Aptos integration

[SergeyG-Solicy]

PR Type

Enhancement

---

Description

• Add Aptos blockchain support to identity manager

• Import Aptos chain module from SDK

• Register Aptos in chains mapping configuration

• Add Aptos testnet validation check

• Include Aptos in message verification logic

---

Diagram Walkthrough

flowchart LR
  A["Aptos Module Import"] --> B["Chain Registration"]
  B --> C["Testnet Validation"]
  C --> D["Message Verification"]

Loading

File Walkthrough

Relevant files

Enhancement

identityManager.ts Aptos blockchain support integration                                          src/libs/blockchain/gcr/gcr_routines/identityManager.ts Added APTOS import from @kynesyslabs/demosdk/xm-localsdk Registered aptos chain in the chains mapping object Implemented Aptos-specific testnet validation to reject non-mainnet addresses Extended message verification logic to include aptos chain alongside existing chains Minor formatting adjustment to template literal indentation +16/-4

---

Summary by CodeRabbit

Release Notes

• New Features
  • Added support for the Aptos blockchain network with integrated mainnet validation and signature verification capabilities.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request adds Aptos blockchain support to the identity manager module. Changes include importing the APTOS SDK, registering Aptos in the chains configuration, implementing Aptos-specific validation logic in the connection filter, and extending the payload verification flow to handle Aptos chain identifiers.

Changes

Cohort / File(s)	Summary
Aptos Blockchain Integration src/libs/blockchain/gcr/gcr_routines/identityManager.ts	Added APTOS import from demosdk; registered aptos entry in chains mapping; introduced Aptos mainnet validation in filterConnections to reject non-mainnet subchains; extended verifyPayload to recognize "aptos" chainId; minor formatting adjustment in verifyPqcPayload return message

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Specific areas of attention:
  • Aptos-specific validation logic in filterConnections—verify correctness of mainnet/subchain distinction for Aptos
  • Chain ID string comparison in verifyPayload—ensure "aptos" chainId is handled consistently with other blockchain implementations
  • Import correctness and SDK availability—confirm APTOS export from the demosdk package

Poem

🐰 A chain called Aptos joins the fold,
With mainnet checks, a story told,
Identity flows now recognize,
This blockchain in our module's eyes! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Aptos integration' directly and clearly summarizes the main change in the changeset, which adds Aptos support to the identity manager module.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/add-aptos

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing auditing: Newly added Aptos path and signature verification outcomes are not logged, providing no audit trail for critical identity assignment checks. Referred Code // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Limited context: The Aptos testnet rejection returns a generic message without actionable context (e.g., subchain value), and added verifyMessage branches do not handle verification failures explicitly. Referred Code // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Partial validation: Aptos subchain is validated for mainnet only, but no new validation is added for Aptos address format or signature inputs beyond existing paths, which may leave edge cases unhandled. Referred Code // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Refactor to a modular, configuration-driven design Refactor the IdentityManager to avoid adding chain-specific conditional logic directly into its methods. Instead, encapsulate this logic within each chain's module or a configuration file to improve scalability. Examples: src/libs/blockchain/gcr/gcr_routines/identityManager.ts [171-176] if (chain === "aptos" && subchain !== "mainnet") { return { ...response, message: "Failed: Testnet addresses are not supported", } } src/libs/blockchain/gcr/gcr_routines/identityManager.ts [217-223] if ( chainId === "xrpl" || chainId === "ton" || chainId === "ibc" || chainId === "near" || chainId === "aptos" ) { Solution Walkthrough: Before: class IdentityManager { static async filterConnections(sender, payload) { const { chain, subchain } = ...; // ... other checks // SECTION: APTOS Checks if (chain === "aptos" && subchain !== "mainnet") { return { message: "Failed: Testnet addresses are not supported", }; } return { success: true, ... }; } static async verifyPayload(payload, sender) { // ... if (chainId === "xrpl" || chainId === "near" || chainId === "aptos") { messageVerified = await sdk.verifyMessage(...); } // ... } } After: // In each chain module (e.g., APTOS): class AptosChain extends DefaultChain { // ... static validate(params) { if (params.subchain !== "mainnet") { return { success: false, message: "Failed: Testnet addresses are not supported" }; } return { success: true }; } } // In IdentityManager: class IdentityManager { static async filterConnections(sender, payload) { const { chain, subchain } = ...; const chainModule = chains[chain]; const validationResult = chainModule.validate({ subchain }); if (!validationResult.success) { return { ...response, message: validationResult.message }; } // ... no more chain-specific if-statements } // verifyPayload can be simplified similarly } Suggestion importance[1-10]: 9 __ Why: This is an excellent architectural suggestion that correctly identifies a scalability issue in the current design, where adding a new chain requires modifying core logic, and proposes a superior, modular approach that would significantly improve long-term maintainability.	High
General	Improve error message for unsupported subchains Improve the error message for unsupported Aptos subchains to include the specific subchain name for better clarity and debugging. src/libs/blockchain/gcr/gcr_routines/identityManager.ts [169-176] // SECTION: APTOS Checks // INFO: Check if the subchain is mainnet if (chain === "aptos" && subchain !== "mainnet") { return { ...response, - message: "Failed: Testnet addresses are not supported", + message: `Failed: Aptos subchain '${subchain}' is not supported. Only 'mainnet' is allowed.`, } } [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 4 __ Why: The suggestion improves an error message to be more specific by including the name of the unsupported subchain, which enhances user feedback and aids debugging.	Low
More

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/libs/blockchain/gcr/gcr_routines/identityManager.ts (1)

293-295: Consider excluding unrelated formatting changes.

The formatting adjustment in verifyPqcPayload appears unrelated to Aptos integration. While functionally equivalent, separating cosmetic changes from feature additions keeps PRs focused and easier to review.

Consider reverting this formatting change or moving it to a separate code-style PR to maintain focus on the Aptos integration feature.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a1ef4dc and d8b3d6e.

📒 Files selected for processing (1)

• src/libs/blockchain/gcr/gcr_routines/identityManager.ts (5 hunks)

🔇 Additional comments (4)

src/libs/blockchain/gcr/gcr_routines/identityManager.ts (4)

51-51: Consistent chain mapping pattern.

The APTOS addition follows the established pattern for registering blockchain SDKs alongside other chains. Unlike BTC (which has an explicit @ts-expect-error comment due to extra fields), APTOS is added without type assertion, indicating it conforms to the DefaultChain interface.

---

169-177: LGTM! Consistent mainnet validation pattern.

The Aptos validation logic correctly mirrors the SOLANA mainnet check, ensuring only mainnet addresses are supported. Aptos, like SOLANA, only requires a mainnet verification and does not have a subchain chainId mapping in the configuration, which is the intended design for non-EVM chains in this codebase.

---

217-235: No changes needed. The code correctly groups Aptos with other chains that use publicKey-based signature verification (xrpl, ton, ibc, near). Aptos SDK's signature verification uses Ed25519PublicKey, confirming this is the appropriate parameter to pass.

---

18-18: Verify APTOS support in the SDK version specified by the project.

The APTOS class is documented in @kynesyslabs/demosdk's API reference, but the project specifies version ^2.5.6 which is not currently published on the npm registry (latest published is v2.3.x). Confirm that:

• The demosdk version resolves correctly during build/installation
• APTOS implements the required methods: create(null) and verifyMessage(signedData, signature, publicKey)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud