Aptos integration

[SergeyG-Solicy]

PR Type

Enhancement

---

Description

• Add Aptos blockchain support to identity manager

• Import Aptos chain module from SDK

• Register Aptos in chains mapping configuration

• Add Aptos testnet validation check

• Include Aptos in message verification logic

---

Diagram Walkthrough

flowchart LR
  A["Aptos Module Import"] --> B["Chain Registration"]
  B --> C["Testnet Validation"]
  C --> D["Message Verification"]

Loading

File Walkthrough

Relevant files

Enhancement

identityManager.ts Aptos blockchain support integration                                          src/libs/blockchain/gcr/gcr_routines/identityManager.ts Added APTOS import from @kynesyslabs/demosdk/xm-localsdk Registered aptos chain in the chains mapping object Implemented Aptos-specific testnet validation to reject non-mainnet addresses Extended message verification logic to include aptos chain alongside existing chains Minor formatting adjustment to template literal indentation +16/-4

---

Summary by CodeRabbit

• New Features

  • Added support for the Aptos blockchain network, including integrated signature verification and mainnet-only validation for Aptos connections.
  • Extended verification flow to include Aptos alongside existing supported chains.

• Chores

  • Minor messaging and configuration updates related to Aptos integration.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e9276613-3b32-40ef-978d-2a1f8e0478ba

📥 Commits

Reviewing files that changed from the base of the PR and between d8b3d6e and 7ddbed8.

📒 Files selected for processing (1)

• src/libs/blockchain/gcr/gcr_routines/identityManager.ts

---

Walkthrough

Adds Aptos support to the identity manager: imports APTOS, registers aptos in the chains map, enforces Aptos mainnet-only connections in filterConnections, and routes aptos through the specialized verification flow in verifyPayload.

Changes

Cohort / File(s)	Summary
Aptos Blockchain Integration src/libs/blockchain/gcr/gcr_routines/identityManager.ts	Imported APTOS from @kynesyslabs/demosdk/xm-localsdk; added aptos: APTOS to chains mapping; added mainnet-only check for aptos in filterConnections; included "aptos" in the specialized verification set in verifyPayload; minor formatting/message tweaks.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Added ATOM (Cosmos Hub) chain support for transaction broadcasting #526 — Modifies the same identityManager.ts to extend verification flows and add chain entries; closely related at the code level.

Poem

🐰 I hopped into code where chains align,
Aptos now joins our registry fine,
Mainnet checks keep subchains away,
Verification paths updated today—
A joyful thump, the logs all shine ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Aptos integration' directly aligns with the main objective of adding Aptos blockchain support to the identity manager, clearly conveying the primary change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/add-aptos

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing auditing: Newly added Aptos path and signature verification outcomes are not logged, providing no audit trail for critical identity assignment checks. Referred Code // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Limited context: The Aptos testnet rejection returns a generic message without actionable context (e.g., subchain value), and added verifyMessage branches do not handle verification failures explicitly. Referred Code // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Partial validation: Aptos subchain is validated for mainnet only, but no new validation is added for Aptos address format or signature inputs beyond existing paths, which may leave edge cases unhandled. Referred Code // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Refactor to a modular, configuration-driven design Refactor the IdentityManager to avoid adding chain-specific conditional logic directly into its methods. Instead, encapsulate this logic within each chain's module or a configuration file to improve scalability. Examples: src/libs/blockchain/gcr/gcr_routines/identityManager.ts [171-176] if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } src/libs/blockchain/gcr/gcr_routines/identityManager.ts [217-223] if ( chainId === "xrpl" || chainId === "ton" || chainId === "ibc" || chainId === "near" || chainId === "aptos" ) { Solution Walkthrough: Before: class IdentityManager { static async filterConnections(sender, payload) { const { chain, subchain } = ...; // ... other checks // SECTION: APTOS Checks if (chain === "aptos" && subchain !== "mainnet") { return { message: "Failed: Testnet addresses are not supported", }; } return { success: true, ... }; } static async verifyPayload(payload, sender) { // ... if (chainId === "xrpl" || chainId === "near" || chainId === "aptos") { messageVerified = await sdk.verifyMessage(...); } // ... } } After: // In each chain module (e.g., APTOS): class AptosChain extends DefaultChain { // ... static validate(params) { if (params.subchain !== "mainnet") { return { success: false, message: "Failed: Testnet addresses are not supported" }; } return { success: true }; } } // In IdentityManager: class IdentityManager { static async filterConnections(sender, payload) { const { chain, subchain } = ...; const chainModule = chains[chain]; const validationResult = chainModule.validate({ subchain }); if (!validationResult.success) { return { ...response, message: validationResult.message }; } // ... no more chain-specific if-statements } // verifyPayload can be simplified similarly } Suggestion importance[1-10]: 9 __ Why: This is an excellent architectural suggestion that correctly identifies a scalability issue in the current design, where adding a new chain requires modifying core logic, and proposes a superior, modular approach that would significantly improve long-term maintainability.	High
General	Improve error message for unsupported subchains Improve the error message for unsupported Aptos subchains to include the specific subchain name for better clarity and debugging. src/libs/blockchain/gcr/gcr_routines/identityManager.ts [169-176] // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, - message: "Failed: Testnet addresses are not supported", + message: `Failed: Aptos subchain '${subchain}' is not supported. Only 'mainnet' is allowed.`, } } [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 4 __ Why: The suggestion improves an error message to be more specific by including the name of the unsupported subchain, which enhances user feedback and aids debugging.	Low
Update

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/libs/blockchain/gcr/gcr_routines/identityManager.ts (1)

293-295: Consider excluding unrelated formatting changes.

The formatting adjustment in verifyPqcPayload appears unrelated to Aptos integration. While functionally equivalent, separating cosmetic changes from feature additions keeps PRs focused and easier to review.

Consider reverting this formatting change or moving it to a separate code-style PR to maintain focus on the Aptos integration feature.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a1ef4dc and d8b3d6e.

📒 Files selected for processing (1)

• src/libs/blockchain/gcr/gcr_routines/identityManager.ts (5 hunks)

🔇 Additional comments (4)

src/libs/blockchain/gcr/gcr_routines/identityManager.ts (4)

51-51: Consistent chain mapping pattern.

The APTOS addition follows the established pattern for registering blockchain SDKs alongside other chains. Unlike BTC (which has an explicit @ts-expect-error comment due to extra fields), APTOS is added without type assertion, indicating it conforms to the DefaultChain interface.

---

169-177: LGTM! Consistent mainnet validation pattern.

The Aptos validation logic correctly mirrors the SOLANA mainnet check, ensuring only mainnet addresses are supported. Aptos, like SOLANA, only requires a mainnet verification and does not have a subchain chainId mapping in the configuration, which is the intended design for non-EVM chains in this codebase.

---

217-235: No changes needed. The code correctly groups Aptos with other chains that use publicKey-based signature verification (xrpl, ton, ibc, near). Aptos SDK's signature verification uses Ed25519PublicKey, confirming this is the appropriate parameter to pass.

---

18-18: Verify APTOS support in the SDK version specified by the project.

The APTOS class is documented in @kynesyslabs/demosdk's API reference, but the project specifies version ^2.5.6 which is not currently published on the npm registry (latest published is v2.3.x). Confirm that:

• The demosdk version resolves correctly during build/installation
• APTOS implements the required methods: create(null) and verifyMessage(signedData, signature, publicKey)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud