeys query to max 1000 results to prevent resource exhaustion from unbounded requests. - Remove ProofVerify endpoint - Removes deprecated stub that always returned false. Use Authenticate endpoint instead for ZK proof verification.
This pull request expands the end-to-end test coverage in the `.github/workflows/e2e-tests.yaml` workflow, particularly for the `dkim` and `xion` modules, and simplifies the test execution command. The main changes are grouped below: **Test Coverage Expansion:** * Added more granular test cases for the `dkim` module: `DKIMModule`, `DKIMGovernance`, `DKIMPubKeyMaxSize`, and `DKIMRevokedKeyCannotBeReadded` to ensure a wider range of DKIM functionality is tested. * Replaced the single `XionMinFee` test with multiple, more specific `xion` tests such as `XionMinFeeDefault`, `XionMinFeeZero`, `XionMinFeeMultiDenom`, `XionMinFeeBypass`, `XionMinFeeConcurrent`, `XionMinFeeError`, `XionMinFeeExtreme`, `XionMinFeeFeeGrant`, `XionMinFeeGasCap`, `XionMinFeeMemPool`, and `XionMinFeeMultiMessage` to cover various edge cases and scenarios for minimum fee logic. **Workflow Command Simplification:** * Simplified the test execution command by removing the unnecessary `DIRECTORY="./..."` argument from the `make test-run` step, likely improving clarity and reducing potential confusion in test runs.
This pull request updates the DKIM module's API to simplify the query interface and remove redundant proof verification methods. The main changes are the removal of the `ProofVerify` gRPC method and its associated code, as well as some additions and clarifications to the query request structures. ### API interface simplification * Removed the `ProofVerify` method from the `Query` gRPC service, including its method definition, handler, and references in both the client and server interfaces (`query_grpc.pb.go`). [[1]](diffhunk://#diff-4026f99eb9143f16316b007f8eebcfc781e2972140443f5cecbb3ddf85135868L25) [[2]](diffhunk://#diff-4026f99eb9143f16316b007f8eebcfc781e2972140443f5cecbb3ddf85135868L41-L42) [[3]](diffhunk://#diff-4026f99eb9143f16316b007f8eebcfc781e2972140443f5cecbb3ddf85135868L85-L94) [[4]](diffhunk://#diff-4026f99eb9143f16316b007f8eebcfc781e2972140443f5cecbb3ddf85135868L117-L118) [[5]](diffhunk://#diff-4026f99eb9143f16316b007f8eebcfc781e2972140443f5cecbb3ddf85135868L140-L142) [[6]](diffhunk://#diff-4026f99eb9143f16316b007f8eebcfc781e2972140443f5cecbb3ddf85135868L221-L238) [[7]](diffhunk://#diff-4026f99eb9143f16316b007f8eebcfc781e2972140443f5cecbb3ddf85135868L276-L279) ### Request structure improvements * Added detailed fields to the `QueryAuthenticateRequest` struct, including `tx_bytes`, `email_hash`, `proof`, `public_inputs`, and `allowed_email_hosts` to support more comprehensive zk proof verification requests (`query.pulsar.go`). ### Genesis state documentation * Added a comment clarifying that `dkim_pubkeys` in the `GenesisState` struct stores the list of active DKIM public keys (`genesis.pulsar.go`). ### Protobuf descriptor updates * Updated the protobuf descriptors and method indices to reflect the removal of `ProofVerify` and the changes to the available methods (`query.pulsar.go`). [[1]](diffhunk://#diff-74c26fef3b388f3f319d764cba5cd2dd34ba615cdf4d143ef0c0d8bb426cad21L4584-R4590) [[2]](diffhunk://#diff-74c26fef3b388f3f319d764cba5cd2dd34ba615cdf4d143ef0c0d8bb426cad21L4671-R4675) These changes streamline the DKIM query API, removing unnecessary duplication and making the authentication request structure more explicit and robust.
This pull request updates dependency versions in the `go.mod` file to keep the project current and clarify dependency usage. Dependency version updates: * Upgraded `github.com/cometbft/cometbft` from version `v0.38.19` to `v0.38.21`. Dependency usage clarification: * Marked `github.com/gogo/protobuf v1.3.3` as an indirect dependency to clarify its usage in the project. --------- Signed-off-by: Kehinde Faleye <Kenny.fale.kf@gmail.com> Co-authored-by: Kehinde Faleye <Kenny.fale.kf@gmail.com> Co-authored-by: Ash <96692350+ash-burnt@users.noreply.github.com> Co-authored-by: Ash <ash@burnt.com> Co-authored-by: Eduardo Diaz <eduardo.j.diaz.rodriguez@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Kushal7788 <kushshah777888@gmail.com> Co-authored-by: Kushal <41788348+Kushal7788@users.noreply.github.com> Co-authored-by: Eduardo Díaz <edjroz@users.noreply.github.com> Co-authored-by: jburnt <j@burnt.com> Co-authored-by: Kostas Demiris <kostasdemiris@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 78 out of 173 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // Constants for chain upgrade testing | ||
| const ( | ||
| HaltHeightDelta = int64(20) // will propose upgrade this many blocks in the future (must exceed voting_period of 10s) | ||
| HaltHeightDelta = int64(10) // will propose upgrade this many blocks in the future (must exceed voting_period of 10s) |
There was a problem hiding this comment.
The comment states 'must exceed voting_period of 10s' but the value is 10 blocks, not 10 seconds. The block time relationship should be clarified (e.g., '10 blocks, which exceeds the 10-second voting period at 1 block/second').
Suggested change
| HaltHeightDelta = int64(10) // will propose upgrade this many blocks in the future (must exceed voting_period of 10s) | |
| // HaltHeightDelta is the number of blocks in the future at which we propose the upgrade. | |
| // With an assumed block time of ~1s, 10 blocks will exceed a 10-second voting_period. | |
| HaltHeightDelta = int64(10) |
This Cosmos SDK module mimics DKIM (DomainKeys Identified Mail) functionality by securely storing information found in email headers, specifically DKIM public keys and hashes associated with specific domains. This allows verification of email authenticity on the blockchain. The module also implements a method to calculate Poseidon hashes of public keys, providing a secure and efficient way to verify the authenticity of a public key that signed an email. --------- Signed-off-by: Kehinde Faleye <Kenny.fale.kf@gmail.com> Co-authored-by: Ash <96692350+ash-burnt@users.noreply.github.com> Co-authored-by: 2xburnt <169301814+2xburnt@users.noreply.github.com> Co-authored-by: Ash <ash@burnt.com> Co-authored-by: Eduardo Diaz <eduardo.j.diaz.rodriguez@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Kushal7788 <kushshah777888@gmail.com> Co-authored-by: Kushal <41788348+Kushal7788@users.noreply.github.com> Co-authored-by: Eduardo Díaz <edjroz@users.noreply.github.com>
This pull request refactors the end-to-end (E2E) test suite to improve test organization, coverage, and maintainability. It restructures the test matrix in the GitHub Actions workflow to simplify configuration, raises the code coverage threshold, and introduces new and updated tests for IBC functionality and DKIM key validation. Several test files have been renamed and moved to better reflect their module boundaries. **Test Suite Restructuring and Workflow Improvements** - Consolidated the E2E test matrix in `.github/workflows/e2e-tests.yaml` by grouping tests by module and type, replacing the large flat list with a more maintainable structure. This change also updates the test runner to pass both test type and directory, improving flexibility for future additions. - Updated Docker image tagging and usage in the workflow to support upgrade tests, ensuring the correct local image is used during test execution. **Coverage and Quality** - Increased the code coverage threshold from 70% to 80% in `.coveragerc` to enforce higher test coverage standards. **IBC Module Test Enhancements** - Moved