Added ATOM (Cosmos Hub) chain support for transaction broadcasting

[SergeyG-Solicy]

PR Type

Enhancement

---

Description

• Added ATOM (Cosmos Hub) chain support for transaction broadcasting

• Updated Cosmos chain RPC endpoints with production URLs

• Extended pay operation handler to support ATOM chain

• Added hex string conversion support in validation utility

---

Diagram Walkthrough

flowchart LR
  A["ATOM Chain Config"] -->|"RPC Endpoints"| B["chainProviders.ts"]
  A -->|"IBC Provider"| C["ibcProviders.ts"]
  D["Pay Operation Handler"] -->|"Route ATOM"| E["pay.ts"]
  F["Identity Manager"] -->|"Map ATOM to IBC"| G["identityManager.ts"]
  H["Hex String Support"] -->|"Convert 0x prefix"| I["validateUint8Array.ts"]

Loading

File Walkthrough

	Relevant files
Configuration changes	chainProviders.ts Add ATOM chain RPC provider configuration                                sdk/localsdk/multichain/configs/chainProviders.ts Added ATOM chain configuration with mainnet and testnet RPC endpoints Mainnet: https://cosmos-rpc.publicnode.com:443 Testnet: https://rpc.provider-sentry-01.ics-testnet.polypore.xyz +4/-0      ibcProviders.ts Update Cosmos IBC provider endpoints                                          sdk/localsdk/multichain/configs/ibcProviders.ts Updated Cosmos mainnet RPC endpoint from empty string to production URL Updated Cosmos testnet RPC endpoint to match ATOM testnet configuration Both now use consistent provider URLs across chain configs +3/-3
Enhancement	pay.ts Route ATOM transactions through IBC handler                            src/features/multichain/routines/executors/pay.ts Added ATOM case to switch statement in pay operation handler Routes ATOM transactions through generic JSON-RPC pay handler with IBC module Enables transaction broadcasting for ATOM chain +1/-0      identityManager.ts Map ATOM chain to IBC implementation                                          src/libs/blockchain/gcr/gcr_routines/identityManager.ts Mapped ATOM chain identifier to IBC chain implementation in chains registry Added ATOM to message verification condition check Enables identity and message verification for ATOM transactions +2/-0      validateUint8Array.ts Add hex string to Buffer conversion                                            src/utilities/validateUint8Array.ts Added hex string validation and conversion support Detects strings with 0x prefix and converts to Buffer using hex encoding Handles hex string inputs before object type checking +6/-0

---

Summary by CodeRabbit

• New Features

  • Added support for Atom (ATOM) blockchain with mainnet and testnet endpoints
  • Improved validation for hexadecimal string inputs in transaction handling

• Behavior Changes

  • Atom is now treated via the IBC flow for payments and identity verification (publicKey-based)

• Bug Fixes

  • Removed default Cosmos IBC provider entry (may affect default connectivity)

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[tcsenpai]

Your trial has ended! 😢

To keep getting reviews, activate your plan here.

Got questions about plans or want to see if we can extend your trial? Talk to our founders here.😎

[coderabbitai]

Walkthrough

Adds Atom (Cosmos) chain support and related routing/verification, removes a previous IBC provider export, and enhances hex-string handling in Uint8Array validation across SDK components.

Changes

Cohort / File(s)	Summary
Chain providers sdk/localsdk/multichain/configs/chainProviders.ts	Added new atom entry with mainnet and testnet RPC URLs under chainProviders.
Removed IBC provider export sdk/localsdk/multichain/configs/ibcProviders.ts	Deleted the default export object (previous IBC provider configuration removed).
Payment executor src/features/multichain/routines/executors/pay.ts	Added handling for "atom" in non-EVM switch; routes via genericJsonRpcPay(multichain.IBC, rpcUrl, operation).
Identity management src/libs/blockchain/gcr/gcr_routines/identityManager.ts	Registered "atom" mapped to IBC in supported chains; adjusted message verification to require publicKey-based verification for atom.
Validation utility src/utilities/validateUint8Array.ts	Added early branch to accept hex strings prefixed with 0x, validate them, and convert to Buffer before existing Uint8Array/object checks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Pay attention to cross-file consistency between chainProviders.ts, the removed ibcProviders.ts, and the executor's RPC lookup.
• Verify identity verification change in identityManager.ts (publicKey vs. targetAddress) matches Atom/Cosmos expectations.
• Confirm hex-string handling in validateUint8Array.ts does not alter validation for prior object/Buffer inputs.

Poem

🐰 I hopped through chains of cosmic light,
Atom joined the multichain night,
Hexes gleam and buffers mend,
Keys verify where IBCs send,
A nimble rabbit cheers the byte! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Added ATOM (Cosmos Hub) chain support for transaction broadcasting' directly summarizes the main change: adding support for the ATOM chain across multiple system components for transaction operations.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/add-atom

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Third-party RPC trust Description: The new Cosmos RPC endpoints are hardcoded to public providers, which can enable RPC endpoint hijacking or data exfiltration if the third-party is compromised; consider pinning to trusted infrastructure, validating TLS certs, and supporting override via secure configuration. ibcProviders.ts [3-4] Referred Code mainnet: "https://cosmos-rpc.publicnode.com:443", testnet: "https://rpc.provider-sentry-01.ics-testnet.polypore.xyz",
	Unvalidated hex input Description: Converting any 0x-prefixed string to a Buffer without validating hex length or characters can allow malformed input to pass through or throw runtime errors; enforce even-length and hex character checks before Buffer.from to prevent unexpected behavior in cryptographic operations. validateUint8Array.ts [8-11] Referred Code if (typeof input === "string" && input.startsWith("0x")) { const hexString = input.slice(2) // Remove "0x" prefix return Buffer.from(hexString, "hex") }
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit log: The new ATOM transaction path appears to perform a critical action (broadcast/pay) without any added audit logging of actor, timestamp, action, and outcome in the new code. Referred Code case "ibc": case "atom": result = await genericJsonRpcPay(multichain.IBC, rpcUrl, operation) break Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Hex validation gaps: Hex string handling does not validate even-length or hex charset and may throw or produce incorrect buffers without contextual error handling. Referred Code if (typeof input === "string" && input.startsWith("0x")) { const hexString = input.slice(2) // Remove "0x" prefix return Buffer.from(hexString, "hex") } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: External endpoint trust: New RPC endpoints are accepted without validation or integrity checks, potentially trusting unverified external infrastructure for critical operations. Referred Code export default { cosmos: { mainnet: "https://cosmos-rpc.publicnode.com:443", testnet: "https://rpc.provider-sentry-01.ics-testnet.polypore.xyz", }, Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Reusing IBC implementation for ATOM is risky The PR incorrectly reuses the ibc (Stargaze) implementation for ATOM. A dedicated implementation for ATOM is needed to handle chain-specific details like address prefixes, preventing likely transaction failures. Examples: src/features/multichain/routines/executors/pay.ts [72-73] case "atom": result = await genericJsonRpcPay(multichain.IBC, rpcUrl, operation) src/libs/blockchain/gcr/gcr_routines/identityManager.ts [47] atom: IBC, Solution Walkthrough: Before: // In pay.ts switch (chain) { // ... case "ibc": case "atom": // Falls through to 'ibc' result = await genericJsonRpcPay(multichain.IBC, rpcUrl, operation) break } // In identityManager.ts const chains = { // ... ibc: IBC, atom: IBC, // Reuses IBC implementation } After: // In pay.ts switch (chain) { // ... case "ibc": result = await genericJsonRpcPay(multichain.IBC, rpcUrl, operation) break case "atom": result = await genericJsonRpcPay(multichain.ATOM, rpcUrl, operation) break } // In identityManager.ts const chains = { // ... ibc: IBC, atom: ATOM, // Uses a dedicated ATOM implementation } Suggestion importance[1-10]: 9 __ Why: This suggestion highlights a critical design flaw where reusing the ibc (Stargaze) implementation for atom will likely cause transaction and signature verification failures due to chain-specific differences like address prefixes.	High
	✅ Consolidate redundant chain configuration files Suggestion Impact: The commit removed the contents of sdk/localsdk/multichain/configs/ibcProviders.ts, aligning with the suggestion to eliminate this redundant config file. code diff: # File: sdk/localsdk/multichain/configs/ibcProviders.ts @@ -1,6 +1 @@ -export default { - cosmos: { - mainnet: "https://cosmos-rpc.publicnode.com:443", - testnet: "https://rpc.provider-sentry-01.ics-testnet.polypore.xyz", - }, -} + Consolidate all RPC configurations into a single file, chainProviders.ts, to eliminate redundancy. This involves removing the ibcProviders.ts file and updating its usages. Examples: sdk/localsdk/multichain/configs/chainProviders.ts [36-39] atom: { mainnet: "https://cosmos-rpc.publicnode.com:443", testnet: "https://rpc.provider-sentry-01.ics-testnet.polypore.xyz", }, sdk/localsdk/multichain/configs/ibcProviders.ts [3-4] mainnet: "https://cosmos-rpc.publicnode.com:443", testnet: "https://rpc.provider-sentry-01.ics-testnet.polypore.xyz", Solution Walkthrough: Before: // In chainProviders.ts export const chainProviders = { // ... ibc: { mainnet: "https://stargaze-rpc.publicnode.com:443", ... }, atom: { mainnet: "https://cosmos-rpc.publicnode.com:443", ... }, } // In ibcProviders.ts export default { cosmos: { mainnet: "https://cosmos-rpc.publicnode.com:443", ... }, } After: // In chainProviders.ts export const chainProviders = { // ... stargaze: { // formerly 'ibc' mainnet: "https://stargaze-rpc.publicnode.com:443", ... }, atom: { mainnet: "https://cosmos-rpc.publicnode.com:443", ... }, } // ibcProviders.ts is removed or no longer used. // Code that used ibcProviders.ts now reads from chainProviders. Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies configuration duplication between chainProviders.ts and ibcProviders.ts, which harms maintainability and could lead to future inconsistencies.	Medium
Possible issue	✅ Validate hex strings before conversion Suggestion Impact: The commit added validation for hex strings (even length and hex character check) before calling Buffer.from, and returns the original input if invalid. code diff: + // Validate hex string before conversion + if (hexString.length % 2 === 0 && /^[0-9a-fA-F]*$/.test(hexString)) { + return Buffer.from(hexString, "hex") + } + + return input Add validation for hex strings in validateIfUint8Array before converting them to a Buffer. This prevents potential TypeError exceptions for invalid hex strings, such as those with an odd length or non-hex characters. src/utilities/validateUint8Array.ts [7-11] // Handle hex strings if (typeof input === "string" && input.startsWith("0x")) { const hexString = input.slice(2) // Remove "0x" prefix - return Buffer.from(hexString, "hex") + // Validate that the string is a valid hex string before conversion. + if (hexString.length % 2 === 0 && /^[0-9a-fA-F]*$/.test(hexString)) { + return Buffer.from(hexString, "hex") + } + // If not a valid hex string, return the original input. + return input } [Suggestion processed] Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that the new code for handling hex strings can throw an unhandled exception for invalid input, potentially crashing the application. The proposed validation makes the function more robust.	Medium
Update

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/utilities/validateUint8Array.ts (1)

7-11: Hex string normalization looks correct; consider minor robustness tweaks.

The early "0x" guard cleanly converts hex-encoded payloads to a Buffer, which fits the existing return contract. If you expect slightly messy inputs, you might optionally normalize by trimming whitespace and/or accepting "0X" as well, and (if desired) pre-validating the hex string before Buffer.from to fail with a clearer error.

sdk/localsdk/multichain/configs/ibcProviders.ts (1)

3-4: Cosmos IBC endpoints look consistent; watch out for duplicated URLs.

The new cosmos mainnet/testnet RPCs are aligned with the atom chain providers. Since the same URLs now live both here and in chainProviders.atom, consider centralizing them (or at least adding a small comment) so future endpoint changes don’t require touching multiple configs.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5cee5b6 and 35e2af6.

📒 Files selected for processing (5)

• sdk/localsdk/multichain/configs/chainProviders.ts (1 hunks)
• sdk/localsdk/multichain/configs/ibcProviders.ts (1 hunks)
• src/features/multichain/routines/executors/pay.ts (1 hunks)
• src/libs/blockchain/gcr/gcr_routines/identityManager.ts (2 hunks)
• src/utilities/validateUint8Array.ts (1 hunks)

🔇 Additional comments (3)

src/libs/blockchain/gcr/gcr_routines/identityManager.ts (1)

40-51: Atom → IBC mapping and public-key verification path look consistent.

Wiring atom to reuse the IBC chain in chains and adding it to the publicKey-based verification branch keeps the identity flow aligned with how other IBC-style chains are handled. Please just confirm that the demosdk IBC verifyMessage implementation for Atom indeed expects a publicKey (and not targetAddress) so this branch matches the underlying SDK semantics.

Also applies to: 207-213

src/features/multichain/routines/executors/pay.ts (1)

48-56: Routing Atom through the IBC JSON‑RPC path is coherent with the new config.

Using case "atom" to share the genericJsonRpcPay(multichain.IBC, rpcUrl, operation) path reuses existing IBC logic and the new chainProviders.atom RPCs, and pairs well with the hex‑string normalization in validateIfUint8Array. Please verify on testnet/mainnet that the demosdk IBC client handles Atom’s signed payload format identically to the existing IBC chain so broadcasts succeed end‑to‑end.

Also applies to: 71-74, 135-141

sdk/localsdk/multichain/configs/chainProviders.ts (1)

36-39: Atom chain provider config is aligned with the new pay/IBC wiring.

Defining atom with Cosmos Hub mainnet/testnet RPCs matches the new non‑EVM atom case in handlePayOperation and the cosmos IBC provider settings, so Atom transactions will resolve an RPC URL correctly.

[tcsenpai]

Your trial has ended! 😢

To keep getting reviews, activate your plan here.

Got questions about plans or want to see if we can extend your trial? Talk to our founders here.😎

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/utilities/validateUint8Array.ts (1)

7-16: Hex string handling is correct; consider a couple of edge‑case tweaks

The validation and guarded Buffer.from call look solid and match the existing “transform only when clearly recognized, otherwise passthrough” pattern. Two minor, optional refinements you may want to consider:

• Decide whether "0x" (no payload) should really produce an empty Buffer or be treated as invalid and returned unchanged.
• If inputs might come from less strict sources, you could also accept uppercase "0X" (e.g. input.toLowerCase().startsWith("0x")) and/or trim surrounding whitespace before checking the prefix.

These are non-blocking; current behavior is safe and consistent with the rest of the utility.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 35e2af6 and 2b77a90.

📒 Files selected for processing (2)

• sdk/localsdk/multichain/configs/ibcProviders.ts (0 hunks)
• src/utilities/validateUint8Array.ts (1 hunks)

💤 Files with no reviewable changes (1)

• sdk/localsdk/multichain/configs/ibcProviders.ts