Skip to content

add BLS proof of possession control #667

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

add BLS proof of possession control #667

wants to merge 13 commits into from

Conversation

chunkitmax
Copy link
Contributor

@chunkitmax chunkitmax commented Oct 1, 2025
edited by cursor bot
Loading

Note

Adds per-key BLS Proof of Possession gated by allow_proof_of_possession, enforces it in POP endpoint, updates CLI listing, tests, and documentation.

  • Core/Policy:
    • Add per-key POP control via PublicKeyPolicy.AllowProofOfPossession; enforce in ProvePossession (reject when disabled; improved errors).
    • Map new config flag only for tz4 keys; warn when set on non-BLS keys.
  • Config:
    • Extend TezosPolicy with yaml:"allow_proof_of_possession".
  • CLI:
    • Update list template to display Allow Proof of Possession.
  • Tests:
    • Add unit tests for POP allow/deny/unsupported cases.
    • Enable POP for a tz4 key in integration configs.
  • Docs:
    • Add docs/proof_of_possession.md and link from README and start.md.

Written by Cursor Bugbot for commit 51fcb2f. This will update automatically on new commits. Configure here.

@chunkitmax chunkitmax linked an issue Oct 1, 2025 that may be closed by this pull request
Feature Request: Add Configuration Control for BLS Proof of Possession #665
Open
cursor[bot]

This comment was marked as outdated.

Sign in to view

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Oct 1, 2025
edited
Loading

Deploying signatory with  Cloudflare Pages  Cloudflare Pages

Latest commit: 01c77ac
Status: ✅  Deploy successful!
Preview URL: https://30fd3c65.signatory.pages.dev
Branch Preview URL: https://665-bls-pop-control.signatory.pages.dev

View logs

@michaelkernaghan
Copy link
Contributor

michaelkernaghan commented Oct 2, 2025
edited
Loading

Proof that POP is working in the branch:

set allow POP in the yaml, the check with cli list

Public Key Hash: tz4RA7FyhGmNm5brkKoDUP76gvcbH769gRud
Reference:
Vault: File
Active: true
Allowed Requests: [attestation attestation_with_dal block generic preattestation]
Allowed Operations: [delegation reveal stake transaction update_consensus_key]
Allow Proof of Possession: true

also, if you allow POP for a non BLS key it will show false, which is correct

@michaelkernaghan michaelkernaghan requested review from michaelkernaghan and removed request for stephengaudet October 2, 2025 19:59
michaelkernaghan
michaelkernaghan reviewed Oct 2, 2025
View reviewed changes
Copy link
Contributor

@michaelkernaghan michaelkernaghan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. i check that it is working by pulling the branch and running the code.

@michaelkernaghan michaelkernaghan self-requested a review October 2, 2025 21:15
@GImbrailo GImbrailo mentioned this pull request Oct 7, 2025
Closed
cursor[bot]
cursor bot reviewed Oct 17, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

integration_test/tests/operations/tz4pop_test.go
protocol, err := integrationtest.GetCurrentProtocol()
assert.NoError(t, err)

if strings.Compare(protocol, "PtSeouL") >= 0 { // only test this for protocols >= PtSeouL
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Protocol Version Comparison Fails

The protocol version comparison using strings.Compare() is unreliable. Tezos protocol hashes are base58-encoded identifiers whose lexicographical order doesn't reflect chronological version progression. Comparing a full hash against a partial string further compounds this, potentially causing tests to run or skip on incorrect protocol versions.

Fix in Cursor Fix in Web

@chunkitmax chunkitmax requested a review from GImbrailo October 20, 2025 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@jevonearth jevonearth Awaiting requested review from jevonearth

@michaelkernaghan michaelkernaghan Awaiting requested review from michaelkernaghan

@GImbrailo GImbrailo Awaiting requested review from GImbrailo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: Add Configuration Control for BLS Proof of Possession

2 participants

@chunkitmax @michaelkernaghan