Added Human Passport identity integration#658
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds end-to-end Human Passport (stamps) support: new env vars, a HumanPassportProvider client with caching, identity types and storage, verification and RPC endpoints, GCR add/remove handlers, and point/incentive integrations across identity and GCR stacks. Changes
Sequence Diagram(s)sequenceDiagram
participant Client as Client
participant IdentityMgr as IdentityManager
participant HPProv as HumanPassportProvider
participant GCRR as GCRIdentityRoutines
participant Incentives as IncentiveManager
participant Points as PointSystem
Client->>IdentityMgr: verifyHumanPassportPayload(payload)
IdentityMgr->>HPProv: verifyAddress(address, forceRefresh?)
HPProv-->>IdentityMgr: HumanPassportVerification
IdentityMgr-->>Client: SavedHumanPassportIdentity / result
Client->>GCRR: apply("humanpassportadd", ...)
GCRR->>HPProv: verifyAddress(address, use cache)
HPProv-->>GCRR: verified data
GCRR->>GCRR: upsert identity in accountGCR.identities.humanpassport
GCRR->>Incentives: humanPassportLinked(userId, referralCode?)
Incentives->>Points: awardHumanPassportPoints(userId, referralCode?)
Points-->>Incentives: confirmation
Incentives-->>GCRR: hook complete
GCRR-->>Client: identity added & points awarded
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
PR Compliance Guide 🔍Below is a summary of compliance checks for this PR:
Compliance status legend🟢 - Fully Compliant🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label |
|||||||||||||||||||||||||
PR Code Suggestions ✨Explore these optional code suggestions:
|
|||||||||||||||||||
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 9
🤖 Fix all issues with AI agents
In @.env.example:
- Around line 13-15: The .env.example is missing the HUMAN_PASSPORT_API_URL
variable used by HumanPassportProvider; add a new line entry named
HUMAN_PASSPORT_API_URL= (with a brief comment if desired) alongside
HUMAN_PASSPORT_API_KEY and HUMAN_PASSPORT_SCORER_ID so operators can override
the provider base URL; ensure the exact env name HUMAN_PASSPORT_API_URL matches
what HumanPassportProvider reads.
In `@src/features/incentive/PointSystem.ts`:
- Around line 1582-1611: In awardHumanPassportPoints, add the same identity link
check used in awardGithubPoints/awardDiscordPoints/awardTelegramPoints before
awarding points: after fetching userPointsWithIdentities via
getUserPointsInternal, verify the Human Passport identity is present (e.g. check
userPointsWithIdentities.identities.humanPassport or the equivalent identity
field) and if missing return a no-op RPCResponse (pointsAwarded: 0, totalPoints,
and a message like "Human Passport not linked") instead of calling
addPointsToGCR; only call addPointsToGCR with pointValues.LINK_HUMAN_PASSPORT
when the identity check passes.
In `@src/libs/blockchain/gcr/gcr_routines/GCRIdentityRoutines.ts`:
- Around line 1206-1233: The applyHumanPassportIdentityRemove routine currently
creates missing accounts and returns success for no-op removals; change it to
mirror other identity removals: fetch the account with
gcrMainRepository.findOneBy({ pubkey: editOperation.account }) (do not call
ensureGCRForUser) and return { success: false, message: "Account not found" } if
missing, check accountGCR.identities.humanpassport and if absent return {
success: false, message: "Identity not found" }, verify that an entry with
address.toLowerCase() exists before filtering and only proceed to filter, save
via gcrMainRepository.save(accountGCR) and call
IncentiveManager.humanPassportUnlinked(accountGCR.pubkey) when simulate is
false; otherwise return the appropriate success/failure messages to match
xm/ud/nomis behavior.
- Around line 1177-1182: The current first-connection check in
applyHumanPassportIdentityAdd uses a local-only check (existing in
accountGCR.identities.humanpassport) which allows the same humanpassport address
to earn points across multiple accounts; to fix, add "humanpassport" to the type
union handled by isFirstConnection and implement a handler branch in
isFirstConnection that queries gcrMainRepository for any other GCR record
containing a humanpassport with the same address (case-insensitive) excluding
the current account (pubkey/currentAccount), returning true only if no such
record exists; then modify applyHumanPassportIdentityAdd (and any helper) to
call isFirstConnection with type "humanpassport" and the address instead of
using the local existing check so the uniqueness check is global across
accounts.
