* feat: selfrica circuit and tests
* chore: remove unused code
* feat: test for ofac,date and olderthan
* fix: public signal constant
* feat: add contract tests
* feat: helper function to gen TEE input
* feat: gen circuit inputs with signature
* feat: seralized base64
* fix: DateIsLessFullYear componenet
* feat: register circuit for selfrica
* feat: selfrica disclose circuit and test
* fix: common module error
* feat: add more test and fix constant
* fix: commitment calculation
* feat: selfrica contracts
* test: selfrica register using unified circuit
* feat: register persona and selfrica circuit
* feat: selfrica circuit and tests
* chore: remove unused code
* feat: test for ofac,date and olderthan
* fix: public signal constant
* feat: add contract tests
* feat: helper function to gen TEE input
* feat: gen circuit inputs with signature
* feat: seralized base64
* fix: DateIsLessFullYear componenet
* feat: register circuit for selfrica
* feat: selfrica disclose circuit and test
* fix: common module error
* feat: add more test and fix constant
* fix: commitment calculation
* feat: selfrica contracts
* test: selfrica register using unified circuit
* feat: register persona and selfrica circuit
* refactor: contract size reduction for IdentityVerificationHubImplV2
export function logic to external libs, reduce compiler runs to 200, update deploy scripts to link new libs
* feat: disclose circuit for persona
* feat: update persona ofac trees
* feat; register circuit for selfper
* feat: disclose test for selfper
* chore: refactor
* chore : remove unused circuits
* chore: rename selfper to kyc
* chore: update comments
* feat: constrain s to be 251 bit
* feat: add range check on majority ASCII and comments
* feat: range check on neg_r_inv
* chore: remove is pk zero constrain
* merge dev
* feat: add registerPubkey function to Selfrica with GCPJWT Verification
* test: add testing for GCPJWT verification on Selfrica
* fix: script that calls register_selfrica circuits (ptau:14 -> ptau:15)
* fix: get remaining Selfrica tests working with proper import paths
* refactor: store pubkeys as string
also add some comment code for registerPubkey function
* refactor: remove registerPubkeyCommitment function
some tests now skipped as awaiting changes to how pubkeys are stored (string instead of uint256)
* feat: use hex decoding for the pubkey commitment
* test: adjust tests for pubkey being string again
* fix: remove old references to registerPubkey
* docs: add full natspec for IdentityRegistrySelfricaImplV1
* docs: update files in rest of the repo for Selfrica attestation type
* test: fix broken tests
* fix: builds and move to kyc from selfrica
* fix: constrain r_inv, Rx, s, T
* feat: eddsa
* feat: add onlyTEE check to registerPubkeyCommitment
onlyOwner is able to change onlyTEE
* refactor: update gcpRootCAPubkeyHash to be changeable by owner
* feat: add events for update functions
* style: move functions to be near other similar functions
* fix: kyc happy flow
* fix: all contract tests passing
| fix: timestamp conversion with Date(), migrate to V2 for endToEnd test, scope formatting, fix register aadhaar issue by using block.timestamp instead of Date.now(), fix changed getter function name, enable MockGCPJWTVerifier with updated file paths, add missing LeanIMT import, fix user identifier format
* audit: bind key offset-value offset and ensure image_digest only occurs once in the payload
* fix: constrain bracket
* chore: update comment
* audit: hardcode attestation id
* audit: make sure R and pubkey are on the curve
* audit: ensure pubkey is within bounds
* fix: all contract tests passing
* feat: change max length to 99 from 74
* audit: don't check sha256 padding
* audit: check the last window as well
* audit: single occurance for eat_nonce and image_digest
* audit: check if the certs are expired
* audit: add the timestamp check to the contract
* audit: make sure the person is less than 255 years of age
* audit fixes
* chore: yarn.lock
* fix: build fixes
* fix: aadhaar timestamp
* lint
* fix: types
* format
---------
Co-authored-by: vishal <vishalkoolkarni0045@gmail.com>
Co-authored-by: Evi Nova <tranquil_flow@protonmail.com>
* refactor: switch to multitiered governance with multisigs
* feat: add scripts for assisting with upgrading contracts and
* test: add tests for governance upgrade
* chore: install Foundry with Hardhat compatability
* fix: add separate intializeGovernance function for upgrading
Uses reinitializer modifier for proper security around function call
* feat: migrate new function to AccessControl governance
* test: full end to end upgrade typescript test
* chore: add hardhat-upgrade
* chore: add foundry outputs to gitignore
* test: add Foundry upgrade script and test for deployed contracts
* refactor: update PCR0 inputs to be 32 bytes for GCP image hashes
Still pad to 48 bytes to ensure compatibility with mobile app.