XionMinFeeIBC test to `ibc_min_fee_test.go` - Improved and renamed the IBC timeout test (`ibc_timeout_test.go`), including better handling of relayer state, more robust timeout scenarios, and clearer refund logic. The test now covers both height and timestamp-based timeouts and includes detailed comments and checks for correct token refunding. [[1]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL1-L8) [[2]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL30-R29) [[3]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cR107-R117) [[4]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL136-R175) [[5]](diffhunk://#diff-becbffaf47b368ebc31b0e43a0664517a383b6b9f12ad004ae417dcf7510474cL163-R202) **DKIM Module Test Improvements** - Refactored the DKIM test to correctly calculate the decoded size of base64 public keys for size validation, ensuring the test matches the actual parameter logic and preventing false positives/negatives. [[1]](diffhunk://#diff-075f1fabaf297ea005b8651973536c29df694ecc8d4ab4e04be8338a2baeeaffL1-R1) [[2]](diffhunk://#diff-075f1fabaf297ea005b8651973536c29df694ecc8d4ab4e04be8338a2baeeaffL87-R96) **Test File Organization** - Renamed and moved several test files to reflect their module boundaries, improving clarity and future maintainability (e.g., moving `webauthn_test.go` and `genesis_export_import_test.go` to their respective modules). [[1]](diffhunk://#diff-c4fe28d64d77cbd5078203772530d62aad17a712c73400df09382ed593d32084L1-R1) [[2]](diffhunk://#diff-c3359fe8661dbda6f8e26caa721c03b2594b4ac7121e426f186b6f9dc76442f9L1-R1) This refactor improves the reliability, maintainability, and coverage of the E2E test suite, while also making the CI workflow easier to extend and understand.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 11 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect | ||
| github.com/gogo/googleapis v1.4.1 // indirect | ||
| github.com/gogo/protobuf v1.3.3 // indirect | ||
| github.com/gogo/protobuf v1.3.3 |
There was a problem hiding this comment.
The PR description states "Removed v25 upgrade tooling (app/v25_upgrade directory with CLI tools, analyzer, migrator)" but this appears to be inaccurate - the v25_upgrade directory and its contents still exist in the codebase and are not being deleted in this PR. Either the PR description is incorrect, or the intended deletion was not included in the changes.
Comment on lines
+34
to
+36
| # Convert version: strip 'v' prefix, convert '-rc' to '~rc' for deb | ||
| VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//' | sed 's/-rc/~rc/') | ||
| sudo apt install -y xiond=${VERSION} |
There was a problem hiding this comment.
The version conversion logic for RC releases now converts -rc to ~rc for Debian packages. While this follows Debian versioning conventions for pre-releases, ensure that the package repository actually uses this format. If packages are published with -rc suffix, this conversion will cause installation to fail.
Comment on lines
+66
to
+68
| # Convert version: strip 'v' prefix, convert '-rc' to '~rc', append '-1' for rpm | ||
| VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//' | sed 's/-rc/~rc/') | ||
| yum install xiond-${VERSION}-1 -y |
There was a problem hiding this comment.
The version conversion for RPM packages converts -rc to ~rc. This is inconsistent with typical RPM versioning conventions which usually use ~rc or .rc notation. Verify that the RPM repository uses this exact format, otherwise the installation will fail with package not found errors.
Comment on lines
+98
to
+100
| # Convert version: strip 'v' prefix, convert '-rc' to '_rc' for alpine | ||
| VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//' | sed 's/-rc/_rc/') | ||
| apk update && apk add xiond=${VERSION} |
There was a problem hiding this comment.
The version conversion for Alpine packages converts -rc to _rc (underscore instead of hyphen). Verify that the Alpine repository uses this exact format. Different package managers have different conventions for pre-release versions, and mismatches will cause installation failures.