- Around line 1152-1154: Wrap the external call
provider.verifyAddress(normalizedAddress) (from
HumanPassportProvider.getInstance()) in a try-catch inside the
GCRIdentityRoutines flow and convert failures into a proper GCRResult instead of
letting exceptions escape; specifically catch errors thrown by verifyAddress,
inspect error type/status (e.g. 404 -> return a GCRResult indicating “no
passport” or not verified, 429 -> return a GCRResult indicating rate-limited or
transient failure), and for unexpected errors return a GCRResult representing an
internal/error state while logging the original error for diagnostics; ensure
the rest of the routine uses that GCRResult rather than assuming verification
succeeded.
In `@src/libs/identity/tools/humanpassport.ts`:
- Around line 95-136: verifyAddress currently proceeds to call the API even when
credentials are missing, causing opaque Axios errors; add an early validation
guard at the start of verifyAddress that checks the instance's API key and
scorerId (the same values the constructor pulls from HUMAN_PASSPORT_API_KEY and
HUMAN_PASSPORT_SCORER_ID) and throw a clear Error like "Human Passport API
credentials missing: set HUMAN_PASSPORT_API_KEY and HUMAN_PASSPORT_SCORER_ID" if
either is empty/undefined, before any cache lookup or http.get; reference
verifyAddress, this.scorerId, and the http/http.get usage to locate where to add
the guard.
In `@src/libs/network/manageGCRRoutines.ts`:
- Around line 150-196: The RPC named getHumanPassportScore currently assigns the
full verification object returned by
HumanPassportProvider.getInstance().verifyAddress(address, forceRefresh) into
response.response; change this to return only the numeric score (e.g., set
response.response = verification.score) and keep the existing error handling, or
alternatively rename the RPC to getHumanPassportVerification if you want to keep
returning the full object; locate getHumanPassportScore and the verifyAddress
call to implement the extraction/rename consistently across callers.
In `@src/libs/network/routines/transactions/handleIdentityRequest.ts`:
- Around line 104-114: The human passport assignment branch must validate the
transaction sender before calling the external API: in the case handling
"humanpassport_identity_assign" check that (payload.payload as
HumanPassportIdentityData).address === sender and if not, return the same
rejection/invalid response used by other identity handlers; then call
IdentityManager.verifyHumanPassportPayload with two arguments (payload.payload
as HumanPassportIdentityData, sender) so the verifier can bind the address to
the sender. Update the "humanpassport_identity_assign" branch to perform this
address-equality check and pass sender into verifyHumanPassportPayload.
In `@src/model/entities/types/IdentityTypes.ts`:
- Around line 47-73: Update the SavedHumanPassportIdentity JSDoc comments to
explicitly state the timestamp units: change the comments for verifiedAt and
expiresAt to "milliseconds since Unix epoch (number)" and clarify expiresAt may
be null when not applicable; also add a short note that identityManager.ts and
GCRIdentityRoutines.ts perform conversion from API date strings to milliseconds
so callers should expect epoch ms in these fields.
| case "humanpassport_identity_assign": | ||
| return await IdentityManager.verifyHumanPassportPayload( | ||
| payload.payload as HumanPassportIdentityData, | ||
| ) | ||
| case "xm_identity_remove": | ||
| case "pqc_identity_remove": | ||
| case "web2_identity_remove": | ||
| case "nomis_identity_remove": | ||
| case "ud_identity_remove": | ||
| case "humanpassport_identity_remove": | ||
| return { |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
rg -n "verifyHumanPassportPayload" --type ts -A 10 -B 2Repository: kynesyslabs/node
Length of output: 2700
🏁 Script executed:
rg -n "IdentityManager" --type ts src/libs/network/routines/transactions/handleIdentityRequest.ts -C 3Repository: kynesyslabs/node
Length of output: 2329
🏁 Script executed:
sed -n '383,420p' src/libs/blockchain/gcr/gcr_routines/identityManager.tsRepository: kynesyslabs/node
Length of output: 1548
🏁 Script executed:
rg -n "verifyHumanPassportPayload" -A 30 src/libs/blockchain/gcr/gcr_routines/identityManager.tsRepository: kynesyslabs/node
Length of output: 1329
🏁 Script executed:
sed -n '1,120p' src/libs/network/routines/transactions/handleIdentityRequest.tsRepository: kynesyslabs/node
Length of output: 4820
🏁 Script executed:
rg -n "export.*handleIdentityRequest|function.*handleIdentityRequest" -A 20 src/libs/network/routines/transactions/handleIdentityRequest.ts | head -50Repository: kynesyslabs/node
Length of output: 730
🏁 Script executed:
rg -n "HumanPassportIdentityData" --type ts -A 10 -B 2Repository: kynesyslabs/node
Length of output: 3073
🏁 Script executed:
rg -n "verifyNomisPayload" --type ts -A 20 src/libs/blockchain/gcr/gcr_routines/identityManager.tsRepository: kynesyslabs/node
Length of output: 821
Pass sender to verifyHumanPassportPayload and validate address binding.
The current implementation doesn't verify that payload.address matches the transaction sender, unlike other identity assignment handlers (xm, ud, pqc, web2). The external Human Passport API is called with an unverified address, allowing potential address spoofing.
Pass sender as a second parameter to verifyHumanPassportPayload and add validation that payload.address === sender before querying the API.
🤖 Prompt for AI Agents
In `@src/libs/network/routines/transactions/handleIdentityRequest.ts` around lines
104 - 114, The human passport assignment branch must validate the transaction
sender before calling the external API: in the case handling
"humanpassport_identity_assign" check that (payload.payload as
HumanPassportIdentityData).address === sender and if not, return the same
rejection/invalid response used by other identity handlers; then call
IdentityManager.verifyHumanPassportPayload with two arguments (payload.payload
as HumanPassportIdentityData, sender) so the verifier can bind the address to
the sender. Update the "humanpassport_identity_assign" branch to perform this
address-equality check and pass sender into verifyHumanPassportPayload.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@src/libs/identity/tools/humanpassport.ts`:
- Around line 124-128: Update the user-facing error message URL: in
src/libs/identity/tools/humanpassport.ts locate the throw new Error(...) that
currently points users to "passport.human.tech" and replace that URL with
"https://app.passport.xyz/"; also make the same replacement for the identical
message in src/libs/blockchain/gcr/gcr_routines/identityManager.ts so both
throw/error messages consistently direct users to the correct signup URL.
| if (error.response?.status === 404) { | ||
| throw new Error( | ||
| "User has not created a Human Passport. Direct them to passport.human.tech", | ||
| ) | ||
| } |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Gitcoin Passport Human Passport user signup URL
💡 Result:
User signup / creation happens in the Human Passport (formerly Gitcoin Passport) app:
- https://app.passport.xyz/ (connect wallet → “Sign in with Ethereum” creates your Passport if you don’t have one) [1][8]
🏁 Script executed:
# Search for API base URL references in the codebase
rg "api\.passport" --type ts --type js
# Also search for any passport.human.tech references
rg "passport\.human\.tech" --type ts --type js
# Search for any other passport URL patterns
rg "passport\.(xyz|tech)" --type ts --type js -A 2 -B 2Repository: kynesyslabs/node
Length of output: 925
Update the error message URL to the correct user-facing endpoint.
The error message directs users to passport.human.tech, but the correct URL for Human Passport signup is https://app.passport.xyz/. This same incorrect URL also appears in src/libs/blockchain/gcr/gcr_routines/identityManager.ts and should be corrected there as well.
