Secret 1.18

.github/workflows/ci.yaml

@@ -126,7 +126,6 @@ jobs:
           docker run -v $PWD:/opt/mount --rm --entrypoint cp ghcr.io/scrtlabs/localsecret:v0.0.0 /usr/lib/libgo_cosmwasm.so /opt/mount/libgo_cosmwasm.so
           docker run -v $PWD:/opt/mount --rm --entrypoint cp ghcr.io/scrtlabs/localsecret:v0.0.0 /usr/lib/librust_cosmwasm_enclave.signed.so /opt/mount/librust_cosmwasm_enclave.signed.so
           docker run -v $PWD:/opt/mount --rm --entrypoint cp ghcr.io/scrtlabs/localsecret:v0.0.0 /usr/lib/librandom_api.so /opt/mount/librandom_api.so
-          docker run -v $PWD:/opt/mount --rm --entrypoint cp ghcr.io/scrtlabs/localsecret:v0.0.0 /usr/lib/tendermint_enclave.signed.so /opt/mount/tendermint_enclave.signed.so
       - uses: actions/download-artifact@v4
         with:
           name: contract.wasm
@@ -196,7 +195,6 @@ jobs:
           source "$HOME/.sgxsdk/sgxsdk/environment"
           export SGX_MODE=SW
           cp librust_cosmwasm_enclave.signed.so ./x/compute/internal/keeper
-          # cp tendermint_enclave.signed.so ./x/compute/internal/keeper
           mkdir -p ias_keys/develop
           mkdir -p /opt/secret/.sgx_secrets/
           echo "not_a_key" > ias_keys/develop/spid.txt
@@ -254,27 +252,6 @@ jobs:
           SGX_MODE=SW make clippy
           SGX_MODE=HW make clippy
 
-  MacOS-ARM64-CLI:
-    runs-on: macos-12-large
-    strategy:
-      fail-fast: false
-    timeout-minutes: 90
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          name: checkout
-          submodules: recursive
-      - uses: actions/setup-go@v5
-        with:
-          name: set up go
-          go-version: 1.21 # The Go version to download (if necessary) and use.
-      - name: Build macos darwin/arm64
-        run: SGX_MODE=SW make build_cli
-      - uses: actions/upload-artifact@v4
-        with:
-          name: secretcli-macos-arm64
-          path: secretcli
-
   Build-LocalSecret:
     runs-on: ubuntu-22.04
     steps:
@@ -354,6 +331,13 @@ jobs:
         run: |
           docker load --input /tmp/localsecret.tar
           docker load --input /tmp/hermes.tar
+      - name: Run secretcli tests
+        run: |
+          docker run -v $(realpath ./integration-tests):/root/integration-tests -d --name localsecret -d ghcr.io/scrtlabs/localsecret:v0.0.0
+          sleep 10
+          docker exec localsecret bash -c 'integration-tests/basic-tests.sh secretcli ~/.secretd' || exit 1
+          docker stop localsecret 
+          docker rm localsecret
       - name: Run integration tests
         run: |
           cd integration-tests
@@ -364,7 +348,7 @@ jobs:
           make kill-localsecret # next step needs the localsecret ports
       - name: Run secret.js tests
         run: |
-          git clone --depth 1 --branch v1.15.0-beta.0 https://github.com/scrtlabs/secret.js
+          git clone --depth 1 --branch v1.18.0-beta.0 https://github.com/scrtlabs/secret.js
           cd secret.js
           # Use the docker images that we built just a few steps above
           perl -i -pe 's/localsecret:.+?"/localsecret:v0.0.0"/' ./test/docker-compose.yml

.github/workflows/go-lint.yml

@@ -16,14 +16,14 @@ jobs:
     steps:
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.21
+          go-version: 1.24
       - uses: actions/checkout@v4
       - name: make bin-data-sw
         run: |
           go install github.com/jteeuwen/go-bindata/go-bindata@latest
           make bin-data-sw
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.61
+          version: v1.64
           skip-cache: true