* feat: add PCR0 migration script + test file
* fix: use custom natspec to prevent constructor warnings on upgrade
* test: cleanup tests and add role transfer to upgrade script
* test: add deployed libraries to foundry.toml for proper library linking
* chore: add /contracts/broadcast to gitignore for foundry deployments
* fix: set variable in initializer instead of defining in declaration
* test: improve upgrade test script to check all state variables
* docs: better explain safety behind using unsafeSkipStorageCheck
* doc: add guide for upgrading to AccessControl governance
* style: change multisig role names
CRITICAL_ROLE -> SECURITY_ROLE (3/5)
STANDARD_ROLE -> OPERATIONRS_ROLE (2/5)
* refactor: change OFAC + CSCA root update functions to 2/5 multisig
* fix: package version clashes + outdated code from old ver of packages
OpenZeppelin v5.5.0 no longer requires __UUPS_Upgradeable_Init, new OZ version requires opcodes that need cancun evmVersion, hard defining @noble/hashes led to clashes with other dependencies
* fix: fix PCR0 tests broken from change in byte size
* feat: add contract upgrade tooling with Safe multisig integration
- Add unified 'upgrade' Hardhat task with automatic safety checks
- Add deployment registry for version tracking
- Add Safe SDK integration for auto-proposing upgrades
- Update UPGRADE_GUIDE.md with new workflow documentation
- Validate version increments, reinitializer, and storage layout
* fix: revert fix on Hub V1 contract that is not supported
* style: update upgraded contracts to not use custom:version-history
* fix: V1 test requires old style as well
* fix: correct registry currentVersion to reflect actual deployed versions
On-chain verification confirmed all contracts are using OLD Ownable2StepUpgradeable:
- Hub: 2.11.0 (was incorrectly 2.12.0)
- Registry: 1.1.0 (was incorrectly 1.2.0)
- IdCard: 1.1.0 (was incorrectly 1.2.0)
- Aadhaar: 1.1.0 (was incorrectly 1.2.0)
Owner address: 0xcaee7aaf115f04d836e2d362a7c07f04db436bd0
* fix: upgrade script now correctly handles pre-defined versions in registry
When upgrading to a version that already exists in registry.json (like 2.12.0),
the script now uses that version's initializerVersion instead of incrementing
from the latest version. This fixes the reinitializer validation for the
governance upgrade.
* fix: upgrade script handles Ownable contracts and outputs transaction data
- Detect Ownable pattern before creating Safe proposals
- Output transaction data for owner direct execution in --prepare-only mode
- Use initializerFunction from registry (initializeGovernance) instead of constructing names
- Skip Safe proposal creation for initial Ownable → AccessControl upgrade
- After upgrade, owner grants SECURITY_ROLE to Safe for future upgrades
* feat: IdentityVerificationHub v2.12.0 deployed on Celo
- Implementation: 0x05FB9D7830889cc389E88198f6A224eA87F01151
- Changelog: Governance upgrade
* feat: IdentityRegistryIdCard v1.2.0 deployed on Celo
- Implementation: 0x7d5e4b7D4c3029aF134D50642674Af8F875118a4
- Changelog: Governance upgrade
* feat: IdentityRegistryAadhaar v1.2.0 deployed on Celo
- Implementation: 0xbD861A9cecf7B0A9631029d55A8CE1155e50697c
- Changelog: Governance upgrade
* feat: IdentityRegistry v1.2.0 deployed on Celo
- Implementation: 0x81E7F74560FAF7eE8DE3a36A5a68B6cbc429Cd36
- Changelog: Governance upgrade
* feat: add multisig addresses to registry
* feat: PCR0Manager v1.2.0 deployed on Celo
- Implementation: 0x9743fe2C1c3D2b068c56dE314e9B10DA9c904717
- Changelog: Governance upgrade
* refactor: cleanup old scripts
* chore: yarn prettier formatting
* refactor: use singular ETHERSCAN_API_KEY in .env
Etherscan has unified all keys of associated explorers like Celoscan into a singular key rather than different keys for different networks.