This pull request introduces a new CI workflow to check protobuf file generation, enhances proto/codec registration for the DKIM module, and improves documentation and maintainability for ZK and DKIM proto files and services. The changes ensure proto files are always up to date in CI, clarify service and message documentation, and modernize codec usage. **CI/CD and Protobuf Generation Improvements:** - Added a reusable GitHub Actions workflow (`proto-check.yaml`) that verifies protobuf files are up to date by running a new `make proto-gen-ci` target, which fails if there are uncommitted changes after proto generation. This is integrated into the main build pipeline. [[1]](diffhunk://#diff-e357c34f2beb2073374eb2c6f86e6add379bc2b047544180d421cb55688035ddR1-R29) [[2]](diffhunk://#diff-bd4e577d8cce18da4cecc900fca127f9a0d57d706c9cdb3507b778c1d574a54fR21-R25) [[3]](diffhunk://#diff-6740f4415a436e0909bfa691b319552cb273adb7cb69eaf2bb24f925c2dcdd69R86-R125) [[4]](diffhunk://#diff-6740f4415a436e0909bfa691b319552cb273adb7cb69eaf2bb24f925c2dcdd69R138-R147) **DKIM Module Codec Modernization:** - Updated `x/dkim/types/codec.go` to use the modern `legacy.RegisterAminoMsg` function for registering Amino messages and ensured the crypto codec is registered, improving compatibility and maintainability. **ZK Module Protobuf and Service Enhancements:** - Added and documented the `NextVKeyID` RPC method to the ZK module's proto and gRPC service, allowing clients to query the next available verification key ID. [[1]](diffhunk://#diff-aee20cda8e7618102eaf9c08afbf2e4a6177b2b8044d037cccf6411961896ec8R36-R37) [[2]](diffhunk://#diff-ef64bf288004be5d9b24e69e35da9e62a83eae218561b73c9c10bf554b3b9cc1R47) [[3]](diffhunk://#diff-ef64bf288004be5d9b24e69e35da9e62a83eae218561b73c9c10bf554b3b9cc1R147) - Improved documentation for ZK proto messages, including `QueryVerifyRequest`, `VKey`, and related request/response types, making field purposes clearer. [[1]](diffhunk://#diff-aee20cda8e7618102eaf9c08afbf2e4a6177b2b8044d037cccf6411961896ec8R58-R66) [[2]](diffhunk://#diff-aee20cda8e7618102eaf9c08afbf2e4a6177b2b8044d037cccf6411961896ec8R75-L77) [[3]](diffhunk://#diff-aee20cda8e7618102eaf9c08afbf2e4a6177b2b8044d037cccf6411961896ec8L90-R109) [[4]](diffhunk://#diff-aee20cda8e7618102eaf9c08afbf2e4a6177b2b8044d037cccf6411961896ec8L144-R164) [[5]](diffhunk://#diff-d31177be936170b70610b30de78d85a3645feb901ffeefe6df50a1279f08c423R8222-R8234) [[6]](diffhunk://#diff-d31177be936170b70610b30de78d85a3645feb901ffeefe6df50a1279f08c423R8323-R8335) [[7]](diffhunk://#diff-d31177be936170b70610b30de78d85a3645feb901ffeefe6df50a1279f08c423L8460-R8471) [[8]](diffhunk://#diff-d31177be936170b70610b30de78d85a3645feb901ffeefe6df50a1279f08c423L8497-R8509) [[9]](diffhunk://#diff-d31177be936170b70610b30de78d85a3645feb901ffeefe6df50a1279f08c423L8755-R8768) [[10]](diffhunk://#diff-d31177be936170b70610b30de78d85a3645feb901ffeefe6df50a1279f08c423L8782-R8802) **DKIM Module Protobuf Documentation:** - Improved line wrapping and documentation for DKIM proto messages to enhance readability and maintain consistency. [[1]](diffhunk://#diff-0f3410f2439a931fde0601d8ce50a82acdd618789dae712ae72df3f12feaccddL30-R31) [[2]](diffhunk://#diff-709c7524e74dd3abb5e27120acd265b953104abca8d707aeb435def3b921706aL1242-R1243) [[3]](diffhunk://#diff-60d02454e7b2842c93b0c7bcf00288dbd995fc37e10189d06bacc6c35ba7e462L72-R73) [[4]](diffhunk://#diff-74c26fef3b388f3f319d764cba5cd2dd34ba615cdf4d143ef0c0d8bb426cad21L4349-R4350) **Other Maintenance:** - Minor go.mod clean-up for dependency specification. - Removed unused test make target for clarity. - Minor whitespace and formatting fixes in proto files. These changes improve the reliability of protobuf generation in CI, clarify proto service contracts, and modernize the DKIM module's codec handling.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 78 out of 173 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DKIM && ZK Module & Security Enhancements
This release introduces two new modules (DKIM and ZK) for blockchain-based email authentication with zero-knowledge proofs, along with critical security fixes to existing modules.