.github/workflows/release.yaml

@@ -467,12 +467,6 @@ jobs:
         name: Check Mitigation flags in Cosmwasm Enclave
         with:
           version: "v1.9.0"
-      - uses: ./.github/actions/check-objdump
-        name: Check Mitigation flags in TM Enclave
-        with:
-          filename: "tendermint_enclave.signed.so"
-          min-fence: "1000"
-          version: "v1.9.0"
 
   Release:
     needs: [

.golangci.yml

@@ -1,51 +1,6 @@
 run:
   tests: false
   timeout: 5m
-  skip-files:
-    - x/registration/internal/types/reg_keys.go # uses auto generated code
-    - x/registration/internal/types/ias_bin.*?.go # auto generated
-
-linters:
-  disable-all: true
-  enable:
-    - dogsled
-    - exportloopref
-    - errcheck
-    - goconst
-    - gocritic
-    - gofumpt
-    - gosec
-    - gosimple
-    - govet
-    - ineffassign
-    - misspell
-    - nakedret
-    - staticcheck
-    - stylecheck
-    - revive
-    - typecheck
-    - unconvert
-    - misspell
-    - nolintlint
-
 issues:
-  exclude-rules:
-    - text: "var-naming"
-      linters:
-        - revive
-    - text: "ST1003:"
-      linters:
-        - stylecheck
-    - text: "commentFormatting"
-      linters:
-        - stylecheck
-        - gocritic
-    - text: "dupSubExpr"
-      linters:
-        - gocritic
-    - text: "// nolint` should be written without leading space as `//nolint"
-      linters:
-        - nolintlint
-    - text: "G115:"
-      linters:
-        - gosec
+  exclude-files:
+    - x/compute/internal/keeper/test_common.go

Makefile

@@ -168,7 +168,7 @@ _build-linux:
 	BUILD_PROFILE=$(BUILD_PROFILE) FEATURES="$(FEATURES)" FEATURES_U="$(FEATURES_U)  light-client-validation go-tests" SGX_MODE="$(SGX_MODE)" $(MAKE) -C go-cosmwasm build-rust
 
 build-tm-secret-enclave:
-	git clone https://github.com/scrtlabs/tm-secret-enclave.git /tmp/tm-secret-enclave || true
+	git clone --branch mrenclave1 https://github.com/scrtlabs/tm-secret-enclave.git /tmp/tm-secret-enclave || true
 	cd /tmp/tm-secret-enclave && git checkout main && git submodule init && git submodule update --remote
 	rustup component add rust-src
 	SGX_MODE=$(SGX_MODE) $(MAKE) -C /tmp/tm-secret-enclave build
@@ -190,7 +190,7 @@ deb-no-compile:
 	chmod +x /tmp/SecretNetwork/deb/$(DEB_BIN_DIR)/secretd /tmp/SecretNetwork/deb/$(DEB_BIN_DIR)/secretcli
 
 	mkdir -p /tmp/SecretNetwork/deb/$(DEB_LIB_DIR)
-	cp -f ./go-cosmwasm/tendermint_enclave.signed.so ./go-cosmwasm/librandom_api.so ./go-cosmwasm/api/libgo_cosmwasm.so ./go-cosmwasm/librust_cosmwasm_enclave.signed.so /tmp/SecretNetwork/deb/$(DEB_LIB_DIR)/
+	cp -f ./go-cosmwasm/librandom_api.so ./go-cosmwasm/api/libgo_cosmwasm.so ./go-cosmwasm/librust_cosmwasm_enclave.signed.so /tmp/SecretNetwork/deb/$(DEB_LIB_DIR)/
 	chmod +x /tmp/SecretNetwork/deb/$(DEB_LIB_DIR)/lib*.so
 
 	mkdir -p /tmp/SecretNetwork/deb/DEBIAN
@@ -468,15 +468,13 @@ prep-go-tests: build-test-contracts bin-data-sw
 