🤖 Prompt for AI Agents
In `@src/libs/identity/tools/humanpassport.ts` around lines 124 - 128, Update the
user-facing error message URL: in src/libs/identity/tools/humanpassport.ts
locate the throw new Error(...) that currently points users to
"passport.human.tech" and replace that URL with "https://app.passport.xyz/";
also make the same replacement for the identical message in
src/libs/blockchain/gcr/gcr_routines/identityManager.ts so both throw/error
messages consistently direct users to the correct signup URL.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@src/libs/blockchain/gcr/gcr_routines/identityManager.ts`:
- Around line 384-448: The method verifyHumanPassportPayload accepts sender,
payload.signature, payload.referralCode and payload.verificationMethod but never
uses them; update the implementation to either (A) implement the missing
behaviour: validate payload.signature (e.g., verify a signature binds the
returned verification.address to sender inside verifyHumanPassportPayload), pass
verificationMethod into HumanPassportProvider.verifyAddress or branch to onchain
verification when payload.verificationMethod === "onchain", and consume
referralCode if needed (e.g., attach to savedIdentity or call referral
processing), or (B) if not implementing now, add clear TODO comments inside
verifyHumanPassportPayload referencing sender, payload.signature,
payload.referralCode and payload.verificationMethod and log a security note
about pending signature-based binding; ensure you reference the
verifyHumanPassportPayload function, HumanPassportProvider.verifyAddress call,
and the SavedHumanPassportIdentity construction so reviewers can locate where to
add the signature check, verificationMethod branching, and referral handling.
🧹 Nitpick comments (1)
src/libs/blockchain/gcr/gcr_routines/identityManager.ts (1)
478-480: Consider logging errors for observability.The empty catch block silently swallows all exceptions. While returning
nullis appropriate for the public API, logging the error would aid debugging and monitoring, consistent with the approach used inverifyHumanPassportPayload(line 442).♻️ Suggested improvement
- } catch { + } catch (error: any) { + log.warn(`[IdentityManager] Failed to fetch Human Passport score for ${address}: ${error.message}`) return null }
…ature/human-passport
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
.env.example (1)
13-15: Reorder keys to satisfydotenv-linter(UnorderedKeywarning on line 14).Alphabetically
API_KEY(K) <SCORER_ID(S) <API_URL(U):♻️ Suggested reorder
-HUMAN_PASSPORT_API_URL=https://api.passport.xyz -HUMAN_PASSPORT_API_KEY= -HUMAN_PASSPORT_SCORER_ID= +HUMAN_PASSPORT_API_KEY= +HUMAN_PASSPORT_SCORER_ID= +HUMAN_PASSPORT_API_URL=https://api.passport.xyz🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.env.example around lines 13 - 15, Reorder the HUMAN_PASSPORT_* keys in .env.example so they are alphabetically ordered to satisfy dotenv-linter: place HUMAN_PASSPORT_API_KEY, then HUMAN_PASSPORT_SCORER_ID, then HUMAN_PASSPORT_API_URL; update the three entries (HUMAN_PASSPORT_API_KEY, HUMAN_PASSPORT_SCORER_ID, HUMAN_PASSPORT_API_URL) accordingly to preserve values/empty placeholders.src/features/incentive/PointSystem.ts (1)
164-171: Eliminate redundantgetIdentitiescall — use already-fetchedidentities.humanpassport.
IdentityManager.getIdentities(userId)is already called at line 51 and returns the full identities object including thehumanpassportfield. The second call at line 164 with the"humanpassport"parameter is a redundant database roundtrip. The same pattern is already used elsewhere in the function (e.g.,identities?.nomisat line 101).Narrow the type from
any[]toSavedHumanPassportIdentity[]and access the already-fetched field:Suggested change
- const humanPassportIdentities: any[] = (await IdentityManager.getIdentities(userId, "humanpassport")) || [] + const humanPassportIdentities: SavedHumanPassportIdentity[] = (identities?.humanpassport) || []🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/features/incentive/PointSystem.ts` around lines 164 - 171, Replace the redundant call to IdentityManager.getIdentities(userId, "humanpassport") and the any[] typing by reusing the already-fetched identities object: read identities?.humanpassport as SavedHumanPassportIdentity[] (not any[]), map that array to build linkedHumanPassport (preserving fields address, score defaulting to 0, and passingScore defaulting to false), and remove the extra IdentityManager.getIdentities call; this change affects the linkedHumanPassport creation in PointSystem.ts where linkedHumanPassport is defined.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/libs/blockchain/gcr/gcr_routines/GCRIdentityRoutines.ts`:
- Around line 1488-1501: The code unconditionally persists a
SavedHumanPassportIdentity after calling provider.verifyAddress() (inside
GCRIdentityRoutines) which allows a degraded score (verification.passingScore
=== false) to be stored and then awardHumanPassportPoints to grant points;
update the logic in the routine that builds savedIdentity (and the flow that
immediately calls awardHumanPassportPoints) to require verification.passingScore
=== true before persisting the identity or counting it for points (either skip
saving entirely when passingScore is false or save but mark and then filter
hpIdentities to only include identities with passingScore === true), and ensure
awardHumanPassportPoints is invoked only when there is at least one saved
identity with passingScore true; reference provider.verifyAddress,
SavedHumanPassportIdentity, awardHumanPassportPoints, and
verifyHumanPassportPayload to locate and fix the affected code paths.
