Skip to content

mirror ccip JD key logic#1228

Merged
tt-cll merged 2 commits into
mainfrom
tt/signerFix
Jul 3, 2026
Merged

mirror ccip JD key logic#1228
tt-cll merged 2 commits into
mainfrom
tt/signerFix

Conversation

@tt-cll

@tt-cll tt-cll commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Description

Testing

Checklist

  • Breaking changes documented in changelog (see changelog directory)
  • Cross link related PRs (in this or other repositories)
  • just lint fix - no new lint errors
  • just generate - mocks and protobufs are up to date

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Code coverage report:

Package main tt/signerFix Diff
github.com/smartcontractkit/chainlink-ccv/aggregator 49.57% 49.57% +0.00%
github.com/smartcontractkit/chainlink-ccv/bootstrap 55.47% 55.47% +0.00%
github.com/smartcontractkit/chainlink-ccv/cli 65.13% 65.13% +0.00%
github.com/smartcontractkit/chainlink-ccv/cmd 13.55% 13.55% +0.00%
github.com/smartcontractkit/chainlink-ccv/common 52.79% 52.79% +0.00%
github.com/smartcontractkit/chainlink-ccv/executor 46.47% 46.47% +0.00%
github.com/smartcontractkit/chainlink-ccv/indexer 35.54% 35.54% +0.00%
github.com/smartcontractkit/chainlink-ccv/integration 46.25% 46.16% -0.09%
github.com/smartcontractkit/chainlink-ccv/pkg 100.00% 100.00% +0.00%
github.com/smartcontractkit/chainlink-ccv/pricer 0.00% 0.00% +0.00%
github.com/smartcontractkit/chainlink-ccv/protocol 63.06% 63.06% +0.00%
github.com/smartcontractkit/chainlink-ccv/verifier 35.18% 35.17% -0.01%
Total 46.80% 46.80% +0.00%

@tt-cll tt-cll marked this pull request as ready for review July 2, 2026 23:17
@tt-cll tt-cll requested a review from a team as a code owner July 2, 2026 23:17
Copilot AI review requested due to automatic review settings July 2, 2026 23:17
@tt-cll tt-cll enabled auto-merge July 2, 2026 23:19

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds cross-family signer translation to the CCV deployment changesets so that committee reconstruction can map on-chain signer addresses back to JD-known NOP aliases even when the signer is recorded in a different chain family (e.g., Canton NOP recorded as an EVM-derived address).

Changes:

  • Fetch and expose each NOP’s raw secp256k1 public key from JD alongside per-family signing addresses.
  • Introduce cross-family signer translation utilities and use them when building the inverse signer→NOP index.
  • Add tests covering Canton→EVM resolution and ensuring direct signer declarations win over derived ones.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
deployment/operations/fetch_signing_keys/fetch_signing_keys.go Extends JD fetch operation to also return a normalized raw secp256k1 public key per NOP.
deployment/go.mod Promotes go-ethereum to a direct dependency to support pubkey/address derivation.
deployment/changesets/signer_translation.go Adds translation helpers to derive signer representations across chain families (including raw-pubkey↔address cases).
deployment/changesets/nop_identities.go Enhances inverse index building to precompute cross-family signer mappings using raw pubkeys.
deployment/changesets/nop_identities_crossfamily_test.go Adds regression tests for the cross-family reconstruction path.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +119 to +125
if rawPubKey := chainConfig.Ocr2Config.OcrKeyBundle.OnchainSigningPubKey; rawPubKey != "" {
normalized := strings.ToLower(strings.TrimPrefix(rawPubKey, "0x"))
if existing, ok := output.RawPubKeyByNOP[nopAlias]; ok && existing != normalized {
return output, fmt.Errorf("NOP %q has conflicting raw public keys across chain configs: %s vs %s — a standalone node registers one key for every chain it declares", nopAlias, existing, normalized)
}
output.RawPubKeyByNOP[nopAlias] = normalized
}
Comment on lines +114 to +116
case rawPubKeyClassFamilies[sourceFamily] && rawPubKeyClassFamilies[targetFamily]:
return strings.ToLower(strings.TrimPrefix(value, "0x")), nil
case rawPubKeyClassFamilies[sourceFamily] && addressClassFamilies[targetFamily]:
Comment on lines +128 to +132
// Pass 1: addresses each NOP declares directly.
for alias, byFamily := range signingKeys {
for family, signer := range byFamily {
if signer == "" {
set(family, signer, shared.NOPAlias(alias))
}

@makramkd makramkd left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving because we know this is a temporary situation while we address CCIP-11938

@tt-cll tt-cll added this pull request to the merge queue Jul 3, 2026
Merged via the queue into main with commit 3368a3a Jul 3, 2026
37 checks passed
@tt-cll tt-cll deleted the tt/signerFix branch July 3, 2026 09:14
@makramkd makramkd restored the tt/signerFix branch July 3, 2026 09:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants