github/self - self - AtHeartEngineering

github/self

Fork 0

mirror of https://github.com/selfxyz/self.git synced 2026-04-27 03:01:15 -04:00

Commit Graph

Author	SHA1	Message	Date
Nesopie	822e1eea4d	Feat/OFAC auto updater upgrades (#1855 ) * test: ofac updating tests * feat: add registry deployment info * chore: add gitignore for generated files * feat: add kyc documents to upgrade scripts * docs: update upgrade script readme for kyc * feat: IdentityRegistryKyc v1.1.0 deployed on Celo-sepolia Add TEE-attested OFAC root updates via updateOfacRootsWithProof - Implementation: 0x530eEA7E5b286108926B05510491560c4bAE018e - Adds updateOfacRootsWithProof() for ZK-verified OFAC root updates - New errors: InvalidRootsHash, InvalidRootsCount - New event: OfacRootsUpdatedWithProof * feat: add OFAC rolling root window to all 4 registries Add previousRoot storage variables to all identity registries so that checkOfacRoots accepts both the current and previous root for each OFAC tree. This prevents verification failures for users mid-proof when roots are updated on-chain between proof generation and on-chain verification. - Passport: 3 prev roots (passportNo, nameAndDob, nameAndYob) - KYC, ID Card, Aadhaar: 2 prev roots each (nameAndDob, nameAndYob) - KYC updateOfacRootsWithProof also rotates previous roots - Added getPrev* getter functions on all registries - Storage appended at end of each storage contract (UUPS-safe) - 17 new tests covering all registries (window=1 acceptance/rejection) * feat: deploy IdentityRegistryKyc v1.2.0 to Celo Sepolia Add rolling OFAC root window: store previous roots alongside current, accept either in checkOfacRoots for graceful mid-verification transitions. New impl: 0x6E2889Bc9baa6F53bDdf4843675155811F0AAAEd Proxy: 0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3 Pending Safe multisig execution for proxy upgrade. * feat: add TEE-attested OFAC root updates to Aadhaar, IdCard, and Passport registries Extend updateOfacRootsWithProof() to the remaining 3 identity registries, matching the pattern already deployed on the KYC registry (v1.1.0). - Add GCP JWT verifier, PCR0Manager, TEE address, and root CA pubkey hash storage to each registry - Add initializeOfacProof() reinitializer for upgrade path - Add onlyTEE modifier and updateOfacRootsWithProof() with Groth16 proof verification, TEE attestation validation, timestamp checks, and global roots hash commitment verification - Rolling window behavior preserved: previous roots saved before overwrite - Admin functions for updating TEE infrastructure (SECURITY_ROLE gated) - Bumps all 3 registries to v1.3.0 * refactor: simplify updateOfacRootsWithProof to use per-registry roots hash as nonce * fix: address CodeRabbit review comments on OFAC proof upgrade - Add onlyProxy + onlyRole(DEFAULT_ADMIN_ROLE) guard to initializeOfacProof() on Passport, Aadhaar, and IdCard registries to prevent front-running during the window between upgradeToAndCall and the separate initializer call - Fix checkOfacRoots() across all 4 registries to use atomic snapshot comparison instead of per-root matching — prevents accepting Frankenstein pairs like (new DOB root, old YOB root) that were never attested together - Add IdentityRegistryKycImplV1 to PoseidonT3 linking branch in prepare.ts so upgrade:prepare works correctly for KYC - Add prev* slot assertions and mixed-pair rejection test to ofacUpgradePath.test.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add view getters, fix initializeOfacProof guard, add upgrade scripts - Add getGcpJwtVerifier() and getPcr0Manager() getters to KYC and Aadhaar - Fix initializeOfacProof guard: SECURITY_ROLE instead of DEFAULT_ADMIN_ROLE (DEFAULT_ADMIN_ROLE is never granted in governance setup) - Add Ignition upgrade scripts for KYC and Aadhaar registries - Comment out registry deploy in deployKycRegistry (verifier-only redeploy) - Update deployed_addresses.json with sepolia upgrade artifacts - Bump KYC to v1.2.1, Aadhaar to v1.3.1 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: addresses and error selectors * style: format registry contracts and upgrade scripts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: formatting * fix: error selectors * fix: error selectors * fix: error selectors --------- Co-authored-by: Evi Nova <tranquil_flow@protonmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-06 16:50:03 +05:30
Justin Hernandez	f490533cb5	Fix gesture handler patch for v2.22.1 and add patches to e2e trigger (#1921 ) * test patch * test install failure * test * smarter fix * pr feedback; yarn format fixes * fix gaps * fix	2026-04-05 11:10:34 -07:00
Nesopie	4c8ffbd17f	Feat/kyc sdk (#1709 ) * feat: kyc sdk * lint * bump: minor sdk version	2026-02-05 18:43:55 +05:30

Author

SHA1

Message

Date

Nesopie

822e1eea4d

Feat/OFAC auto updater upgrades (#1855 )

* test: ofac updating tests

* feat: add registry deployment info

* chore: add gitignore for generated files

* feat: add kyc documents to upgrade scripts

* docs: update upgrade script readme for kyc

* feat: IdentityRegistryKyc v1.1.0 deployed on Celo-sepolia

Add TEE-attested OFAC root updates via updateOfacRootsWithProof

  - Implementation: 0x530eEA7E5b286108926B05510491560c4bAE018e
  - Adds updateOfacRootsWithProof() for ZK-verified OFAC root updates
  - New errors: InvalidRootsHash, InvalidRootsCount
  - New event: OfacRootsUpdatedWithProof

* feat: add OFAC rolling root window to all 4 registries

Add previousRoot storage variables to all identity registries so that
  checkOfacRoots accepts both the current and previous root for each OFAC tree. This prevents verification failures for users mid-proof when roots are updated on-chain between proof generation and on-chain verification.

  - Passport: 3 prev roots (passportNo, nameAndDob, nameAndYob)
  - KYC, ID Card, Aadhaar: 2 prev roots each (nameAndDob, nameAndYob)
  - KYC updateOfacRootsWithProof also rotates previous roots
  - Added getPrev* getter functions on all registries
  - Storage appended at end of each storage contract (UUPS-safe)
  - 17 new tests covering all registries (window=1 acceptance/rejection)

* feat: deploy IdentityRegistryKyc v1.2.0 to Celo Sepolia

Add rolling OFAC root window: store previous roots alongside current, accept either in checkOfacRoots for graceful mid-verification transitions.

  New impl: 0x6E2889Bc9baa6F53bDdf4843675155811F0AAAEd
  Proxy: 0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3
  Pending Safe multisig execution for proxy upgrade.

* feat: add TEE-attested OFAC root updates to Aadhaar, IdCard, and Passport registries

Extend updateOfacRootsWithProof() to the remaining 3 identity registries, matching the pattern already deployed on the KYC registry (v1.1.0).

- Add GCP JWT verifier, PCR0Manager, TEE address, and root CA pubkey hash storage to each registry
- Add initializeOfacProof() reinitializer for upgrade path
- Add onlyTEE modifier and updateOfacRootsWithProof() with Groth16 proof verification, TEE attestation validation, timestamp checks, and global roots hash commitment verification
- Rolling window behavior preserved: previous roots saved before overwrite
- Admin functions for updating TEE infrastructure (SECURITY_ROLE gated)
- Bumps all 3 registries to v1.3.0

* refactor: simplify updateOfacRootsWithProof to use per-registry roots hash as nonce

* fix: address CodeRabbit review comments on OFAC proof upgrade

- Add onlyProxy + onlyRole(DEFAULT_ADMIN_ROLE) guard to initializeOfacProof()
  on Passport, Aadhaar, and IdCard registries to prevent front-running during
  the window between upgradeToAndCall and the separate initializer call
- Fix checkOfacRoots() across all 4 registries to use atomic snapshot comparison
  instead of per-root matching — prevents accepting Frankenstein pairs like
  (new DOB root, old YOB root) that were never attested together
- Add IdentityRegistryKycImplV1 to PoseidonT3 linking branch in prepare.ts so
  upgrade:prepare works correctly for KYC
- Add prev* slot assertions and mixed-pair rejection test to ofacUpgradePath.test.ts

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat: add view getters, fix initializeOfacProof guard, add upgrade scripts

- Add getGcpJwtVerifier() and getPcr0Manager() getters to KYC and Aadhaar
- Fix initializeOfacProof guard: SECURITY_ROLE instead of DEFAULT_ADMIN_ROLE
  (DEFAULT_ADMIN_ROLE is never granted in governance setup)
- Add Ignition upgrade scripts for KYC and Aadhaar registries
- Comment out registry deploy in deployKycRegistry (verifier-only redeploy)
- Update deployed_addresses.json with sepolia upgrade artifacts
- Bump KYC to v1.2.1, Aadhaar to v1.3.1

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: addresses and error selectors

* style: format registry contracts and upgrade scripts

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: formatting

* fix: error selectors

* fix: error selectors

* fix: error selectors

---------

Co-authored-by: Evi Nova <tranquil_flow@protonmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-06 16:50:03 +05:30

Justin Hernandez

f490533cb5

Fix gesture handler patch for v2.22.1 and add patches to e2e trigger (#1921 )

* test patch

* test install failure

* test

* smarter fix

* pr feedback; yarn format fixes

* fix gaps

* fix

2026-04-05 11:10:34 -07:00

Nesopie

4c8ffbd17f

Feat/kyc sdk (#1709 )

* feat: kyc sdk

* lint

* bump: minor sdk version

2026-02-05 18:43:55 +05:30

3 Commits