Conversation
🦋 Changeset detectedLatest commit: 14cbdb1 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
WalkthroughMoves issuer private key handling to KMS-backed retrieval and lazy initialization: removes ISSUER_PRIVATE_KEY from configs, parameterizes account retrieval by key ("allower" | "issuer"), adds an issuer helper, updates signing to async use the dynamic issuer, and updates tests/mocks accordingly. Changes
Sequence Diagram(s)sequenceDiagram
participant Caller as Caller
participant Panda as server/utils/panda.ts
participant Accounts as server/utils/accounts.ts
participant KMS as GCP KMS
participant Wallet as WalletClient
Caller->>Panda: signIssuerOp({ account, amount, timestamp })
Panda->>Panda: await getIssuer()
Panda->>Accounts: getAccount("issuer")
Accounts->>KMS: withRetry -> request key material for "issuer"
KMS-->>Accounts: return key material / private key
Accounts-->>Panda: LocalAccount (cached via issuerPromise)
Panda->>Wallet: signTypedData(using issuer account)
Wallet-->>Panda: signature
Panda-->>Caller: signature
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
|
✅ All tests passed. |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the security posture of the server by transitioning the management of the issuer account's private key from direct environment variable storage to Google Cloud Key Management Service (KMS). This change eliminates the risk associated with hardcoding sensitive keys, ensuring that cryptographic operations for the issuer account are performed securely within a managed hardware security module (HSM) environment. The refactoring involved updating configuration files, test mocks, and core utility functions to seamlessly integrate with the new KMS-based key retrieval mechanism. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request successfully migrates the ISSUER_PRIVATE_KEY from direct environment variable storage to Google Cloud Key Management Service (KMS), significantly enhancing security. The changes involve updating environment configurations, modifying account retrieval logic to use KMS, and adjusting test setups accordingly. The implementation correctly handles the asynchronous nature of KMS operations and incorporates retry mechanisms for resilience. The getAccount function is now more flexible, supporting different account types, and the issuer account is lazily initialized and memoized, which is a good pattern for performance and resource management. Overall, the changes are well-executed and align with best practices for secure key management.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
server/test/mocks/accounts.ts (1)
19-24:⚠️ Potential issue | 🟠 MajorMock
getAccount()too, not justissuer().
...originalkeeps the live KMS-backedgetAccountexport around. Any test that reachesgetAccount("issuer")orgetAccount("allower")will still execute the real GCP path even thoughissuer()is stubbed here.🧪 Suggested change
vi.mock("../../utils/accounts", async (importOriginal) => { const original = await importOriginal<typeof accounts>(); + const getAccount = vi.fn((key: "allower" | "issuer") => + Promise.resolve(privateKeyToAccount(padHex(key === "issuer" ? "0x420" : "0x421"))), + ); return { ...original, + getAccount, allower: vi.fn(() => Promise.resolve({ allow: vi.fn().mockResolvedValue({}) })), - issuer: vi.fn(() => Promise.resolve(privateKeyToAccount(padHex("0x420")))), + issuer: vi.fn(() => getAccount("issuer")),server/utils/accounts.ts (1)
346-360:⚠️ Potential issue | 🟠 MajorUse separate KMS version config for
allowerandissuer.CryptoKeyVersion numbers are scoped per CryptoKey, and different CryptoKeys in the same key ring can have different primary versions. This code uses a single
GCP_KMS_KEY_VERSIONfor both keys, which only works while both keys happen to share the same version number. Use per-key version configuration or dynamically resolve the active version for each key.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 76280595-3431-4e06-98f0-da3eccac84b6
📒 Files selected for processing (7)
.changeset/tough-beans-help.md.do/app.yamlserver/script/openapi.tsserver/test/mocks/accounts.tsserver/utils/accounts.tsserver/utils/panda.tsserver/vitest.config.mts
💤 Files with no reviewable changes (3)
- server/script/openapi.ts
- server/vitest.config.mts
- .do/app.yaml
There was a problem hiding this comment.
Actionable comments posted: 1
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 3de77ce6-ef9a-4339-9b2f-4c8ae21004c4
📒 Files selected for processing (7)
.changeset/tough-beans-help.md.do/app.yamlserver/script/openapi.tsserver/test/mocks/accounts.tsserver/utils/accounts.tsserver/utils/panda.tsserver/vitest.config.mts
💤 Files with no reviewable changes (3)
- .do/app.yaml
- server/vitest.config.mts
- server/script/openapi.ts
| function getIssuer() { | ||
| issuerPromise ??= createIssuer().catch((error: unknown) => { | ||
| issuerPromise = undefined; | ||
| throw error; | ||
| }); | ||
| return issuerPromise; | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Inline single-use getIssuer logic into signIssuerOp.
getIssuer() is only used once, so keep this logic inline to match repository conventions.
♻️ Proposed refactor
let issuerPromise: ReturnType<typeof createIssuer> | undefined;
-function getIssuer() {
- issuerPromise ??= createIssuer().catch((error: unknown) => {
- issuerPromise = undefined;
- throw error;
- });
- return issuerPromise;
-}
export async function signIssuerOp({
account,
amount,
timestamp,
}: {
account: Address;
amount: bigint;
timestamp: number;
}) {
- const issuerAccount = await getIssuer();
+ const issuerAccount = await (issuerPromise ??= createIssuer().catch((error: unknown) => {
+ issuerPromise = undefined;
+ throw error;
+ }));
return issuerAccount.signTypedData({As per coding guidelines: "Do not extract a value into a variable or logic into a function unless it is used in two or more places; keep single-use values and functions inline."
There was a problem hiding this comment.
♻️ Duplicate comments (1)
server/utils/panda.ts (1)
335-342: 🧹 Nitpick | 🔵 TrivialConsider inlining the single-use
getIssuerlogic.The
getIssuer()function is only called once (at line 353). Per coding guidelines, single-use logic should be kept inline.♻️ Proposed refactor
let issuerPromise: ReturnType<typeof createIssuer> | undefined; -function getIssuer() { - issuerPromise ??= createIssuer().catch((error: unknown) => { - issuerPromise = undefined; - throw error; - }); - return issuerPromise; -} export async function signIssuerOp({ account, amount, timestamp, }: { account: Address; amount: bigint; timestamp: number; }) { - const issuerAccount = await getIssuer(); + const issuerAccount = await (issuerPromise ??= createIssuer().catch((error: unknown) => { + issuerPromise = undefined; + throw error; + })); return issuerAccount.signTypedData({As per coding guidelines: "Do not extract a value into a variable or logic into a function unless it is used in two or more places; keep single-use values and functions inline."
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: f14fb45d-e8bb-4d08-af92-ff76e0b6247e
📒 Files selected for processing (7)
.changeset/tough-beans-help.md.do/app.yamlserver/script/openapi.tsserver/test/mocks/accounts.tsserver/utils/accounts.tsserver/utils/panda.tsserver/vitest.config.mts
💤 Files with no reviewable changes (3)
- server/script/openapi.ts
- server/vitest.config.mts
- .do/app.yaml
2 participants
This is part 2 of 2 in a stack made with GitButler:
Summary by CodeRabbit
Bug Fixes
Chores
Tests
Changelog