---
Duplicate comments:
In `@src/libs/blockchain/gcr/gcr_routines/GCRIdentityRoutines.ts`:
- Around line 1544-1551: The method applyHumanPassportIdentityRemove
dereferences editOperation.data.address without guarding for null/undefined
which can cause an uncaught TypeError at normalizedAddress =
data.address.toLowerCase(); add the same validation pattern used in other remove
methods: check that editOperation.data exists and that data.address is a
non-empty string (or return a proper failure GCRResult) before calling
toLowerCase(), or wrap the body in a try-catch and return a clear error
GCRResult on failure; reference the applyHumanPassportIdentityRemove function,
editOperation.data, and normalizedAddress when applying the fix.
In `@src/libs/network/routines/transactions/handleIdentityRequest.ts`:
- Around line 103-109: The code passes an ed25519 sender into
IdentityManager.verifyHumanPassportPayload but verifyHumanPassportPayload must
independently validate EVM address ownership because sender (ed25519) cannot be
directly compared to hpPayload.address (EVM); update verifyHumanPassportPayload
to recover the EVM address from the HumanPassportIdentityData.signature (verify
the signed message, e.g., eth_recover style) and ensure the recovered EVM
address equals hpPayload.address and that the signature verifies the expected
message payload; keep the current call site (handleIdentityRequest ->
verifyHumanPassportPayload) but add explicit EVM signature verification and
binding inside verifyHumanPassportPayload (function name:
verifyHumanPassportPayload, type: HumanPassportIdentityData) so the Human
Passport score cannot be abused by unrelated ed25519 senders.
---
Nitpick comments:
In @.env.example:
- Around line 13-15: Reorder the HUMAN_PASSPORT_* keys in .env.example so they
are alphabetically ordered to satisfy dotenv-linter: place
HUMAN_PASSPORT_API_KEY, then HUMAN_PASSPORT_SCORER_ID, then
HUMAN_PASSPORT_API_URL; update the three entries (HUMAN_PASSPORT_API_KEY,
HUMAN_PASSPORT_SCORER_ID, HUMAN_PASSPORT_API_URL) accordingly to preserve
values/empty placeholders.
In `@src/features/incentive/PointSystem.ts`:
- Around line 164-171: Replace the redundant call to
IdentityManager.getIdentities(userId, "humanpassport") and the any[] typing by
reusing the already-fetched identities object: read identities?.humanpassport as
SavedHumanPassportIdentity[] (not any[]), map that array to build
linkedHumanPassport (preserving fields address, score defaulting to 0, and
passingScore defaulting to false), and remove the extra
IdentityManager.getIdentities call; this change affects the linkedHumanPassport
creation in PointSystem.ts where linkedHumanPassport is defined.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@package.json`:
- Line 72: Several files (e.g., identityManager.ts, handleNativeOperations.ts,
handleNativeRequest.ts) import internal build paths from `@kynesyslabs/demosdk`
(node_modules/.../build/...) which are brittle; update those deep imports to use
the SDK's public exports (for example replace build-path imports with
`@kynesyslabs/demosdk/abstraction`, `@kynesyslabs/demosdk/types`, or
`@kynesyslabs/demosdk/xm-localsdk` as appropriate), ensuring you import the same
exported symbols (functions/classes/types) referenced in each file and remove
any build/* path segments so all references use the public API surface instead
of internal build paths.