* refactor: use one .env instead of separate .env.test + .env files
* refactor: deploy contracts with runs of 1000 instead of 200
Decreases gas cost of function calls on deployed contracts
* clean: remove duplicate/redundant deploy modules + scripts
* clean: cleanup empty script file
* refactor: cleanup default network of scripts
Read network from .env instead of using defaults of alfajores (outdated) or staging
* clean: remove references to Alfajores, replace with Sepolia
* chore: add default .env variables
* chore: update build-all script to include aardhaar circuit
* chore: update broken Powers of Tau download link (use iden3)
* chore: remove duplicate script
* fix: use stable version 18 for disclose circuits
* test: update test import paths to allow for .ts version of generateProof
* test: fix broken tests
* test: uncomment critical code for registration, change error names to updated names, fix broken import paths, update disclose tests for new scope generation/handling
* fix: broken import path
* test: fix Airdrop tests to use V2 logic
* docs: update docs for necessary prerequisite programs
* chore: yarn prettier formatting
* fix: CI errors occuring when deploying contracts as can't read .env
Using a dummy key for CI builds
* chore: yarn prettier
* refactor: change runs to 100000
* refactor: generate scope for SelfVerificationRoot upon deploment
Utilise Poseidon to generate the scope for the deploying contract instead of relying on utilizing the Scope Generator tool on the frontend and calling a function that inherits the _setScope function
* style: use explicit import for PoseidonT3
* fix: link Poseidon library in TestSelfVerificationRoot deployments
* fix: Use same logic in SelfVerificationRoot as in hashEndpointWithScope
* refactor: use hardcoded PoseidonT3 addresses for Celo Mainnet + Sepolia
Also allowed functionality for testing environments which have a fresh deploy each time they are spun up, and which now utilize the testSetScope function for tests relying on TestSelfVerificationRoot
* style: change setTestScope to setGenerateScope for clarity
* refactor: Move logic out of SelfVerificationRoot into util files
* chore: update version
* fix: sepolia chain id
* fmt
---------
Co-authored-by: ayman <aymanshaik1015@gmail.com>
* implement self uups upgradeable
* small changes in identityVerificationHubImplV2
* delete aderyn.toml
* chore: add custom verifier
* chnage return output
* feat: use self structs and a Generic output struct
* feat: add userIdentifier, nullifier, forbiddencountries to returned output
* add root view functions from registry
* fix: build and compilation errors
* add userDefined data into selfVerificationRoot
* "resolve conflicts"
* fix compilation problem
* fix how to register verification config
* test: CustomVerifier
* fix verification root and hub integration
* add scope check in hub impl
* replace poseidon hash to ripemd+sha256
* add todo list
* feat: refactor and add test cases for generic formatter
* add performUserIdentifierCheck in basicVerification
* change how to handle additionalData and fix stack too deep
* start adding test codes
* fix dependency problems in monorepo
* fix: forbidden countries (#612)
LGTM!
* able to run test code
* pass happy path
* delete unused codes
* change error code name, add caller address validation and add scripts to run test and build in monorepo
* add all test cases in vcAndDisclose flow
* remove comment out
* chore: use actual user identifier outputs
* success in registration tests
* cover all cases
* pass contractVersion instead of circuitVersion
* fix disclose test
* chore: add natspecs for ImplHubV2, CustomVerifier and GenericFormatter
* change val name and remove unused lines
* add val name change
* remove userIdentifier from return data
* feat: use GenericDiscloseOutput struct in verfication hook fix test cases for user identifier
* chore: change the function order for Hub Impl V2 (#625)
* fix nat specs
* add nat spec in SelfStructs
---------
Co-authored-by: Ayman <aymanshaik1015@gmail.com>
Co-authored-by: Nesopie <87437291+Nesopie@users.noreply.github.com>
* Add Prettier configuration and ignore files for code formatting
- Created .prettierignore to exclude specific directories and files from formatting.
- Added .prettierrc.yml with custom settings for print width and trailing commas.
- Updated package.json to include Prettier and its Solidity plugin as dependencies, along with scripts for formatting and checking code.
* Run prettier formatting