🆕 New Modules & Features
DKIM Module (DomainKeys Identified Mail)
A complete Cosmos SDK module enabling on-chain verification of email authenticity through DKIM public key storage and cryptographic validation (#257).
Core Capabilities:
Public Key Management: Store and query DKIM public keys associated with domains and selectors
Poseidon Hashing: Compute cryptographic hashes of public keys for efficient ZK proof verification
Email Subject Validation (#453): Validates email subjects from ZK-email proofs
Extracts subjects from proof public inputs (indices 43-52)
Blocks header injection attacks (rejects from:, to:, cc:, newlines in subjects)
Supports legitimate email prefixes (Re:, Fwd:) and [Reply Needed] tags
MIME/RFC 2047 decoding (UTF-8/base64) for international characters
Key Revocation System: Revoke compromised keys with encoding-aware duplicate prevention (#454, #457)
Stores both PKCS#1 and PKIX encodings to prevent re-adding revoked keys
Blocks re-registration under different domains/selectors
Governance Controls: All key management operations secured through governance
Query Protection (#458): Pagination with max 1000 results per query to prevent resource exhaustion
Correct Field Extraction (#455): Properly extracts email host [34:43] and subject [43:52] ranges from ZK proof public inputs
CLI Tools:
Generate DKIM records from DNS lookups
Query keys by domain/selector or Poseidon hash
Add, remove, and revoke DKIM public keys
Module parameter inspection
gRPC/REST Endpoints:
Params: Query module parameters
DkimPubKey: Retrieve specific key by domain and selector
DkimPubKeys: Filtered query with pagination support
UpdateParams, AddDkimPubKey, RemoveDkimPubKey, RevokeDkimPubKey: Governance transactions
ZK Module (Zero-Knowledge Proofs)
New module for managing zero-knowledge verification keys and proof validation (#257, #442).
Features:
Verification Key Storage: Store and manage ZK circuit verification keys
Parameter System (#442): Configurable limits for verification key sizes
Prevents spam through max key size enforcement
Gas metering for vKey operations
Authority-Gated Operations (#452): Verification key lifecycle management
Creators can upload vKeys
Only the original uploader can delete their vKeys
Tracks creator metadata for access control
Query Endpoints: Retrieve parameters and verification keys
gRPC/REST Endpoints:
Params: Query module parameters
UpdateParams: Governance-controlled parameter updates
Upload and delete verification keys (creator-gated)
🔒 Fixes (Existing Modules)
CosmWasm Query Thread Safety (#449)
Fixed race conditions in stargate query whitelist (addresses CosmWasm/wasmd#2051)
Replaced shared proto message instances with factory functions
Each concurrent query now receives a fresh proto instance
Prevents data corruption during simultaneous contract queries
Input Validation Hardening (#450)
WebAuthN: Added size check for Credential field matching existing Data field protection
JWT Clock Validation: Enhanced validateTimeOffset to reject int64 overflow values
Test Improvements: Upgraded RSA key generation to 2048-bit (from 1024-bit)
Code Documentation (#450)
Added clarifying comments for DefaultBypassMinFeeMsgTypes
Documented Send method behavior in Xion module
🔄 Changes & Improvements
Application Integration
Integrated DKIM and ZK modules into main application (app/app.go)
Added upgrade handler for v26 (app/upgrades.go)
Registered new stargate whitelist queries for CosmWasm access
Updated API documentation (OpenAPI/Swagger)
Cleanup
Removed v25 upgrade tooling (app/v25_upgrade directory with CLI tools, analyzer, migrator)
Updated test infrastructure and coverage configuration
📋 Module Structure
New Protobuf Definitions:
xion.dkim.v1: Complete DKIM protocol (genesis, query, tx, state messages)
xion.zk.v1: ZK verification protocol (genesis, query, tx, params messages)