 go-tests: build-test-contracts bin-data-sw
 	# SGX_MODE=SW $(MAKE) build-tm-secret-enclave
-	# cp /tmp/tm-secret-enclave/tendermint_enclave.signed.so ./x/compute/internal/keeper
 	SGX_MODE=SW $(MAKE) build-linux
 	cp ./$(EXECUTE_ENCLAVE_PATH)/librust_cosmwasm_enclave.signed.so ./x/compute/internal/keeper
 	GOMAXPROCS=8 SGX_MODE=SW SCRT_SGX_STORAGE='./' SKIP_LIGHT_CLIENT_VALIDATION=TRUE go test -count 1 -failfast -timeout 90m -v ./x/compute/internal/... $(GO_TEST_ARGS)
 
 go-tests-hw: build-test-contracts bin-data
 	# empty BUILD_PROFILE means debug mode which compiles faster
 	# SGX_MODE=HW $(MAKE) build-tm-secret-enclave
-	# cp /tmp/tm-secret-enclave/tendermint_enclave.signed.so ./x/compute/internal/keeper
 	SGX_MODE=HW $(MAKE) build-linux
 	cp ./$(EXECUTE_ENCLAVE_PATH)/librust_cosmwasm_enclave.signed.so ./x/compute/internal/keeper
 	GOMAXPROCS=8 SGX_MODE=HW SCRT_SGX_STORAGE='./' SKIP_LIGHT_CLIENT_VALIDATION=TRUE go test -v ./x/compute/internal/... $(GO_TEST_ARGS)

README.md

@@ -202,7 +202,7 @@ Before you run your dev node, you need to point to the shared libraries needed b
 ```
 export SCRT_ENCLAVE_DIR=~/SecretNetwork/go-cosmwasm
 ```
-In order to run __secretd__ you need to have built _librust_cosmwasm_enclave.signed.so_ and _tendermint_enclave.so_.
+In order to run __secretd__ you need to have built _librust_cosmwasm_enclave.signed.so_.
 The latter can be built by cloning:
 ```
 git clone git@github.com:scrtlabs/tm-secret-enclave.git ~/tm-secret-enclave
@@ -212,12 +212,8 @@ This repo also uses submodules:
 cd tm-secret-enclave
 git submodule init
 git submodule update --remote
-```
-and build _tendermint_enclave.so_:
-```
 make build-rust
 ```
-You may want to copy _tendermint_enclave.so_ to ~/SecretNetwork/go-cosmwasm
 
 Run `./scripts/start-node.sh`
 

app/ante.go

@@ -2,11 +2,15 @@ package app
 
 import (
 	"cosmossdk.io/core/store"
+	circuitante "cosmossdk.io/x/circuit/ante"
+
+	"github.com/cosmos/cosmos-sdk/codec"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 	"github.com/cosmos/cosmos-sdk/x/auth/ante"
 	"github.com/cosmos/ibc-go/v8/modules/core/keeper"
 
+	govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper"
 	"github.com/scrtlabs/SecretNetwork/x/compute"
 )
 
@@ -15,6 +19,9 @@ import (
 type HandlerOptions struct {
 	ante.HandlerOptions
 
+	CircuitKeeper         circuitante.CircuitBreaker
+	appCodec              codec.Codec
+	govkeeper             govkeeper.Keeper // You'll need the keeper to access stored mrenclave hash
 	IBCKeeper             *keeper.Keeper
 	WasmConfig            *compute.WasmConfig
 	TXCounterStoreService store.KVStoreService
@@ -39,8 +46,9 @@ func NewAnteHandler(options HandlerOptions) (sdk.AnteHandler, error) {
 	}
 
 	anteDecorators := []sdk.AnteDecorator{
-		compute.NewCountTXDecorator(options.TXCounterStoreService),
+		compute.NewCountTXDecorator(options.appCodec, options.govkeeper, options.TXCounterStoreService),
 		ante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first
+		circuitante.NewCircuitBreakerDecorator(options.CircuitKeeper),
 		ante.NewExtensionOptionsDecorator(nil),
 		ante.NewValidateBasicDecorator(),
 		ante.NewTxTimeoutHeightDecorator(),