| "@fastify/swagger": "^8.15.0", | ||
| "@fastify/swagger-ui": "^4.1.0", | ||
| "@kynesyslabs/demosdk": "^2.10.2", | ||
| "@kynesyslabs/demosdk": "^2.11.2", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Read-only verification: find demosdk deep imports and lockfile state.
echo "== Deep imports into demosdk internal build paths =="
rg -n -C2 --type=ts 'from\s+"node_modules/@kynesyslabs/demosdk/build[^"]+"' || true
echo
echo "== Public demosdk import surfaces used =="
rg -n -C2 --type=ts 'from\s+"@kynesyslabs/demosdk/(abstraction|types|encryption|xm-localsdk)[^"]*"' || true
echo
echo "== Lockfile present (resolved SDK version determinism) =="
fd '^(bun.lock|bun.lockb|yarn.lock|package-lock.json|pnpm-lock.yaml)$' .Repository: kynesyslabs/node
Length of output: 50372
🏁 Script executed:
#!/bin/bash
# Check lockfile presence and type
echo "=== Lockfile Check ==="
if fd '^(bun.lock|bun.lockb|yarn.lock|package-lock.json|pnpm-lock.yaml)$' .; then
echo "Lockfile found"
else
echo "No lockfile detected"
fiRepository: kynesyslabs/node
Length of output: 97
Migrate deep imports from internal SDK build paths to public exports.
This PR includes imports from internal demosdk build paths (e.g., src/libs/blockchain/gcr/gcr_routines/identityManager.ts:1,21 importing from node_modules/@kynesyslabs/demosdk/build/...). The codebase has a similar pattern across handleNativeOperations.ts, handleNativeRequest.ts, and other files. While this repository includes a lockfile that ensures version determinism, these imports remain brittle across SDK changes.
The team has already identified this issue—identityManager.ts includes a TODO comment to refactor these imports. Prioritize migrating these deep imports to public SDK exports like @kynesyslabs/demosdk/abstraction, @kynesyslabs/demosdk/types, and @kynesyslabs/demosdk/xm-localsdk (which are already used in other parts of the codebase). This migration is more effective than version pinning and aligns with the SDK's intended public API surface.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@package.json` at line 72, Several files (e.g., identityManager.ts,
handleNativeOperations.ts, handleNativeRequest.ts) import internal build paths
from `@kynesyslabs/demosdk` (node_modules/.../build/...) which are brittle; update
those deep imports to use the SDK's public exports (for example replace
build-path imports with `@kynesyslabs/demosdk/abstraction`,
`@kynesyslabs/demosdk/types`, or `@kynesyslabs/demosdk/xm-localsdk` as appropriate),
ensuring you import the same exported symbols (functions/classes/types)
referenced in each file and remove any build/* path segments so all references
use the public API surface instead of internal build paths.
- Add passingScore guard in applyHumanPassportIdentityAdd to prevent storing degraded scores between tx submission and block application - Add EVM address format validation in HumanPassportProvider.verifyAddress to prevent URL path injection attacks - Add TODO comments documenting unused parameters (sender, signature, verificationMethod) in verifyHumanPassportPayload for future work
|
2 participants
PR Type
Enhancement
Description
Added Human Passport identity integration for proof-of-personhood verification
Implemented point system for linking/unlinking Human Passport identities
Created HumanPassportProvider API client with caching and score verification
Extended identity management to support Human Passport identity operations
Diagram Walkthrough
File Walkthrough
9 files
Add Human Passport point tracking and award/deduct methodsImplement Human Passport identity add and remove operationsAdd Human Passport linking and unlinking incentive hooksAdd Human Passport payload verification and identity retrievalCreate Human Passport API client with caching and verificationAdd RPC endpoints for Human Passport score and identitiesAdd Human Passport identity request handling and removalAdd Human Passport point breakdown field to accountDefine SavedHumanPassportIdentity type and update StoredIdentities1 files
Add Human Passport API configuration environment variablesSummary by CodeRabbit
New Features
Documentation